INNOVATION IN GOVERNMENT
CAPITALIZING ON
THE CLOUD
2
The Next Era of the Cloud
4
From Servers to Customer Service Levels
6
Modernize Data Archives
8
Revolutionize Citizen Service
10
Beyond Lift and Shift
12
Security Must “Trust but Verify”
14
The Right Reasons for Cloud
16
One-on-One With Army’s Wang & Bognar
Government agencies continue to modernize their IT infrastructure to reduce costs, improve security and IT services—and cloud computing is a critical component of those efforts.
Learn more at carahsoft.com/innovation
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
THE NEXT ERA OF THE CLOUD
Following the “Cloud First” mandate, government agencies now consider cloud solutions an integral aspect of their operations.
B
Y ALL ACCOUNTS, the “Cloud First” era is coming
to a close. Agencies are preparing to make cloud solutions an integral part of their operations going forward. The federal government’s “Cloud First” policy, issued in Dec. 2010, went a long way toward helping agencies understand the potential benefits of cloud. Now the challenge is to build on that work and develop a more strategic approach that realizes the cloud’s full potential. The impetus for doing so is clear. Across the public sector, agencies are under pressure to modernize their IT infrastructure as a way to reduce costs, improve security, and deliver a higher caliber of IT services—and cloud computing is expected to be a vital element of these modernization efforts. According to a recent study by Forrester Research, cloud is set to become “the dominant technology model” in the private sector by 2020, with estimated revenues of $236 billion. Government agencies might not adopt cloud at quite the same rate, but the trend is the same. Across the board, agencies are expected to expand their existing cloud solutions and make cloud the de facto platform for new applications. In fiscal 2016, 8.5 percent of all IT spending in the federal government involved the cloud, according to a report by industry researcher IDC.
Shutterstock.com
Squeezing Savings From the Cloud For many agencies, the potential for cost-savings continues to be the major driver for cloud adoption. The Department of Agriculture has been particularly efficient in extracting savings from the cloud, according to IDC, which points to a 30 percent savings in 2011 when the U.S. Forest Service migrated to a new cloud-based system. How did the agency achieve such whopping results? Part of its technique is a new cloud-based management platform equipped with transparency—and a dashboard view into all network and telecommunications services and assets. The agency is now able to determine how its resources are being used in more than 6,000 locations through an automated process that helps to eliminate human error and cuts staff time spent on menial tasks, such as invoice processing. “Soon all 29 agencies within the USDA migrated to this platform—and the real savings in employee time and money— continued to scale at that 30 percent rate, representing millions of taxpayer dollars annually,” IDC reports.
2
In a similar vein, success of the Defense Department’s milCloud project, an on-premises cloud solution managed by the Defense Information Systems Agency (DISA), has already prompted DOD to begin planning for milCloud 2.0 as a next generation cost-saver. The 2.0 platform will offer both on-premises and offpremises capabilities to generate significant savings to the Pentagon, says DISA cloud portfolio chief John Hale. Like its civilian counterparts in the Agriculture Department, milCloud 2.0’s appeal will be based on its ability to lower costs, a significant factor in an era of sequestration, says Hale, speaking at an AFCEA meeting last summer. “By leveraging cloud capability—both commercial on-premises and off-premises—we can bring significant savings to the department,” he says. Even so, the platform has limitations. “There’s always going to be the need for traditional hosting in a DOD data center,” says Hale, who added that certain workloads, such as nuclear command and control, “just do not fit well in a virtualized or cloud model.” The bullish outlook for cloud suggests a similar expansion of cloud security activities. In the federal government, the focus is on building support for the Federal Risk and Authorization Management Program (FedRAMP). As part of that, the FedRAMP office began clearing cloud vendors to host high-impact systems, which expands the potential market for commercial cloud services considerably. The program office also upgraded its marketplace dashboard to make it easier for agencies to connect with cloud service providers and third-party assessment organizations. Prepping for Shared Cloud Services The General Services Administration’s new shared services framework—the “Federal Integrated Business Framework”— takes an innovative approach to shared services that could significantly expand the uses of cloud across the federal government. The framework, announced in October 2016, is intended to document the functional business capabilities expected in each line of business across government and how those areas intersect, which sets the stage for buying SaaS solutions that could lower the cost of delivering administrative services. In January, GSA’s Unified Shared Services Management
SPONSORED CONTENT
Office, which administers the federal shared service ecosystem, released a request for information asking for descriptions of any new or existing SaaS offerings applicable to key shared service areas, including financial management, human resources, acquisitions and IT.
