The Pentagon’s Move to the Cloud is Right but Presents Unique Challenges
The U.S. Government’s move to the cloud is absolutely necessary. But it will be a decidedly complex undertaking. These are the primary conclusions I drew from a conference on the evolution of federal IT held by the Lexington Institute on Capitol Hill on November 3. Speaking at this event was a stellar array of individuals from leading private sector firms such as Amazon Web Services, SAP, The Carlyle Group, CSRA (now General Dynamics Information Technology), Perspecta, CrowdStrike and NetApp. Also providing comments were representatives from the federal government with vast experience in IT, cloud implementation and cybersecurity.
The speakers were of one mind when it came to cloud computing. While not a panacea, moving government IT activities to the cloud is imperative. Operating in the cloud holds out the promise of improved cybersecurity, better data management and information sharing, faster access to cutting-edge technologies and reduced costs. Advances in IT, including the Internet of Things (IoT), artificial intelligence (AI), augmented reality, blockchain and autonomy will be made substantially more effective when nesting within an architecture that centers on cloud computing.
It is important to point out that as far back as 2009, the Obama Administration made migration to the cloud a priority for federal departments and agencies. The Obama White House released its Cloud Computing Initiative which asserted that moving to the cloud would improve the pace by which government could access leading-edge IT capabilities while simultaneously reducing costs. At the same time, advocates for this major shift in federal IT procurement policy recognized that the change would take time and require addressing issues such as security, privacy, standards, information management, and procurement policies.
The move to the cloud is a two-way phenomenon. By this I mean it is not merely a matter of changing the way government departments and agencies operate their networks, house their information or procure IT services. Moving to the cloud will inevitably promote changes in the way these same government organizations are structured and operate. For example, the value of aligning with the cloud architecture regarding faster response, the availability of applications and lower costs should put an end to the tendency of government customers to demand customization of software systems and applications.
Operating in the cloud will do more to break down information stovepipes than all the directives signed out by senior government officials. The operating model in a cloud environment is essentially one of sharing. This is inherent in the various cloud service models such as Platform-as-a-Service, Software-as-a-Service, and Infrastructure-as-a-Service. Additionally, the availability of data in the cloud is an incentive for sharing. Entirely new business models based on data sharing, such as those employed by Airbnb and Uber, have been created.
The federal government, including the Department of Defense (DoD), has made progress in moving to the cloud. Today there are hundreds of active federal cloud contracts. They tend to vary widely regarding scope, scale, duration, and capacity to access advanced technology. Many simply involve the transfer of infrastructure from government-owned and operated data centers to those provided by the private sector. Some are private clouds operated by commercial companies, meaning that they are segregated from other cloud operations and controlled by the contracting department or agency. Others are fully public where government data and applications cohabitate in the same environment as other users.
DoD and the Intelligence Community support some of the largest government clouds. Two examples are milCloud, operated by the Defense Information Security Agency (DISA), and the Commercial Cloud Services contract which is available to all 17 intelligence agencies. DISA has released a request for proposals for the Defense Enterprise Office Solution contract, which will be a multi-year, multi-billion-dollar, single source award.
Yet, despite the top-down pressure to move aggressively towards the cloud, progress by government departments and agencies has been relatively slow. Until recently, no part of the federal government had met the Office of Management and Budget’s target for spending 15 percent of its IT resources on cloud service. Moreover, according to a study by Gartner, less than 5 percent of government private cloud environments have the full characteristics of the cloud.
The reasons for the relatively slow pace of cloud adoption were discussed at length by the participants at the Lexington IT conference. They range from reluctance to adopt new technologies and a new operating/contracting model, to security concerns, the importance of data sovereignty, the difficulties of migrating data and applications, lack of resources and sheer bureaucratic resistance. Most information that could be migrated to a cloud has compliance and regulatory requirements that must be addressed. When intelligence information is involved, there are additional restrictions and controls, some of which are the purview of the generating agency and not the user. As one speaker observed, while the goal is migration to the cloud, government agencies, and their private-sector contractors will have to operate for years in a hybrid environment characterized by a mix of legacy systems working alongside advanced applications housed in the cloud, and data and apps housed in both private and public clouds.
The Trump Administration has recognized many of these issues in its draft Cloud Smart Strategy. For example, the strategy points out that “moving an application from a traditional data center to a virtualized infrastructure vendor generally does not enable automatic application scalability with increased user demand.”
It is the complexity of migrating critical government data and activities to the cloud that was at the core of DoD’s decision to structure its Joint Enterprise Defense Infrastructure (JEDI) as a single award and to ensure the ability of the winner to make the security of information migrated to the new cloud a high priority. Until DoD has worked through the challenges associated with moving to and operating in an enterprise-wide cloud environment and instituted the organizational and operational changes required to take advantage of the speed and flexibility of a robust cloud environment, it makes no sense to add the challenge of simultaneously operating multiple clouds. It is important to have a strategy for moving to the cloud and to enable the myriad DoD components to have the time to figure out how to use the JEDI vehicle effectively.
Daniel Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Goure has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC. Read his full bio here.