"The Cloud Powers Government Innovation"

Author: Mark Pietrasanta,
Chief Technology Officer, Aquilent

There’s much talk about the “cloud” and it’s got much of nothing to do with the weather these days. Wikipedia calls cloud computing “a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.” My public relations representative would ask, “What’s the ‘so what’ behind this statement; i.e., what is the benefit to the user?

In the world of government technology, where Aquilent lives and breathes, our customers are looking at the cloud because it reduces capital expenditure (CapEX) requirements for hardware and related expenses, while significantly lowering the barrier to entry to new and innovative technologies. As President Obama continues to mandate a more open government with increased transparency, collaboration, and participation, the ability to fully maximize web-based resources without jeopardizing already threatened budgets is crucial. The cloud computing approach gives significant legs to this objective.

In addition, because cloud-based infrastructures are modernized, they typically embody much stronger levels of security than more outdated web environments. The recent flurry of distributed denial-of-service (DDoS) attacks underscore the need for a web platform that is fully protected with the latest cyber security measures.

As a real-world example, the General Services Administration (GSA) Office of Citizen Services and Communication (OCSC) has implemented a strategic IT roadmap that gives its well-trafficked USA.gov and GobiernoUSA.gov, its Spanish counterpart, a wide range of virtualized improvements. Aquilent worked closely with OCSC and the USA.gov team to develop a strategy and manage its implementation, with a primary objective of achieving a robust and flexible cloud infrastructure.

Also known as an “Infrastructure as a Service” (IaaS) – the foundational component of cloud computing – OCSC’s new web platform enables services to be hosted and deployed in a virtual environment that optimizes and consolidates existing computing resources, promoting more efficient and green computing. The sites are empowered with new robust features to help users better connect with government and OCSC benefits from enhanced scalability, network efficiencies, and reduced hardware expenditures. Resource pooling also virtually eliminates system down times with increased reliability. Security in the virtual environment is maintained at or above the levels of a physical environment.

Through the implementation of the IT Road Map cloud infrastructure alone, OCSC has cut its web hosting and infrastructure costs by more than 75% while increasing its capacity, flexibility, and ability to respond to new initiatives, whether driven by the White House or by the needs of the citizens. The flexibility of the cloud infrastructure dramatically increases the ability of OCSC staff to manage the entire environment and operations, and has freed up a lot of time to work on more value-added functions, such as new features and strategic ideas. Aquilent’s solution put a system in place that provides the latest features and functions available to the citizens who visit USA.gov and GobiernoUSA.gov.

Awards for GSA’s continually innovative approach has earned it such honors as:
• 2009 #1 Federal Web Site by the Brookings Institution
• 2008 GovGab Blog receives 9 out of 10 rating by Blogged.com
• 2008 #1 Federal Web Site by the Brookings Institution

The benefits of cloud computing are clear, and government agencies are recognizing that the term “web security” is no longer an oxymoron. Virtualized resources are helping to make the vision of a more open government a reality.

"Vivek Kundra: Cloud Computing Could Improve Intergovernmental Collaboration"

Funding Rules
Kundra also said he's re-examining federal funding rules that state and local officials say promote poor IT system design and inefficient use of scarce dollars. Shortly after last November's election, representatives from the National Association of State Chief Information Officers (NASCIO) met with President Barack Obama's transition team about modifying rules for spending money given to states for operating federal health care, transportation, social services and public safety programs. NASCIO contends that cost-allocation guidelines and technology requirements tied to these funds often clash with state data-sharing and enterprise architecture initiatives.

"That's an issue we are actively looking at right now," Kundra said. "From my experience with the commonwealth of Virginia [as assistant secretary of commerce and trade] and also the District of Columbia [as chief technology officer], that's an issue that we dealt with and we're actually working with NASCIO to figure out what will be the best path forward."
He said it was too early in the process to reveal specific reforms.

Cloud Store
Speaking Wednesday at a cloud-computing symposium in Washington, D.C., Kundra said he's moving forward with plans to create a storefront where federal government agencies could easily acquire standard, secure cloud computing applications.

"This will abstract all the complexity for agencies. They won't need to worry about FISMA [Federal Information Security Management Act] compliance and certifications. Agencies could provision cloud services in a real-time basis from a simple storefront. We're looking at vendors and moving forward," Kundra said.