The cloud is also is expected to get a push from continued efforts to consolidate and optimize data center operations. OMB’s latest guidelines on data center optimization, released Aug. 1, called for increased use of both shared services and the cloud. The stage is set for a new era of cloud-based operations.
THE NEW ERA OF THE CLOUD DEMANDS A NEW TOOLKIT The cloud is maturing as a platform—and prevailing cloud strategies are maturing as well. Agencies are taking a more thoughtful, considered approach. No longer a novelty or an experiment, cloud-based platforms are becoming an integral part of government agency strategy, whether public cloud, private cloud, or more often a hybrid model. This new face of the cloud requires a new toolkit to properly manage the increasing volumes of data and apps migrating to the cloud.
SOFTWARE-DEFINED EVERYTHING:
The new era of the cloud is driven by software-based technologies. Software-defined computing, networking and storage are critical for properly and comprehensively centralizing and migrating existing services to the cloud. This software-defined infrastructure helps ensure the cloud’s promise of performance, agility and security.
APPLICATION MANAGEMENT: It’s not just data that is being migrated to the cloud,
but also an agency’s portfolio of applications. So agencies need a way to monitor and manage those applications. Some applications may reside in the public cloud, others in a private cloud, but being able to manage them all through a single dashboard is essential.
REPORTING TOOLS: Moving to cloud technology can greatly reduce the burden of IT maintenance and operations. Nevertheless, there still must be cloud-based reporting tools and workflows to ensure smooth operations and help guarantee that agencies are making the right mission-critical decisions. DATA MANAGEMENT: The new face of the cloud requires a new class of tools for data management. Tools for archiving, classifying and analyzing data are now standard when considering the cloud as a massive source of both structured and unstructured data. CLOUD SERVICES: Selecting the right cloud services provider with the right portfolio
of services can make or break a cloud migration effort. A true enterprise-grade provider can help agencies ensure that they will accelerate and streamline their migration to the cloud, while taking better steps to ensure success. A cloud service provider must be able to scale to meet variable needs for storage, security, and data and application management.
SECURITY AND COMPLIANCE:
Moving application and data workloads to the cloud helps reduce cost and increase flexibility and scalability, but security and compliance concerns must be addressed. Security remains a constant concern for the cloud, and all government agencies are subject to varying levels of compliance. Toolsets to ensure security, encryption and compliance must be part of the picture.
3
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
FROM SERVERS TO CUSTOMER SERVICE LEVELS
Modernization requires a renewed focus on IT’s central role in agencies’ missions.
T
TIM MERRIGAN VICE PRESIDENT OF STATE, LOCAL AND EDUCATION, VMWARE
HE NEXT EVOLUTION of cloud technology offers government agencies a unique opportunity to transform the way they deliver services, both internally and externally. It begins by recognizing the vital role IT organizations play in helping agencies deliver on their missions. There are many approaches to simplifying and modernizing how IT is delivered. One of the most effective is to centralize IT operations so agencies define their needs and expectations, and the IT team decides how to address them. Whether the service resides on-premises, off-premises or in a hybrid cloud is up to the IT organization, but the goal is to deliver the same cloud-like experience, level of performance and security agencies have come to expect. Technology Transformation Software-defined computing, networking and storage are often the logical places to start. when centralizing and moving existing services to the cloud. This approach provides the agility, simplicity and security required to drive down costs and risks. Because this approach can help an agency quickly adapt to advances in technology, security and mobility, it is easier to modernize how it delivers services. A key consideration is understanding agencies’ performance-level expectations. First responders and law enforcement officials, for example, are always on high alert. Some activities, though, have a builtin seasonality—such as tax filing. In those situations, the IT team might decide an application should reside in a lower-cost, off-premises cloud for most of the year, when there is less demand, and then shift to an onpremises data center during the busy season.
