- Tushar Bhavsar,
Founding Board member,
Cloud Security Alliance DC
- Susan Holleran,
Audit and Risk Management,
- Roni Doherty,
Internal Audit Manager,
Fortune 500 Health Sciences Company
- Kelly Yocum
CEO GOVTek & Co-founder
“Cloud computing is revolutionizing how we implement information technology,” said Bhavesh Bhagat, MBA ’97. “It is transforming how agencies and organizations assess and manage their risks.” As co-founder and CEO of the firm Confident Governance, Bhagat is an expert in this growing domain. He helps government agencies of all sizes govern their operations better by offering high-level strategy and nuts-and-bolts technical design as subscription-based services through the cloud.
It appears that more agencies want to make that jump. A survey conducted by MeriTalk last year revealed that 64 percent of federal CIOs thought the cloud will help them reduce costs and improve services. Forty-two percent of IT managers said using cloud services will help them overcome the stormy budget climate.
At a time when the bottom line is driving operational decisions, cloud computing offers an alternative that not only is more cost-effective, but also affords greater transparency in terms of how data is stored and monitored. Going forward, the federal Office of E-Government and Information Technology is requiring that agencies default to cloudbased solutions whenever a secure and reliable cloud option exists.
MAKING THE CLOUD’S CASE
The federal government can be slow to embrace technological advancements. With more than 2 million non-military federal employees, 15 executive agencies, and numerous centers, offices, and divisions, it’s understandable: the benefits must be proven before a change is made.
Yet centralizing desktop computer management has become extremely difficult in recent years. Workers increasingly require access to their office files and network from multiple locations and devices. More than 85 percent of federal employees work outside the Washington, DC, metropolitan area, according to the Bureau of Labor Statistics, and telework programs are growing.
“Instead of acquiring and maintaining resources separately, agencies— and centers within agencies—are able to share basic services in the cloud,” said Michael Lamoureux, MBA ’09, an associate at the management and technology consulting firm Octo Consulting Group.“Outsourcing infrastructure allows internal talent to work on projects of greater value.”
Simply put, the cloud allows agencies to concentrate on their core competencies, rather than worrying about the technical complexities behind their execution.
SAVINGS IN THE SKY
The technology necessary to support its daily operations, including governance risk and compliance, cost the federal government more than $88 billion in 2011—up $8 billion from the previous year. Shifting to the cloud is slowly, but steadily, lowering that figure.
Vendors are replacing in-house experts who install, configure, and run—plus develop, test, and troubleshoot—programs. They also assume responsibility for the physical space to house servers and databases. Consulting firm Booz Allen Hamilton estimates that cloud computing costs are 65 percent lower than traditional IT costs were.
In 2010, Vivek Kundra, the United States’ first chief information officer, mandated a “cloud-first” approach to IT. His Federal Cloud Computing Strategy is now driving the government’s push toward implementation of the cloud. By 2015, the federal government plans to shutter 800 data centers, saving more than $3 billion annually.
“Using cloud and similar technologies, we can now deliver systems and processes at an affordable price,” said Bhagat. “Hardware and software expenses of the past are no longer barriers to efficient operations.”
Bhavesh’s firm, Confident Governance, combines the back-end work of governance experts with front-end
customization. Risk, security, privacy, and auditing specialists weigh in on the back end to guarantee that the front end is a comfortable user interface that’s aligned with an organization’s needs.
“There is no reason for federal agencies to continue to use so many different HR, accounting, and e-mail systems,” Lamoureux said. “It only creates incompatibility and confusion.”
Agencies like the Labor Relations Authority have transitioned to cloud computing and seen promising outcomes. The agency switched from a case management system that used database software to a cloud-based system, eliminating up-front licensing costs of $273,000 and reducing annual maintenance from $77,000 to $16,800.
The US Army, which moved its recruitment tracking system to the cloud, has reduced licensing costs from $83 million to $8 million and increased productivity by 33 percent, according to Info.Apps.gov.
