The Agriculture Department and the General Services Administration have been out in front of the federal government’s move to the cloud for a decade.
USDA was among the first agencies to take their email to cloud in 2010. It also was the first agency to test out the IT Centers of Excellence, which included a specific focus on data center consolidation and cloud adoption.
GSA, both internally and from an acquisition perceptive, has made cloud services a focus since it bucked the trend and moved to Google for office productivity tools and launched an email-as-a-service contract vehicle in 2011.
So like the old EF Hutton commercial — I know I’m dating myself — but when GSA and USDA talk, other agencies should listen.
The latest examples of where the federal cloud effort is heading next, what could be called the third phase of this journey, is focused on governance, or in less boring talk, controlling cloud sprawl or herding the cloud cats, or — well you get it.
“I do think agencies are trying to figure out what the governance model is and how can they manage all their different subscriptions,” said Susie Adams, the chief technology officer Microsoft federal sales, in an interview with Federal News Network. “What we are seeing is agencies are taking a hard look at DevSecOps, and what tools, what policies and procedures and how automation can be used to deploy software and capabilities into the different clouds. The trend we also are seeing is around Kuberneties clusters and running containers on multiple platforms and managing them through a single pane of glass.”
USDA’s new cloud working group is all about creating that single pane of glass.
Gary Washington, the Agriculture chief information officer, said the internal CIO council created the group in July.
“The USDA Cloud Working Group is an Office of the CIO and mission area collaboration effort to identify and document best practices and lessons learned regarding all aspects of cloud adoption, purchasing, implementation, management and impact on the USDA mission,” Washington said in an email to Federal News Network. “This working group is co-chaired by mission area assistant CIO Sergio McKenzie of the Market and Regulatory Programs (MRP) and associate CIO of Digital Infrastructure (DISC) David Peters, from my organization. All mission areas and OCIO centers are represented on this working group and will participate in the working group’s initial projects.”
While Washington didn’t identify the initial projects, he said the working group, generally, will meet every two weeks, particularly for the first 90-days where they are focused on cloud adoption and management deliverables.
“A USDA-wide cloud adoption and management vision along with its associated implementation strategies that advance mission delivery on behalf of every program throughout USDA,” Washington said. “We expect the work group to assess our cloud acquisition approaches and policies. We expect a cloud community of practice to be a logical outcome of this working group.”
Over the short and long term, the working group’s goals are trying to change cloud from a back office, network issue to one that is the mission or program areas’ charge.
“The group’s goal is to drive continuous improvement in the delivery of USDA’s mission through continued IT modernization and updated policies to support the technology. Cloud technology can improve USDA’s mission by improving the interfaces that USDA interacts with its stakeholders, accelerating the sharing and analysis of data, and reducing total cost of operations,” Washington said. “The increased awareness and standardization elements should also have strong incremental benefits that enable continued security management and Federal IT Acquisition Reform Act (FITARA) score improvement as well.”
Microsoft Federal’s Adams said while she is not specifically familiar with USDA’s working group effort, many agencies are trying to bring some sense of semblance into their cloud efforts.
“The main trend I’m seeing is how to grasp all of this and make it more prescriptive for people who are deploying services. How can we create landing zones or infrastructure-as-code and compliance-as-code so you are running scripts and put governance on top of it all,” she said. “It’s based on rules-based access so they can’t modify and change it. You are managing how folks are deploying and managing cloud instances and making sure it’s secure. We get a lot of questions about what is a good governance model, and how can it be managed so you are keeping your finger on the pulse in this hybrid world.”
Cloud marketplace RFI coming soon
This hybrid world that most agencies will continue to live in for the foreseeable future is driving GSA’s latest effort.
In the coming weeks, GSA will release a request for information (RFI) to create a cloud marketplace bringing together service providers, integrators and other vendors to create a one-stop shop for implementation and management of cloud services.
Laura Stanton, GSA’s assistance commissioner of the Office of the IT Category in the Federal Acquisition Service, said at the recent GSA industry day sponsored by FCW, said phase one of the marketplace should be in place in fiscal 2022.
“We are beginning to understand more about how agencies need to be able to buy cloud and once they buy it, how they need to govern and manage it,” she said. “We want to put together a framework and a contractual vehicle that will allow the agencies to buy these core cloud services that we are seeing them need more and more.”
The need for support services can been a common theme across this journey to the cloud
The evolution of cloud buying started back in 2011 with the e-mail-as-a-service blanket purchase agreement, which for all intents-and-purposes came about too soon and struggled. GSA soon after created a cloud special item number (SIN) under its schedules program. And then it developed blanket purchase agreement on top of the schedules for things like the Defense Department’s Defense Enterprise Office Solutions (DEOS) contract.
Stanton said the marketplace will provide agencies a more agile framework for buying and managing cloud services.
“We’ve learned a couple of things. There is a whole post-award governance that agencies need to manage their cloud services. We know that there are professional IT services agencies need when they buy the licenses,” she said. “So instead of having to do those separately or each agency having to build in the necessary requirements, or even having to build in their own separate baseline security requirements with FedRAMP, we are looking at what are those foundational set of requirements, say FedRAMP moderate, and how do we build them into the marketplace so agencies don’t have to worry about it. They can get everything they need to be able to develop an entire cloud solution. Part of the reason for that is we keep hearing agencies have to go to multiple places to buy cloud.”
What GSA and USDA’s initiatives continue to demonstrate is that there is no one approach to managing cloud services. But, as Microsoft Federal’s Adams said, no matter if an agency is taking a centralized or a decentralized approach, many of the questions are the same: How best can you secure the cloud? How best can you manage the services? And, how can use cloud to support mission goals?
“A lot of times IT shops are still run as traditional IT shops where they control the modernization projects, so the next thing we will start to see is a change where the mission owners will get funding to be able to modernize and the IT shop will provide governance and management of the environments.”
It’s clear the future of cloud services will be drive by the mission needs, putting the pressure on the CIO shops to create the guardrails to ensure success.