4
Some agencies are now transferring workloads from on-premises private clouds to off-premises public clouds and back again in real time, and they’re doing it seamlessly and securely. That extended functionality across the network is a significant step forward in making the cloud a truly indispensable tool. Indeed, VMware and other companies are forming partnerships so customers can move between cloud service providers without the traditional expense and effort involved in switching platforms, making the cloud an even more effective tool for IT organizations. Cultural Transformation As IT teams transition into being brokers of IT services, they will need a plan for modernizing their employees’ skill sets so they can embrace the changes taking place across the industry. Given tight state and federal budgets, IT leaders will have to find creative ways to build ongoing education into the culture of their organizations. Some state and local IT teams have begun rotating their employees through different roles and positions to give them exposure to other aspects of the business. This approach re-energizes employees who might have been in government for a long time, teaches them new skill sets and enhances their awareness of all the moving parts that go into delivering IT services. In short, it makes them more effective at what they do. Shifting the focus to customer experience and service levels instead of tactical data center issues promises to revolutionize the way governments view IT—to the benefit of agencies and the public. Tim Merrigan is vice president of state, local and education at VMware.
VMWARE CLOUD FOUNDATION Unified Software-Defined Data Center Platform
SIMPLIFYING THE PATH TO THE HYBRID CLOUD FOR FEDERAL, STATE, AND LOCAL GOVERNMENTS: • Reduce overall TCO of private cloud deployments by 30-40% • Increase admin productivity by up to 2x • Eliminate HW cost when consumed as a service on the hybrid cloud
USE CASES: • Virtual Infrastructure
• Private, Secure Clouds
• Virtual Desktops
• As-a-Service Public Clouds
Learn more at carahsoft.com/innovation/VMWARE-cloud
5
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
MODERNIZE DATA ARCHIVES
Cloud-based tools hold the key to imposing structure on unstructured data.
A TOM KENNEDY VICE PRESIDENT AND GENERAL MANAGER, VERITAS PUBLIC SECTOR
6
GENCIES HAVE a mandate to manage all permanent electronic records in electronic format by the end of 2019. Until only a few years ago, some agencies were still using the print-and-file method. Although most agencies have made significant progress since then, others are struggling to put a records management strategy into place. Fortunately, new cloud-based tools can help. In the Data Genomics Index released last year, Veritas found that more than 70 percent of the data held by companies and agencies had no relevant business value, and 41 percent of the data was considered stale, meaning it hadn’t been touched in three years. Such data is a prime candidate for secondary or tertiary storage. Furthermore, content-rich orphaned data, which doesn’t have an owner, is overlooked but taking up more than its share of disk space. Two macro trends are influencing those business decisions. The first one is the phenomenal growth in unstructured data, which some experts say could be as high as 50 percent a year. Clearly, throwing infrastructure at the problem doesn’t work anymore. Agencies must instead create a strategy for managing their data. The other big trend is the emergence of cloud technology. Today, data sources might not only be in multiple locations on premises, they might also exist in private and public clouds. At the simplest level, a cloud can be viewed as just another data source, and the purpose of putting content into any archive or records management tool is to add structure to unstructured data so that content can be searched and classified. Several emerging cloud tools can help agencies move forward. For instance, a cloud-based archiving tool is a simple way to incorporate auto-classification. The agency sets the retention policy, and the technology then classifies the documents or email messages in
accordance with that policy. It adds a contentbased classification process to the federal government’s role-based Capstone approach. Other tools identify where data resides and provide statistics based on a multitude of classifications. The goal is to give agencies the ability to make good decisions and get rid of data that has no business value. This approach also eliminates risk by not keeping unnecessary data while reducing an agency’s data footprint and the infrastructure and costs associated with it. Once an agency has a strong data management strategy, it can streamline many cross-functional workflows. For instance, a large federal agency was struggling with its process for preserving information that might be needed for litigation purposes. It had 600+ active legal holds at one time, and multiple employees were managing the process using a large spreadsheet, with all the risks inherent in that approach. But because the agency had developed a good information management strategy, it was able to add an automation tool and transform the workflow from a risky, manual process into a tight, automated workflow. Other agencies have improved their e-discovery processes and reduced costs by using tools that intelligently cull relevant data. Likewise, a good classification engine can quickly search and find the files needed to respond to Freedom of Information Act requests, while automated editing and redaction tools can help agencies make sure they’re not sharing inappropriate material. A data strategy cuts across the entire agency, and a combination of cloud technology and automation can go a long way toward empowering people to make the important cross-functional decisions that improve workflows and keep costs under control. Tom Kennedy is vice president and general manager of Veritas Public Sector.
