It’s been more than five years since federal chief information officers have been focusing on cloud computing. The Office of Management and Budget issued its cloud-first policy in February 2011. The cloud security program known as the Federal Risk Authorization and Management Program (FedRAMP) launched in June 2012.
But only now is cloud both a top priority for federal CIOs and is there recognition by the Office of Management and Budget that more help is needed to move past the “low-hanging fruit” and move mission critical applications to the cloud.
“We are at an inflection point right now. We have come to the realization that the first line that we took on this was ‘cloud-first’ and the encouragement of the adoption of cloud so it’s no longer a conversation about if, but when and how. The how is starting to become thorny because agencies are actually starting to delve into it now and running into what we are calling cloud adoption blockers,” said Margie Graves, who is on detail to OMB from the Homeland Security Department, during the Tech Trends conference sponsored by the Professional Services Council in Arlington, Virginia. “We are talking with each of the agencies and we are trying to gather the common threads of what those blockers might be and try to solve them holistically across the federal government and provide some guidance to allow folks to adopt these solutions going forward.”
During those meetings with agencies, OMB is asking several important questions, including whether they are cloud ready, do they understand cloud security posture and do they have the right contract clauses.
“Things that are blocking from a policy standpoint, we intend to highlight those and take care of those,” Graves said. “We intend to get those obstacles out of the way. We are in the beginning process of doing that.”
Removing real or perceived barriers is more important than ever as federal CIOs told the 26th annual survey of these IT executives by Grant Thornton and the PSC that cloud moved into their top five priorities for the first time.
Along with cybersecurity, the workforce, IT acquisition and legacy system modernization, George DelPrete, a principal with Grant Thornton and the lead of the 2016 CIO Survey, said CIOs have entered the how stage with cloud, but only 5 percent of the respondents said they were where they wanted to be. DelPrete said CIOs feel less prepared for the cloud than they did last year as in the 2015 survey, 8 percent of the respondents said they were they wanted to be with cloud implementation.
“The adoption is happening very slowly. This was one of the most surprising things to me in the survey. There are multiple cloud adoption blockers that CIOs still struggle with,” DelPrete said during an interview on Ask the CIO. “How to manage their data? Dealing with the security? Figuring out how to operationalize the cloud? Negotiating good contracts are among the many issues they are still working to navigate through right now.”
DelPrete said industry could do more to help educate the federal community about what works in cloud and creating some use cases on cloud migration.
“It becomes complicated when you start talking about moving databases into the cloud. What parts do you move? Are they ready to move? How do we do that evaluation and come up with an effective plan to establish a migration? What are we going to get when we move? What is the business case for it? And doing a cost study so they know what improvements they will get from moving to the cloud,” he said.
DelPrete said CIO’s highlighted a couple of big blockers ranging from the culture changes needed among contracting and legal staff as well as the long-standing security, architecture and interoperability challenges.
The move to cloud is part of the Obama administration’s push to modernize legacy IT.
The PSC/Grant Thornton survey found CIOs are spending 73 percent of their IT budgets on older systems. This is a bit higher than OMB’s own data, showing about 68.6 percent of the federal IT budget on operations and maintenance of legacy systems.
DelPrete said the survey hasn’t showed much of a change in terms of the spending swinging back toward development, modernization and enhancement of technology systems.
Richard McKinney, the Transportation Department CIO, said during the Tech Trends panel discussion that through the use of the cloud and under the Federal IT Acquisition Reform Act (FITARA), he’s been able to apply network and security standards.
“Our network was the child of many hands. There was no overarching architectural approach to our network. It was result of roughly 10 operating administrations designing and maintaining our network,” McKinney said. “Trying to defend that and protect that network was hard. We didn’t even have a good blueprint; no one could map it out.”
McKinney said through FITARA and the improved relationships with DoT’s chief financial officer and other executives, he received some “extra” money to address network and cyber challenges.
“I hired a network engineering firm who came in and did a discovery of our network with the idea of mapping it out. I set out thinking if we move to the cloud, that infrastructure becomes the data center so it was important to understand how we are connected and what we are connected to, and the traffic on the network. We set out thinking this would be a good place to start in moving to the cloud,” he said. “Something happened on the way to that discovery, we discovered that we had several hundred network end points that we didn’t even know about. I don’t say that to shock the room, and I don’t say it to disparage my operating administrations, but the truth of the matter is we didn’t even understand our network. It was so sobering and it was highly instructive to the conversation about how we move into the future.”
McKinney said the network end points and devices weren’t being well managed and lot of it was “end of life.” He said it helped shape the areas DoT needed to improve the governance of IT and spending.
“I think it has shown us the weakness of trying to do IT in a decentralized way,” he said. “Now we are in the enviable position of knowing what we have. We are making modifications to it, and the same company will help us understand our ideal state of our network. This network was constructed to be easy to use so it was very flat, and we weren’t doing the kinds of network architectural things that an organization of our size needs to do. So this is affording us the opportunity to rethink our network and no one is defending the status quo because it’s indefensible.”