Jane L. Snowdon, Ph.D., is the chief innovation officer at IBM Federal and leads the IBM Federal Cloud Innovation Center. She has responsibility for defining and driving strategy and designing new solutions that address client mission requirements through innovation and technology adoption. ()
U.S. federal government agencies are adopting cloud infrastructure and services at a growing pace. Over the past few years, the Department of the Interior, General Services Administration, National Oceanic and Atmospheric Administration, U.S. Forest Service and others have moved ahead with cloud implementations, ranging in scope and size.
As they transition, many of the early adopters are discovering the benefits of implementing a hybrid cloud computing strategy. A hybrid cloud provides both on-premise and off-site resources that allow agencies to gain the cost benefits of a public or community cloud for the applications and data that are appropriate for those environments, while utilizing the security of a private cloud and managing risk for sensitive data and applications. In addition, a hybrid cloud allows agencies to leverage their existing information technology investments and use the best resources for the workload at hand while having the scalability to expand the capacity of the private cloud as needed. Hybrid clouds can also improve resiliency and disaster recovery by using multiple providers. When combined with open standards, a hybrid cloud can deliver the interoperability required to achieve the scalability and agility necessary for a dynamic cloud implementation.
Learn more about hybrid IT and the cloud in an exclusive Federal Times white paper. Click here to download .
As more agencies deploy a hybrid approach, here are a few issues that will influence their move to the cloud.
Risk management in the cloud
Securing a cloud environment requires a tailored approach for both the type of cloud deployment model (e.g., private, public, hybrid) and the role of the key stakeholders, including the federal agency and IT contractor. Each agency and department need to develop a tailored risk management strategy based upon data, application, and infrastructure requirements.
This approach will have to take into consideration the recently updated FedRAMP cloud certification process for civilian agencies. In addition, the Department of Defense imposes additional security controls beyond what FedRAMP requires and appointed the Defense Information Systems Agency (DISA) as the department’s enterprise services cloud broker to manage the use, performance, and delivery of cloud services.
Get more out of the cloud
For agency missions that are sensitive to the performance of an application, bare-metal is the way to go. With a bare-metal server, there is no layer of virtualization between the application and the hardware. This enables more consistency and avoids experiences on large multi-tenant public clouds where the performance of an application can vary over time. A mixed cloud environment of both virtualized and bare-metal can satisfy agency requirements for performance, security, transparency, and flexibility.
Open standards and interoperability
Neither the private sector nor the government desires to build dead-end clouds; many agree that vendor lock-in and the use of proprietary approaches can lead to technology risk. Agencies and private sector organizations that embrace open standards for cloud computing can share in collaboration that has the potential to drive innovation, cost savings, and improvements in portability, interoperability, and security. Industry leaders including AT&T, Cisco, HP, IBM, Intel, VMware and others back OpenStack, an open-source cloud platform that allows organizations to create private clouds that offer compute, network, and storage services.
One example – OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) – is an XML standard that lets users describe the requirements and capabilities of a service template for execution by a cloud provider. The goal of the standard is to enhance the portability of cloud applications and services. TOSCA enables scaling-in, scaling-out, patching, and other functionality.
DevOps and Platform-as-a-Service (PaaS)
Cloud technology is rapidly becoming the new IT status quo. By 2016, more than one-fourth of the world’s applications will be available in the cloud. Approximately 85 percent of new software is being built for cloud deployment. Supporting this software growth is DevOps, a closed-loop open standards approach that provides rapid application development with inherent continuous innovation, feedback, and improvement. In addition to DevOps, the emergence of an integrated open standards approach - Platform as a Service (PaaS) with automated provisioning - further enhances the government’s ability to collaborate, be efficient, make fewer errors, have faster deployment times, and reduce costs.
How will delivering mission-critical services through a hybrid cloud affect federal agencies? Chances are it will change the utilization of resources, the operating costs of business and mission processes, and drive new efficiencies. Agencies that properly develop a comprehensive strategy to leverage new standards, new security, new architecture, and new methods and tools will succeed.