DATA HIDES. INFORMATION ILLUMINATES. It’s time to turn data into insight. It’s time for Veritas.
Learn more at carahsoft.com/innovation/veritas-cloud
7
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
REVOLUTIONIZE CITIZEN SERVICE
Cloud technology helps agencies connect with the public in new and powerful ways.
C KEVIN PASCHUCK CHIEF OPERATING OFFICER AND SENIOR VICE PRESIDENT, PUBLIC SECTOR AND AEROSPACE AND DEFENSE BUSINESS UNIT, SALESFORCE
8
LOUD-BASED DATA and workflows give citizens and agencies access to the right data at the right time regardless of location or device. That’s something not typically associated with government interactions of the past. Although it might not seem revolutionary compared to what Amazon and Netflix can do, people are enjoying the benefits of agencies’ adoption of cloud technology in the form of quicker and more personal interactions. By investing in cost-effective cloud solutions they can quickly deploy, agencies can save taxpayer money while providing more modern and digital ways to interact with the public. The technology can also improve agencies’ ability to make smarter decisions in real time, thereby fostering even stronger relationships with citizens. After all, people expect government agencies to offer the same user experience they enjoy in every other part of their lives. Waiting in line for two hours to apply for government benefits is unacceptable in today’s world. Colorado, for example, recently moved its integrated eligibility assessments for government benefits to the cloud, which helps serve its citizens in a more efficient, satisfying way. Cloud technology also helps agencies do more with less by offloading IT maintenance and operations to the cloud. Now they can focus more of their limited resources on functionality that reaches citizens instead of simply ensuring that the hardware works. And regardless of where the data resides or how ready an agency is to modernize, implementing a cloud-based reporting tool can give government leaders a holistic view of their world and the insight to make mission-critical decisions based on all the relevant information. To find a trustworthy cloud provider, agencies should look for companies with security packages that reflect completion of the Federal Risk and Authorization Management Program’s Security Assessment Framework. The provider should also
make publicly available information on security, availability and performance status. The cloud has a slightly different operating model from on-premises technology, which requires a greater understanding of total cost of ownership. Focusing on reducing an agency’s TCO across all IT spending will highlight the efficiencies that cloud computing can bring. Not focusing on agency-wide TCO reduction, however, can cause the same problems with cloud adoption that agencies have had with legacy on-premises technology. Therefore, before even looking for a cloud provider that is aligned with their priorities and objectives, agencies should consider the following questions: Do we understand the TCO for our proposed set of IT requirements? Do we understand the mission-critical requirements for each application? Was our current set of requirements based on the capability of our existing technology, or did we identify what we needed to succeed regardless of what we thought the technology was capable of? Do we have employees with cloud-based skill sets? BlackBerry devices, legacy PCs and on-premises software from the 1990s are also hurting the ability of agencies to recruit the best and brightest prospective employees—especially millennials. They are used to having access to the latest technology and mobile-first conveniences. So instead of worrying about what might or might not have been possible in the past, agencies should identify their ideal missioncritical requirements and wrap cloud technology around them. Officials should also understand any compliance mandates before making purchasing decisions. Cloud technology can often help agencies meet legislative requirements. Kevin Paschuck is chief operating officer and senior vice president of the Public Sector and Aerospace and Defense Business Unit at Salesforce.
