What a difference a few years make. In the fall of 2007, Google Federal’s Mike Bradshaw held a group presentation before several dozen federal chief information officers. On tap for discussion was cloud computing and ways it could help government agencies better manage data and lower IT costs. The response that day was swift. “I’m not sure I want to put our data in your data centers,” they said, “but come talk to me tomorrow.”
That tomorrow has arrived, big time. For government contractors as a whole, the race is now on to provide cloud services across the entire federal landscape. And, this go-round, government agencies need a lot less convincing that the time is right to step into the cloud.
Certainly, the federal government is no stranger to cloud computing. The shared services environments of old, as well as Software as a service (Saas) solutions, hosted in cloud environments, attest to that. What’s different now is the emphasis on cloud as infrastructure, in response to the statistic that gives every CIO heartburn: Along with file servers and software, hardware consumes nearly a third of the federal government’s annual IT spend of $76 billion — something federal CIO Vivek Kundra has called “unsustainable.” The clincher came this past December, with Kundra’s 25-point implementation plan and its call for agencies to adopt a “cloud-first” policy by identifying three “must move” services — moving one to the cloud within a year, the other two within 18 months.
“I don’t think [the plan] was new ‘news’ to anybody,” said Michael Heath, vice president of federal sales for AT&T Government Solutions, which recently won a blanket purchase agreement for eligibility to provide cloud-based Infrastructure as a Service (IaaS) solutions through the government’s online purchasing portal, Apps.gov. “The government’s announcement,” he adds, “just cast a spotlight on an idea that we need to get moving at a faster pace.”
Get moving, indeed. Among the top priorities Kundra outlined is a reduction in federal data centers by at least 800 (out of 1,100) by 2015. Agencies are already heeding the call, focusing first on email migration. In January, General Services Administration became the first agency to move email to the cloud agencywide, with a contract with Unisys to provide Google Apps for Government. Days later, the Department of Agriculture awarded Dell a contract to move 120,000 accounts onto a Microsoft cloud platform.
This is only the beginning, experts say. “I think you’ll see a healthy take-up in cloud adoption in the infrastructure space, as well as basic core services like email, geospatial, and platform services,” says David McClure, associate administrator of GSA’s Office of Citizen Services and Innovative Technologies. McClure predicts acceleration will occur over the next two years. (In measured steps, he adds.)
With mass migration like this, the question is no longer if or even when the federal government will shift to the cloud. It’s about whom, among a growing pool of contenders, federal agencies will pick to help them get there.
“We are all in the same mode,” said Mark Testoni, president of SAP Public Services. “These are capacities that the private sector has been pushing the agenda toward, and that government contractors have to respond to, or we’re going to lose the business opportunity.”
Maintaining Critical Edge
Among the victors will be those who can navigate evolving business models: everything from shorter IT budget cycles to maintaining relevance (at least, in the case of integrators) in a field in which cloud providers can more easily strike out on their own.
Back in 2008, on the heels of the financial collapse, Puvvada knew capital expenditures for IT upgrades would be at a premium for private sector CIOs and soon enough, their federal counterparts. That same year, Puvvada and Unisys leaders on the commercial side took a look at their five-year history in the cloud, running mission critical data centers and applications, and meted out a five-point strategy. It articulated an array of cloud options (public, community, private and hybrid clouds), as well as cloud-assessment capability.
“We thought government customers needed to understand this is as a much more complex environment,” Puvvada said. “We ended up doing a lot of assessments of workloads and helped agencies target cloud services that would provide them with the most benefit.”
That strategy recently paid off, with the historic GSA win: a $6.7 million contract to migrate 17,000 email accounts.
“In the case of GSA, they expect to significantly reduce costs while giving their employees an IT platform much more conducive to collaborating across regional and organizational boundaries,” Unisys Federal President Ted Davies said of a move that’s expected to save taxpayers $15 million over the course of the five-year contract.
With any big shift, though, questions are bound to linger. “The big issue that people bring up is, ‘The cloud is great — it’s faster, better, cheaper — but is it secure?’” said Daniel Burton, senior vice president of Global Public Policy for Salesforce.com.
Still, that perception is changing, due to solid return on investments for federal customers. In the case of Salesforce.com, one of its customers, the State Department, leveraged the company’s cloud platform to create a custom application that could provide program managers worldwide easy access to up-to-date budget information. The ROI came to 216 percent, within eight months.
For Bates, that engagement comes through tours of 100,000 sq ft. Verizon Federal cloud data centers, located in Miami and Culpeper, Va. The tour shows first-hand security and technology that is available. The centers, which came online in January, build upon the company’s June 2009 launch of its suite of cloud offerings, Computing as a Service solutions (CaaS).
