This last Friday, I had a great experience as the moderator for a panel focusing on what was termed the practical issues associated with cloud implementation. Among other things, it reminded me how far we’ve come since serving as the CIO at the Department of Transportation. The panel was part of a larger event, the Cloud Computing and Virtualization Conference Expo held at the Washington Convention Center.
These kinds of panels are unpredictable in how they work out, but in this particular case, we were able to provide viewpoints from experienced professionals representing three distinct viewpoints:
• Wolf Tombe, the CTO for the Office of Information Technology at the Customs and Border Protection, DHS, discussed issues as perceived by a Government implementor. CBP has been looking at a hybrid approach to the cloud, putting some applications into public clouds and others in private or perhaps community clouds.
• Bob Hansmann, a senior security architect at Blue Coat, a major provider in this space, discussed what it was like to be a product and service provider to the government. His focus on security issues was timely since that continually comes up as an issue associated with cloud implementations.
• Dmitry Sokolowski, a technical consultant for Booz Allen Hamilton, balanced the first two panelists by talking about the technology issues he faced as a partner to the Department of Labor implementing Benefits.gov as it migrated to the cloud.
So what were the conclusions of the panel during the sixty minutes they provided insights into their personal and professional experiences, without slides under my orders, and the resulting question and answer sessions?
First, I was struck by how the dialog has changed since I left the Department of Transportation in early 2009. The year before I left, I was given the first Government 2.0 award by the Federal CIO Council by setting up a secretarial on-line blog hosted externally and doing some experiments in Second Life; however the thought at the time of moving significant applications to the cloud was a radical idea for almost everyone.
Now the conversation in the federal government has moved far beyond the ‘if’ of cloud and, thanks to NIST, beyond the ‘what’. Instead, almost every agency and department is wrestling with how to move to the cloud and the implications of doing so.
Tombe discussed the difficulties in selecting providers and ensuring that what the providers say they can do is accurate. He warned about providers who are not familiar with or slide by requirements that federal organizations face, such as meeting FISMA (Federal Information Security Management Act) specifications. His experience is that such providers will claim FISMA certification or even less precisely FISMA compatibility, when in fact they really have neither. Also even when providers do invest in FISMA certification they may not do so at the level needed for the application moving into the cloud.
Hansmann continued the focus on security and provided insight into the broader government marketplace. Security needs to be part of the initial planning when looking at the cloud. Like any outsourcing, which in effect, a cloud implementation is, it forces all of us to examine what information needs what kind of protection and to make decisions based on the answer to that question.
Sokolowski brought up the importance of changing the approach to designing solutions and how hard that was to accomplish without proper planning. Moving to a Service Oriented Architecture (SOA) is important to minimize some of the challenges in moving to the Cloud.
One particular interesting interchange occurred when a member of the audience who was supporting DoD work with the cloud asked the panelists about their use, and attitude toward, ITIL.
For those unfamiliar with ITIL, it represents a structured approach to IT service management. The thought is that by having a common language for looking at service management and a consistent structure across large organizations (or between groups of organizations), it increases the quality of management communication allowing everyone to focus more on operational issues as opposed to coordination issues.
The conclusion was that for small ‘one-off’ projects, ITIL was not that useful. However, for any organization doing large scale planning to migrate to cloud computing, it was a very valuable approach to use.
As someone who has watched and commented on the evolution of cloud computing closely, the panel was not only engaging and the crowd interactive, it also demonstrated to me how far down the road the cloud conversation has proceeded in the federal community.
Daniel Mintz is chief operating officer of Powertek Corp. He served as CIO of the Department of Transportation from 2006-2009.