The Salesforce Advantage Salesforce Government Cloud Lightning gives departments and agencies modern tools that empower more responsive teams, capable of delivering a more impactful mission.
Streamline your services with the world’s most proven customer relationship management solution.
COMPLETE
FAST
TRUSTED
Our complete solution portfolio is brought to life by our innovative ecosystem, addressing the unique needs that drive government missions.
Blanket purchase agreements make it easier for you to work with Salesforce and see benefits, faster. You focus on the mission. We focus on the process.
Salesforce is continually investing in the industry’s top compliance certifications, ensuring solutions on our platform meet the highest standards.
To learn more, please visit: carahsoft.com/innovation/SALESFORCE-cloud
9
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
BEYOND LIFT AND SHIFT
New solutions and strategies promise to simplify increasingly complex cloud environments.
T
TIM BOCK DELL PUBLIC ALLIANCE MANAGER, VIRTUSTREAM
10
HERE IS NO DENYING the benefits
of operating in a low-cost, highly effective and highly resilient cloud framework. But the journey is more complex than simply shifting existing applications to the cloud. It is tempting to believe an agency can take whatever it’s already doing and “cloudize” it to achieve all the benefits that we see with Netflix or Uber. However, the underlying cloud-native architecture that supports the activities of those companies is fundamentally different from the way, say, Microsoft SharePoint or SAP Financials are architected. And although lifting and shifting an application to the cloud can save money in the short term, it doesn’t take full advantage of cloud technology. The real gains come from understanding scale and the difference between a cloud-native and a government-procured application. A company like Netflix designs everything in a forward-looking DevOps framework in which developers are constantly updating portions of the service platform. The core business of such companies is to deliver those kinds of applications. By contrast, there aren’t many government agencies whose core business is developing applications, so there’s a huge skills gap between what the average agency wants to do and what its existing workforce is trained to do. In the end, many agencies will not require the kind of scale that necessitates moving to a DevOps model. Instead, each agency should develop a cloud strategy that begins with understanding whether it is a consumer of apps or a provider of apps. Then the agency must determine how much it needs to scale to provide an adequate level of support. For example, making it possible for citizens to view their Social Security benefits online requires a massive scale compared to a Transportation Department app for pilots, which has a much
smaller target audience than every person in the U.S. with a Social Security number. Agencies must evaluate each application by asking whether it makes sense to transform it or get out of the business of managing data centers and infrastructure. The right platform, technology or method will vary by agency and application, and many agencies will end up with a hybrid-cloud or even a multiple-cloud approach. Fortunately, the industry is moving in the direction of offering a single pane of glass for managing environments that involve multiple vendors’ products and on-premises implementations. The key is developing open application programming interfaces to tie into those cloud management tools, which means vendors must put the customer’s needs ahead of the desire for proprietary standards. And as agencies start thinking about moving enterprise-grade applications into the cloud, they must move their enterprise-grade security as well. The goal is to find a partner that will go beyond FedRAMP validation to coordinate the tools, processes and procedures in its data center with the customer’s security paradigm. Those specifications and evaluations can complicate the contracting process, but picking the right security partner is more important than picking the right hypervisor. It also means, however, that the procurement process must change. Agencies can make a little exception here and there, but the same procurement regulations apply to the cloud that govern the way the Defense Department, for example, buys weapons systems. Although FITARA has extended more budget control to CIOs, it will take a high-level push from lawmakers and the White House to give agencies the flexibility they need to truly take advantage of all that the cloud has to offer. Tim Bock is Dell public alliance manager at Virtustream.
11
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
SECURITY MUST “TRUST BUT VERIFY” Security solutions must enforce the true spirit of security policy.