“We’ve made significant investments and extended all resources for these massive data centers that are FISMA compliant to support federal government needs,” Bates said. “It is critical to demonstrate how security is an integral part of every aspect of the data center operation,” he adds, citing Verizon’s attention to every aspect of data center operations, from physical and network security to a full suite of application management tools. The services are supported through a government operations model that meets the management, operations and technical controls required by FISMA.
Recent Verizon strides include becoming the first cloud-based solution to successfully complete the Payment Card Industry’s data security standard audit for credit card protection safeguards, an area of relevance to agencies that handle such transactions.
Another industry focus is transparency. At Amazon Web Services, which now has nearly 20 government agencies leveraging its cloud services, a Service Health Dashboard offers real-time status reports on every AWS cloud service worldwide.
“We believe that if customers see that performance — and see that they’re green, not yellow or red, that will give them comfort,” said Adam Selipsky, vice president of Amazon Web Services.
The company also recently achieved PCI DSS Level 1, a security standard to prevent credit card fraud, and ISO-27001 certifications, a standard from the International Organization for Standardization that defines computer systems’ data security controls. Amazon Web Services is also able to meet federal FISMA certifications; it has attained a FISMA Low at several agencies (Department of Education, Recovery and Transparency Board), and is working toward FISMA Moderate.
“We continue to seek certifications and accreditations that make it easier for government agencies to benefit from AWS,” Selipsky said.
Certification that goes beyond today’s accreditation requirements also tops priorities at Google Federal. In July 2010, it became the first company to receive a FISMA certification for its cloud computing messaging and collaboration suite, a move that came on the heels of media reports that had been calling the cloud a “red herring.”
That focus on foresight continues. “When it comes to security, we’re not stopping with FISMA,” said Google’s Bradshaw. “When we announced Google Apps for Government,” he added, “we also announced that data would be hosted in the U.S., and that government data would be segregated from nongovernment data — neither of which are FISMA requirements.”
Cloud Innovation: What’s Coming
Along with security, agile solutions are the holy grail. “The cloud space comes with a very broad definition, so it requires a broad set of capabilities,” Heath of AT&T Government Solutions said.
Over the last several years, AT&T’s own investment in the cloud has led to several new offerings. Among them, Synaptic Storage as a Service, an on-demand cloud storage solution, and Synaptic Compute Service, pay-as-you-go cloud computing. “Those [offerings] reflect a strategic direction from our product development teams, which have really been strengthened over the last 12 to 18 months, knowing the marketplace is going in this direction,” Heath said.
At SAP, a big focus is cloud-based mobility. The company’s plan, Testoni said, is to have one-sixth of the world’s population leverage SAP’s business management software solutions by 2015. Today, that number is in the millions.
“Our strategy really is to deliver SAP capabilities on premise, on a device through orchestration, and in the cloud,” he said. “We can’t just deliver traditional solutions.”
A key step in that direction was SAP’s August 2010 acquisition of Sybase, an enterprise software and services company that optimizes technologies focused on infrastructure, data storage and virtualization, for delivery into public and private clouds.
“Sybase provides additional bolstering to facilitate mobility,” Testoni said. “We view it as an important component of where we envision the cloud headed in the future.”
That future, for SAP government customers, is focused on three cloud-based offerings: Enterprise Resource Planningcapacities on the cloud, sustainability solutions for field service activities on the federal, state and local level; and business intelligence tools. This past year, SAP scored a major win in the last area, when Recovery.gov, the first fully cloud-powered federal IT project, according to federal CIO Kundra, was built on a SAP application and hosted on the Amazon cloud.
At Amazon Web Services, fueling innovation is an emphasis on small nimble teams. “We believe in eliminating dependencies and breaking work down so small flexible teams can get work done … and [have] as much control over their own technical destiny as possible,” Amazon’s Selipsky said.
Next up, he added, are more back-office type production applications running on AWS, citing the integration of Microsoft’s SharePoint on Recovery.gov as an example. “You’ll see more of these canonical types of back-office applications running, that will be a big trend,” he said.
Meanwhile, innovation extends to industry partnerships, courtesy of multitenant architecture. At Salesforce.com, a government app exchange allows partners to create applications on the architecture — to date, partners have built more than 1,000 of them.
“Suddenly, what you have is not only powerful and scalable, it’s also an innovative platform,” Burton said. Those strides, he added, speak part to a larger vision: to bring the same benefits in cost and flexibility to government that have been seen on the private sector side for the past several years.
“This is not a brand new untested world … in fact, there are very mature companies out there that know exactly what they’re doing,” said Burton, who’s testified before Congress on cloud’s benefits alongside industry leaders such as Amazon and Google.
“I think in the next 12 months, you’ll see cloud computing become a mainstream choice for federal agencies; it’s not going to be the exception,” he said. “Cloud computing is real, it’s here, and its future looks very bright.” ♦