IT diversity will serve OMB's Cloud Smart strategy
After seven years of federal cloud mandates, we've learned that one size does not fit all.
Most commercial enterprises are moving critical applications to the cloud, and government agencies are no exception. However, legacy technology, austere budgets and relentless security threats have kept progress incremental. To help the federal government address these challenges, the Office of Management and Budget is developing a new strategy called Cloud Smart.
While the Obama administration's Cloud First mandate emphasized moving to the cloud when possible, it provided little guidance for how to prioritize on-prem and public cloud resources. After seven years of pursuing the cloud, we know that it's many things to many people and one size does not fit all. If the agencies are going to successfully move to the cloud, Cloud Smart should provide guidance for the optimal use of on-prem and public-cloud infrastructure.
Three pillars of Cloud Smart
OMB is expected to focus on three pillars in its strategy: workforce, procurement and security. Allowing for the right cloud to be employed to its greatest advantage can help with each of these elements.
Workforce: The cloud is not optimal for every application workload. Thoughtful, mission-focused work can't and shouldn't be automated or outsourced. However, allowing legacy infrastructure to dominate federal IT environments for decades has resulted in a cloud skills gap. Diversifying the technologies and formats used by federal agencies mitigates the limitations of rigid, outdated and/or customized systems that are hard to upgrade, hard to integrate and hard to replace when better options become available. And when those better options appear, chances are much more likely that there will be relatable skills on staff, ready to serve.
Procurement: Funding for IT projects and programs comes from a myriad of different sources. Agency leaders operate under duress year after year, facing budget austerity, perpetual continuing resolutions that fund only existing projects to "keep the lights on," then the annual rush to execute budgets once the CR is resolved. Federal agencies have operated on CRs for 14 of the last 18 years. As a result, it's no surprise that a Government Accountability Office report found that 75 percent of federal IT budgets go to maintaining legacy IT annually. These factors keep government leaders propping up old technology, rather than investing in innovation.
The Cloud Smart policy should optimize procurement rules to encourage fair and open competition so that agencies don't get bogged down in restrictive specifications or contracts that concentrate all the power in a few vendors' hands. A diverse IT ecosystem creates an environment that keeps vendors bringing their very best technology, pricing and contracts to their customers.
Security: A multicloud environment can help enhance IT security by spreading risk across resources. For example, sensitive information can be maintained on-prem and non-sensitive data can go to any resource of choice, making it harder for threats to have broad, debilitating impact. Given the diverse security requirements within and among federal agencies, one size can never really fit all, never protect all. This is a key of a multicloud strategy.
Why multicloud?
Not every application is optimal to run in the public cloud. About a quarter of government applications are dynamic workloads that experience extreme peaks and troughs based on different annual milestones. The remaining three quarters of applications fall more into this static, predictable usage category. Running static, predictable workloads in a public cloud is like paying to rent a hotel room 365 days a year, rather than going the more practical route of renting an apartment and doing your own housekeeping and laundry.
Government IT initiatives seem to regard public cloud as the ideal state, but it's just one of several practical options. Agencies should ask themselves: what applications need to be quickly scaled up or down? These are the applications that should be moved to a public cloud provider while the rest can be optimally maintained on-prem. While agencies may be tempted to focus on checking the cloud box, it is now easier and more effective than ever to manage a hybrid or multicloud environment with the right platform.
It's important that OMB resist viewing public cloud as the single goal of government IT. Agencies should diversify their IT environments to foster the greatest depth and breadth of IT skills. This will attract and retain top talent that can evolve with technical innovations, rather than working to maintain the status quo. It will make incorporating new technologies easier, putting more power over IT decisions and purchasing in the hands of IT leadership, rather than vendors. Finally, a diverse IT environment is the best defense against an increasing -- and increasingly innovative -- threat force.