G JOHN DE SANTIS CHAIRMAN AND CEO, HYTRUST
12
OVERNMENT AGENCIES often have a tough time moving to the cloud. The Obama administration gave federal CIOs a mandate with its “Cloud First” policy, yet agencies and departments at all levels of government perceive great risks, and many remain reluctant. What’s needed is a new, more strategic approach to cloud security to help government proceed with confidence. Compared to commercial organizations, public sector organizations are under a microscope when it comes to compliance. Scrutiny comes from all sides: from internal auditors, external auditors, regulators, Congress, and even politically motivated independent actors. There’s little wonder they’re hesitant to shake up their IT. Depending on the agency, a data breach could affect not just personal privacy, but also national security. The need for data security is nothing new in government. Many standards have been drafted by the National Institute of Standards and Technology (NIST) and others to help guide the way. This is actually considered trustworthy behavior in a highly virtualized or cloud environment from an operational perspective. The problem is that organizations too often take a tactical approach to security. The controls they put in place are designed to mitigate threats, not enforce policy. As a result, policies can too easily be subverted, either through malice or simple negligence. For example, security audits are only beneficial if compliance is based on not just the letter, but the spirit of security standards and policies. Bad behavior hidden from auditors is still bad behavior. In some cases, an organization can start drifting into noncompliance within hours after completing an audit.
Most often, a bad actor can simply gain access to privileged credentials and take actions that are outside policy but nevertheless possible due to elevated account privilege. This was the case in a massive data breach in 2014, for example, where bad actors were able to harvest sensitive data from databases for more than a year. Moving to the cloud adds more wrinkles to the security challenges facing government CIOs. It means relinquishing some modicum of control. The old adage of “trust but verify” must now apply. A more strategic approach would be to implement security controls that don’t just monitor and guard against potential threats, but actively enforce security policy. By deploying software to continuously enforce policies in real time, agencies can truly automate good behavior on their networks. For example, it should not have been possible for the attackers to export sensitive databases to external sites. If there are indeed legitimate use cases for such actions, they should trigger red flags that require approval by a second or third person. A secondary benefit of this type of automation is that it eases the pain of the compliance auditing and investigation process. Instead of answering endless questions, an agency can generate reports to demonstrate policies are automatically and continuously enforced. HyTrust has already seen this strategic approach deliver benefits for the commercial sector. The need in government is even greater. We believe automated security policy enforcement is the key—not just to more reliable data protection, but to cutting the red tape of the audit process so agencies can proceed to the cloud with confidence. John De Santis is the chairman and CEO of HyTrust.
Enable trustworthy infrastructure and eliminate security gaps. Secure data in the cloud and automate private cloud compliance with HyTrust Workload Security. Visit www.carahsoft.com/innovation/HYTRUST-cloud.
© 2017 HYTRUST, INC. 13
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
MOVE TO THE CLOUD FOR THE RIGHT REASONS Consider the plan, process and people when moving to the cloud.
