There’s a five-letter word that’s used all the time in government — some would argue too much.
You hear it at conferences, Capitol Hill hearings and in email announcements likely coming from your IT department. It’s even gone mainstream. That word is cloud.
But despite all the talks about cloud computing and its variations, there’s still a steep learning curve when it comes to execution.
Why is that? There isn’t a shortage of expert commentary, reports and discussions about the topic. It seems most vendors have a plan for getting agencies to the cloud, or at least they claim to. And it’s not like cloud is a foreign concept to government.
The reality is the cloud isn’t as clear-cut as it appears on paper or as smooth as it sounds coming from the podium of a D.C.-area event.
“I believe cloud has become a bit of a buzzword, with a variety of definitions concluded by individuals,” said Sarah Millican, Digital Strategist for the Federal Communications Commission Chief Information Officer. “All too often there’s excitement across government to leverage cloud computing to reduce legacy IT burdens, without the practical guidance and steps to do so.”
The desire to fill that gap has morphed into a grassroots effort called the Cloud Center of Excellence (CCoE) that includes more than 100 representatives from small, medium and large agencies — both civilian and defense.
The group’s latest deliverable is a cloud survival guide with different scenarios that simulate what these various agencies are likely to face when buying cloud services. The 62-page document is currently in draft form but making its rounds in government and industry.
“The goal of the CCoE is to help other departments and agencies avoid common obstacles in cloud adoption, like contracting, procurement and helping staff embrace the change in business processes,” said Richard Blake, a Deputy Assistant Commissioner at the General Services Administration who leads the Common Acquisition Platform team. “It addresses interagency resources to support securing cloud services and the often forgotten education of the workforce to survive and thrive in a cloud-based world.”
This level of commitment and coordination around cloud — or many government efforts for that matter — usually comes through mandates, not organically.
People have daytime jobs with responsibilities, so even noble projects after hours or during lunch breaks can be taxing. “We have folks around the room who really care about this,” Millican said. “At the end of the day you need a strong leader.” She acknowledged the GSA and FCC visionaries who were key in bringing so many people together around a common goal. In addition to having the right visionaries, branding was equally as important.
In January 2017, Blake and several of his team members met with FCC CIO David Bray, Bray’s Senior Advisor Tony Summerlin and Millican to pitch and brainstorm what would eventually become the CCoE.
In February, the CCoE officially launched as an interagency working group aimed at helping agencies and departments move with greater speed and confidence to the cloud. What started out as small group meetings at GSA evolved into cross-agency meetups with various subgroups, meeting minutes and clear objectives.
The meeting minutes became the structure for the draft document, which is formally known as the Cloud Adoption, Survival Tips, and Lessons Experienced (C.A.S.T.L.E.) Guide. It isn’t comprehensive but focuses on key acquisition issues that have historically caused barriers to cloud adoption.
“While this guide endorses the computing services that are fully compliant with the NIST cloud characteristics, the concepts within this guide apply equally well to any IT as-a-service that have consumption-based pricing,” Bray said.
For example, let’s say you’re at a small agency with 1,000 employees. You’re considering an Infrastructure-as-a-Service solution, and you want to roll it out in phases. Many of your current infrastructure services are virtualized.
For agencies in a similar circumstance, the C.A.S.T.L.E. guide provides a to-do list of important items to consider, key questions to ask, and a lengthy discussion section that takes a deep dive into key areas to address. Those areas include risk management and benefit assessment.
“The CCoE builds upon what the government has learned in its journey towards IT modernization, including our successes, mistakes and false starts around cloud computing,” Blake said.
There was skepticism at first around the CCoE’s work because there’s the feeling of been there, done that when it comes to cloud. But after reading the draft document, former skeptics came around. The CCoE also benefited from involvement and support from major cloud players in government, including FedRAMP leaders and procurement professionals on governmentwide cloud contracts.
Next steps for the CCoE include collaborating with the vendor community and incorporating feedback. The guide is a living document, so it will evolve over time. The hope is to have a final version in the next two months for agencies to use.
“We wanted to put something in federal employees’ hands that acknowledge where they were and what they should do based on it,” Millican said.