The cloud’s scalability also introduces financial flexibility. Usage-based pricing allows agencies to pay for exactly what they use, without the burden of a contract if and when needs change. Just like electricity, natural gas, and other utility services, the total cost reflects precise usage.
“Managing data is expensive and time-consuming,” said Lamoureux, who recently completed a project on using cloud storage for research needs at the National Institutes of Health. “The cloud has unending capacity and can facilitate data sorting that is not possible on in-house machines. Ultimately, it gives us a smarter way to look at data.”
Reining in fragmented data and infrastructure also aids federal agencies in carrying out successful governance initiatives.
Before the cloud’s arrival, a compliance office or hired contractor had to supervise complex initiatives across an entire organization. Lacking more effectual alternatives, it was difficult to create informed procedures that reflected realtime needs.
Using cloud technology allows organizations to be better custodians of data, more aligned with regulations, and less susceptible to fraudulent acts. While no one can entirely account for human error—intentional or accidental—the cloud can ensure higher levels of accuracy and transparency.
Accessed exclusively over the Internet, applications deliver important business information at the click of a mouse: analytics, fraud detection and prevention, investigation, receivables management, and screening.
“Everyone is using the same software and looking at the same data,” said Associate Professor Gwanhoo Lee. “Rather than loosely connected silos, the cloud is a common repository.”
Organizations can monitor their compliance with specific security standards, industry regulations, and corporate policies through technology rather than people. Data is largely safe from manipulation, since it is collected and housed beyond the four walls of the company; unintended redundancy is also eliminated.
Figuratively speaking, the cloud delivers actionable intelligence that previously took weeks or months to generate and relied on a variety of sources.
One of the major goals associated with cloud adoption is democratizing public-sector information and embracing openness in government. President Obama’s Open Government Directive, issued in 2009, calls for transparency—one of three tenets—to help the public understand the government’s actions and hold it accountable.
Enabled by cloud-based hosting, information is now directly uploaded to the cloud, whereas previously links were provided to data hosted on agency servers. The Federal IT Dashboard—a website that lets agencies, industry, the general public and others view details of federal IT investments—is an example of cloud infrastructure that makes it possible for agencies to provide and host data in a centralized location.
Through standardization and consolidation, the cloud “establishes a framework that allows a degree of insight that was previously unattainable,” Bhagat said.
IN IT WE TRUST
As agencies develop and execute plans to migrate to cloud computing services, protecting how information is accessed and stored is the next major hurdle. The cloud’s widespread adoption has already placed increased emphasis on the field of cybersecurity.
As the government’s strategy has progressed, Kundra—who stepped down in August 2011—has suggested the development of standards in the areas of security, interoperability, and data portability to ensure that information is protected. The standards would also verify that clouds and the computer applications they support are compatible, and that content can be moved from cloud to cloud without jeopardizing access to or integrity of the data.
But while the security apprehensions associated with the cloud are widely known, the potential security benefits are less so. They include the ability to focus resources on areas of high concern as more general security services are assumed by the cloud provider; greater uniformity; and improved backup and recovery.
Bhagat recognized the need to support secure cloud computing when he founded the Cloud Security Alliance Federal Center of Excellence in 2009. Members of the DC-based chapter of the global not-for-profit seek to promote education, research, and development by hosting conferences and workshops, and granting training certificates to those who complete the workshops. In three years, the alliance has attracted more than 100 members.
Beyond building a secure environment, the federal government’s “cloud first” policy seeks to streamline implementation. To that end, the federal government will adopt an “approve once and use often” approach. Once vetted, a vendor will be added to an approved list for future use by agencies that require its services. The General Services Administration uses 12 approved cloud vendors to serve 28 distinct offices.
So is it smooth sailing from here? Perhaps; the horizon looks promising. Cloud computing has the potential to establish greater transparency and efficiency at a lower cost, leading to better governance and, ultimately, a more responsive government.
And that charts a course we can all agree on.
Courtesy: Kogod NOW: A digital magazine from American University's School of Business