Making cloud-computing solutions easier to obtain will drive standardization and consolidation in the federal government, he contended.

"What's happened for too long is a debate over how to consolidate. This discussion hasn't led to deliverables," he said. "We haven't been able to move forward because we make it too hard and too complex. There are too many steps to provision cloud services. It's easier for agencies to spend 10 times more money to build services that are already out there."

Private Cloud
Although consumer cloud technologies could dramatically simplify government's ability to acquire common services, Kundra acknowledged that approach won't work for tasks involving sensitive federal data. He said a private cloud could be developed for these activities, and he's working with an 11-member group of federal CIOs to sort out which data is suitable for consumer cloud applications and which data must be housed on government-owned infrastructure.

"We will build a center of gravity around information technology. It makes no economic sense to continue to plow capital into agency data centers," he said. "Part of the challenge is to think how we hit the reset button on that and figure out how to share resources across the board."

Vivek Kundra's Five-Point Plan
But Kundra's key message was the five areas he is focusing on in the administration's agenda:

1. Open and transparent government. Kundra said the level of transparency in the Obama administration will be "unprecedented" so that Americans "know where the money is going."
2. Lowering the cost of government. "We spend $71 billion on IT annually. Unfortunately some of those investments have not paid dividends," said Kundra, who used to track the District of Columbia's IT programs as if they were a portfolio of stock investments. "Historically government has not done a good job of defining its requirements during the bidding process," he added. Likewise, the private sector has sometimes overpromised the potential for emerging technologies. Kundra wants to see both the public and private sector do a better job when it comes to evaluating technologies before making an investment.
3. Cyber-security. Kundra simply labeled this issue "crucial." He called for government to be better prepared to respond and highlighted work at the state level, particularly New York's Information Sharing and Analysis Center as a possible model for cyber-security collaboration.
4. Participatory democracy. To ensure Americans have a voice in government, Kundra is working with his colleague, Beth Noveck, who is deputy director for open government in the Office of Science and Technology Policy within the executive office of the president. Together they're creating a platform that engages citizens in a meaningful way. Noveck, who spoke earlier in the day to NASCIO, said many of the existing methods of engaging participation don't generate useful results. Her office is involved in creating new methods that will fix the problem.
5. Innovation. The CIO hopes that he can urge the federal government to step outside of its typical way of thinking when it comes to IT and find new, innovative and less-costly ways to leverage technology. If that happens, government would become less complex to the ordinary citizen, he said. "In these tough economic times, the public sector needs to think about the promise of technology, How do you leverage innovation and how [do you] bake that into the culture, so you can encourage innovation and boldness?"

Kundra ended by mentioning some of the bold efforts undertaken by CIOs in several states, and how they are leading to a shift away from the old ways of using computers and his hopes to replicate that kind of change within the federal sector.

But as one former government CIO, who asked not to be identified, pointed out, "Federal CIOs have strong views on what they should be doing with IT. Bringing about the change Kundra envisions won't be so easy."

"Looking at IT Governance Through the Clouds"

Author: Michael Wood
Michael Wood is a CPA, and Subject Matter Expert on IT Strategy and Business Process Improvement
June 9, 2009

With the advent of the Cloud Computing and Software as a Service (SaaS) space, new issues related to IT Governance are emerging for both the provider and customer. These governance issues run deep as they impact the development practices, application architecture, infrastructure, deployment, utilization, control and continuity management aspects of the IT governance spectrum.

For the majority of organizations, the use of Service Level Agreements (SLAs) provides the answer to most of the issues between provider and customer. However, no number of SLAs can satisfy the customer organization’s responsibility to exercise due diligence in satisfying itself and its auditors that core business functions run via a Cloud Computing environment are properly managed, controlled, resilient to disruptions, safe from disasters, safe from theft and misuse and more. Once the information asset is no longer under the control of the enterprise, things get rather dicey.

While traditional environments are subject to the same governance requirements as Cloud Computing, the inherent loss of control of data and the difficulty in identifying and troubleshooting transaction failures raises a whole new set of issues. The risk factors, while statistically may seem lower than traditional environments, are in fact much greater. Basically, when an organization uses Cloud Computing resources, it has abdicated its ability to effect repairs and recovery of systems and data should something go terribly wrong. To management and auditors this poses a substantial problem. All the guarantees in the world are meaningless if the provider can’t indemnify the using organization against harm, and quantifying that harm could be close to impossible. In the name of cost savings, speed of deployment and application flexibility, organizations could unknowingly be risking their very existence should a catastrophic disruption in service occur. The damages to a billion-plus-dollar enterprise could literally be the entire value of the enterprise. And should that catastrophe effect multiple organizations, then what?

