In 2011, the White House mandated a Cloud First Policy, where agencies transitioned email and other non-critical applications over to the cloud. Currently, they are tackling the challenge of moving larger and more complex systems — such as human resources and accounting — to the cloud. This federal-level change has impacted state and local government efforts to digitally transform and move away from larger, outdated legacy systems.
Strict security and privacy rules have helped to standardize cloud solutions for government, but they’ve also posed some challenges. Agencies must ensure their vendors comply with federal requirements, and they face the challenge of following a cloud-first model without disrupting critical processes.
GovLoop sat down with a panel of experts to discuss these challenges and what’s next for cloud transformation. The speakers included:
- Joe Paiva, Chief Information Officer at the International Trade Administration
- Tom Morton, Senior Analyst for Cloud Strategy and Policy in the Defense Department’s Office of the CIO
- Wayne Bobby, Vice President at Infor Federal
- Kurt Steward, Vice President at Infor Public Sector
Here are some tips they offered for transitioning to the cloud.
Look at what has already been done. The speakers first addressed the worry that moving to the cloud will be too much of a change for some. People either have the mindset, “We’ve always done it this way,” or “How will this impact me?” Tied into this is the worry that the shift in infrastructure and applications will distract from the agency’s core mission.
To solve this, Steward described a system of focusing critically on the mission and “getting government out of the way.” Because of early cloud adoption at the state and local level, it is helpful to piggyback off of the work already being done. For people reluctant about switching over, it will be easier and more reassuring to see an existing example of cloud success.
Use existing models. With the flurry of vendors going through the FedRAMP process, it can be difficult to determine which provider meets regulations. Many worry how FedRAMP will impact cloud services. Morton suggested leveraging existing FedRAMP approved providers and then adding the unique controls your agency needs afterward.
This also involves shifting the mindset and enforcing reciprocity.Agencies won't have to repeatedly go through the same assessments. At the state and local level, provisions are laid out similar to FedRAMP, just under a different name. It helps to build off of traditional models and follow a system that has worked in the past.
Consider cost and time efficiency. The DoD is currently working with commercial cloud service providers in a cost effective and secure manner. Moving systems to the cloud takes time that some agencies may not have. However, the advantages of moving to cloud far outweigh the time it takes to transition.
Morton discussed how the DoD is taking steps to increase efficiency. This included awarding contracts to commercial cloud vendors and creating a cloud infrastructure. Currently, an estimated 144 DoD systems use cloud for email and office productivity, Morton said. Applications such as Microsoft Office 365 enable workers to have increased time efficiency and productivity.
At ITA, Paiva described using cloud to meet the agency’s goal of becoming a completely “borderless network.” For efficiency, Paiva suggested using the “lift and shift” method of moving everything to cloud, starting with applications like email.
Align cloud architecture with security. Cybersecurity has been a major limiting factor for cloud transitioning. The concern surrounding cloud is that it’s not secure enough. Morton suggested looking at the architecture of secure cloud computing, where commercial cloud service providers are currently creating secure access points and increasing network boundary defenses. Look at cloud’s capabilities and develop an understanding at an architectural level.
Steward addressed the challenges IT faces in keeping up with changes, especially when dealing with existing legacy systems. Identify what critical IT assets are in your environment and how to secure them. He recommended that agencies “act like a business” and lay out the critical issues cloud can solve and make better.
“Look for critical points of engagement,” Paiva suggested. By knowing where you can afford to spend money, you also know where you can take risks.
From enterprise resource platforms to payroll systems, people are warming up to using cloud in their workplace. When it comes to transitioning to the cloud, it’s all about leveraging what’s already been done. Looking forward, take the time to choose the right cloud vendor and consider how it will benefit your agency and the customers you serve.