This agency tech shop is all-in for cloud computing

Cloud computing has come a long way in the federal government. It took a while, but finally, agencies are seeing tangible benefits.

I recall an early vendor session detailing cloud computing and its benefits. A decade ago, I’m not sure everyone got it.

Fast forward to now. Today, dozens of cloud services providers vie for government business. A shrinking number of agencies operate their own email systems. A shift in thinking has occurred. At first, White House policy was pushing cloud computing on agencies. Now agencies are pushing for faster conversion of applications to cloud.

Why? Because cloud computing has proven to be both a money-saver and a flexibility-enhancer.

Advertisement

Case in point: The Small Business Administration. In my interview with Deputy CIO Guy Cavallo, he described how SBA equipped thousands of temporary employees to deal with all of the hurricanes and fires. SBA, it turns out, also deals with loans to homeowners, not just small businesses, after disasters. So far, it’s issued $2 billion in disaster loans this year.

In the past, he said, the field workers would need two machines, one at headquarters to run the application and a portable one so they could log on remotely. Cavallo said, “We’d just go out and buy new computers for everyone.” Afterwards, all that gear would be gathered in a corner to collect dust until the next time. Now, everyone has a cloud-hosted virtual desktop, so equipping field temps only requires one computer, not two.

SBA also avoided spending the 45 days it would have taken to acquire thousands of pieces of hardware.

Cavallo also said the contract with SBA’s cloud provider is optimized for the rapid ramp-up and ramp-down disaster response calls for. That’s key, because getting financial benefit from cloud requires agencies to tailor their contracts to the expected usage patterns. Pricing for stable, long-term application instances will be lower per unit than those with short peaks. You might pay a premium for burst capability, but it will be for short periods.

In other words, you can’t ask for free, idle capacity. The cloud provider can’t charge for potential scale-up capacity you’ll never use.

SBA’s loan application system is more than a decade old. Cevallos said by next summer, SBA will have rewritten it to run in a cloud. This task SBA can do for itself because it’s an agency-specific application.

But I’m hearing from a growing number of federal techs that they want multi-agency applications adapted to the cloud. Cavallo provides another example. Namely, continuous diagnostics and mitigation, the required strategy for cybersecurity.

“We refused to do an on-premise CDM implementation,” Cavallo says. Here again, the reason was hardware — $300,000 worth of it. “For us, that’s a tremendous amount of money,” he adds.

With the approval of Homeland Security, Cavallo says SBA has finished phase one of a cloud implementation of CDM without buying hardware. Eight tools to help with inventory reside in the cloud in this phase. Cavallo says he’s working with DHS to simplify the cloud CDM stack. Each product has so many components and update cycles, they start to attack one another, he says.

“To me, it’s much easier to keep security tight if we can simplify it instead of complicate it,” Cavallo says. Still, using the tools in an infrastructure-as-a-service model required some work with the vendors. DHS designed continuous monitoring as an on-premise thing. For the next phase, Cavallo and CIO Maria Roat are working with DHS and other powers-that-be. SBA wants to use cloud-native tools instead.