Don’t get me wrong, the potential of Cloud Computing is amazing and hard to resist. However, the risks are equally amazing as mission critical applications and data are taken out of the control of the enterprise accountable for their integrity, security and control. Therefore, when choosing a provider it is imperative extended due diligence be performed by an independent third party.

"Researching Cloud Computing Offerings"
Embracing The Cloud Is Not Easy, Especially When The Idea Itself Is Evolving
By John Brandon

In a data center, moving targets are always the hardest to track. With cloud computing, not only is the target “moving” and evolving, but it’s also often hard to define. For some, it means storing all applications and data in a remote data center. Others define it as offloading a few noncritical services to a provider who can assure data integrity. The cloud often means abstracting data from the hardware layer, akin to virtualization, but it could also be the future of all data processing.

To help you develop a sound cloud computing strategy, we tapped several experts to share their insight and knowledge, with guidance meant specifically for a small to medium-sized enterprise considering the cloud.

Offload Extraneous Services

No matter how you define the cloud, most experts view it today as a way to off-load services to a provider, as opposed to a technology that warrants wholesale replacement of servers or storage—even in a small enterprise. There are issues related to security and privacy, and the field of cloud computing is still too new as an industry for a company to consider replacing infrastructure with the cloud.

“SMEs should look at receiving services from the cloud that might otherwise be too complex for them to set up themselves or become much more affordable through greater economies of scale,” says Kristof Kloeckner, a CTO at IBM in charge of cloud computing. “Good examples are business resiliency and information protection services, as well as collaboration services. Utilizing overflow capacity in the cloud for highly variable or seasonal workloads is also an attractive opportunity.”

Security Is An IT Concern

According to Simon Crosby, the CTO at Citrix (www.citrix.com), companies that choose to use cloud services should realize that security is an internal concern, not an external issue. Cloud vendors may provide assurances about data security, but the ultimate responsibility falls on the IT department and data center, not on the vendor. For a small to medium-sized enterprise, it might be easy to hand off security management as part of the cloud service. For example, if a company decides to use a cloud provider for a parts inventory system, the SME should be highly involved in terms of authentication, passwords, encryption, and backup for that inventory system and not just rely on the provider to make sure the database is secure. In a discovery for litigation, saying that the company thought the cloud provider would secure the data would not be a good defense—it’s important to show how internal IT is involved.

“It is the responsibility of the organization, not the service provider, to secure valuable data,” says Crosby. “Likewise, detailed service-level agreements need to be put in place to ensure reliability and sustainability for a technology that is outside of the enterprise.”

Look For Cloud Optimization

Merely offering a cloud service is not exactly helpful to a data center: The services must be optimized and well-suited to the needs of the organization. Raejeanne Skillern, a product manager at Intel, says optimization is key for an SME that may decide to choose cloud services meant for a much larger organization and that an SME’s homogenous environment requires customization.

“Large cloud service providers can achieve up to 10x efficiencies over traditional IT through optimized technologies,” says Skillern. “Although you may not be deploying thousands of servers like Microsoft or Google, there are CPU, platform, and software optimizations available through Intel, in collaboration with leading OEMs, that can be applied to smaller deployments to maximize cloud architecture investments through increased power efficiency, server utilization, and application optimization.”

Not All Applications Are A Good Fit

As an all-encompassing term, cloud computing often seems like an all-or-nothing prospect. Patti Dock, COO of DataMotion (www.datamotion.com), a company that provides governed integration and collaboration managed services, says that not every application is a good candidate for cloud infrastructure, especially those that require fast performance.

“Not all applications should be moved to the cloud,” says Dock. “If you are doing things where the entire process is in-house, why put the process in the cloud? If something requires millisecond response time and speed is critical, the cloud may be impractical. Then there is the issue of licensing restrictions. Or think about having someone have access to your mainframe application ‘from the cloud’—IT operations wouldn’t be too excited about that prospect.”

Implementing Cloud: Bonus Tips