A CARMEN KRUEGER SENIOR VICE PRESIDENT AND GENERAL MANAGER OF CLOUD OPERATIONS, SAP NATIONAL SECURITY SERVICES
14
S THEY STRIVE to improve how
they deliver technology and services to their customers, government agencies have made cloud computing an essential part of their digital transformation initiatives. One of the biggest benefits of moving to the cloud is agility, which is the combination of speed and smarts. Using the cloud can help an agency accelerate the pace of innovation, incrementally transform business processes, and expand the art of the possible. Doing all this requires a certain level of dedication and focus. That begins and ends with leadership. To fully leverage the agility the cloud provides, organizations have to be open to new ideas, accepting of change, and willing to confront the unknown. As agencies delve deeper into cloud computing, however, it’s essential they have a plan for how it will support their IT modernization efforts. Agencies need to know how the cloud directly affects their business processes, mission, and the citizens it serves. Will it offer improved service or enhance the mission? Will it save money or improve agility? Determining this requires some forethought. A good place to start is to develop a paradigm; a discipline or governance model to help an agency examine the opportunities available in the cloud. One such framework is Eisenhower’s Urgent/ Important Principle, which agencies can apply to their digital transformation initiatives to help prioritize certain tasks or projects. For example, a process improvement to positively affect the mission outcome could be prioritized over an efficiency gain that is mission-relevant, but not mission-critical. Having a framework will ensure agencies are moving to the cloud for the right reasons. It can be overwhelming because organizations are no longer constrained by the particulars of their technology or hardware. It’s an
unbounded world, which offers amazing potential. It can also be burdensome because the art of the possible is infinite. There are other challenges as well, and below are some specific areas upon which agencies should focus their attention. A great place to start is investing in people. There is no better way to ensure digital transformation success than by recruiting, training, and retaining the right talent. And don’t overlook the importance of change management. This is the most delicate and often the most under-invested portion of a transformational effort. There is often a correlation—the harder the challenge, the more impactful the outcome. To really move the needle, it’s going to require a lot of change. It’s also critical that agencies understand their technology landscape before they move to the cloud. They should have a strong grasp of the system architectures supporting legacy applications—including insight into institutional knowledge employees may have— so when agencies are ready to make the move, the unknowns don’t hold them back. Finally, don’t underestimate the importance of a strong public/private partnership to the success of cloud implementations. An armslength relationship with a cloud provider is never beneficial. Communication and dialog early in the process is essential. People, relationships and trust must work together to make the whole project succeed. Ultimately, it’s about being diligent and understanding the role cloud service providers play in delivering an agency’s capability. Build the appropriate guardrails around agreements with cloud service providers and be vocal about the innovation you want. Self-actualization is really important for a successful outcome. Carmen Krueger, senior vice president and general manager of cloud operations for SAP National Security Services.
THE CLOUD YOUR WAY
SECURELY
On-Premise to Cloud
Cloud to Cloud MISSION DELIVERY
SAP NS2 Secure Support SAP NS2 Secure Infrastructure Support
ASSURANCE, COMPLIANCE, AND CERTIFICATION
INNOVATION, SPEED, AND EFFICIENCY
SAP NS2 Secure Services
The NS2™ Cloud provides a seamless customer journey to the cloud, enabling the organization’s specific policy requirements while delivering the benefits of the cloud. The NS2 Cloud couples the SAP NS2 Secure Support offering with Secure Infrastructure Support, as well as Secure Professional Services. The NS2™ Cloud accelerates the mission to achieve business outcomes. Deliver innovation without sacrificing security and compliance. NS2 employees are U.S. citizens, operating on U.S. soil. Our experience, ecosystem, and solutions will deliver your mission critical edge.
www.sapns2.com 877-9-SAPNS2 (877-972-7672)
15
CAPITALIZING ON THE CLOUD SPONSORED CONTENT
Executive Viewpoint
A CONVERSATION WITH GARY WANG AND ATTILA BOGNAR
Wang and Bognar discuss how the Army is leveraging the cloud to improve its IT services and support its data consolidation efforts.
GARY WANG ARMY DEPUTY CHIEF INFORMATION OFFICER/G-6
ATTILA BOGNAR CHIEF, ARMY DATA CENTER CONSOLIDATION PLAN (ADDCP) DIVISION/ OCIO/G-6
How does the cloud fit into the Army’s larger IT strategy? Wang: First, we’re making great strides to reduce the IT infrastructure. One of the ways we’re doing that is by moving to a cloudbased as-a-service enterprise computing environment. The cloud also is helping enhance the security of our IT environment. And moving to an as-a-service model with a commercial provider in some of these areas gives us added flexibility and agility to respond to the changing environment. In the past, when the government would own the hardware and employ people to run the data center and provide services, we were constrained by what I like to call “colors of money.” You would use one color of money to buy the hardware, and then another color of money to actually pay for the labor. That is no longer the case when we take an as-a-service approach and contract it out. Bognar: And there’s a nexus between closing legacy data centers and developing a cloud-enabled environment. As we shut down data centers, we want to use the cloud as a final resting place, if you will, for the applications.
How big of a shift is this, and how are you getting the buy in you need? Wang: It is a big cultural shift. I tell folks we have both a carrot and a stick as motivating factors. For us the stick is the Army’s recent directive mandating the consolidation of data centers and the move to cloud. The carrot is the potential cost savings and the other benefits we talked about earlier. Bognar: We’ve been in what you might call a server-hugging environment, where owners perceived they had to have this tight control of the environment in order to be successful. Now data center owners need to realize, “Hey, we can let go of that ownership and still get great services and even better services.” Because with industry best practices, we know that once we get into cloud, we’re going to be able to deliver great benefits at a lower cost to our customers. What are the most important benefits/gains you’ve seen with the cloud so far? Wang: One of our early adopters was the Total Ammunition Management Information System, or TAMIS. They have seen the benefits in terms of cost savings, ease of use,
“We’ve been in what you might call a server-hugging environment, where owners perceived they had to have this tight control of the environment in order to be successful.” 16
SPONSORED CONTENT
“As we have an increasing number of enterprise applications in the cloud environment, it does give us some purchasing power, so we can lower our costs that way.” the transparency of data—and being able to receive reports from their cloud service provider. These quick results have aided their decision-making as they look to the future. Bognar: We’re still really in the initial stages of trying to establish the benefits. To help us do that, we are creating an on-premise, private cloud pilot at the Redstone Arsenal. This will be contractor-owned and contractor-operated, so we can really see the benefits that come with this model. Has the broader adoption of the cloud required some shifts in governance or management strategies? Bognar: This goes back to what we talked about on some of the challenges we have. We have to figure out the roles and responsibilities between the Army and the vendor for managing security in the cloud, so the vendor and the government can properly interact with one another. And so we’re going to need governance processes put in place to help resolve this challenge. As a matter of fact, the directive in place tasks ARCYBER to help resolve and manage this challenge. We also have to ensure we have a way to manage application migration to the cloud, so we stood up the Army Application Migration Business Office or AAMBO. This helps the mission owners, those commands out there understand what environments their applications would be best hosted in from enterprise perspective, including the commercial cloud. And lastly, the directive that was signed off by the SECARMY established an Army level Migration Implementation and Review Council (MIRC) which oversees the compliance with the directive and drives us toward an enterprise hosting environment with the cloud being at the forefront. How do you see the cloud affecting the Army’s IT acquisition strategy? Wang: Acquisition is still the biggest issue we need to address with the cloud. What I’ve already seen is once we have contract vehicles in place for the cloud—in terms of
Large Multiple Award Contracts or indefinite delivery, indefinite quantity contracts—we are able to get those services more quickly. For example, last year with Redstone Arsenal pilot, we put out a request for proposals in May and made by award by the end of September. Requests for information are also helpful in getting a dialogue between industry and government about more effective ways of acquiring IT acquisition strategy. Another significant issue is the idea of doing a cost benefit analysis or cost set-up analysis. Doing a CBA forces us upfront to look at the benefits and costs involved in migrating to the cloud. There are some cases where the CBA might show it doesn’t necessarily make sense to move to the cloud. You might be perfectly fine just staying in a data center. What are some of the longer terms gains that you expect cloud to bring? Wang: I always talk about economies of scale. As we have an increasing number of enterprise applications in the cloud environment, it does give us some purchasing power, so we can lower our costs that way. Also, as I said earlier, we can take advantage of emerging technologies more quickly, using the cloud as a kind of on-ramp in the IT world. One example is the use of analytics. It’s much easier to apply analytics in the cloud environment, so we’ll probably see more of that down the road. Bognar: Also, here’s what it will let us do: If I’m a customer [of a cloud service], I have the ability to scale up and down on demand. I can set up a development server in the morning, and that evening I can tear it down. And guess what? Because it’s a metered service, I’m only paying for the time I had that server up. I think that as we begin to use the cloud more and take advantage of its capabilities, we’re going to see a greater demand for it. I’m real excited about that.
17