Cloud First Policy -- What Does It Really Mean?

The Federal Government has issued a cloud first policy as a part of the Office of Management and Budget s 25-point plan to reform federal information technology management. What does it mean for state and local governments?

by / December 19, 2010 0

The federal government has issued a "cloud first" policy as a part of the Office of Management and Budget's 25-point plan to reform federal information technology management. The policy was described by federal CIO Vivek Kundra during a December 9, 2010 presentation. This cloud first policy was presented as an important aspect of government reform efforts in order to achieve operational efficiencies by adopting "light" technology and shared services.

The potential benefits from implementing cloud computing are huge. One slide near the ends of the Mr. Kundra's presentation offered this bullet on how reforms will change the status quo: "Utilizing 'Cloud First' approach, provision solutions on demand at up to 50% lower per unit cost."

Federal agencies are already getting onboard, and the General Service Administration (GSA) has announced plans to move to a web-based email system, similar to Google's Gmail. According to the Washington Post

"The GSA is the first federal agency to make the Internet switch, and its decision follows the Office of Management and Budget's declaration last month that the government is now operating under a ‘cloud-first’ policy, meaning agencies must give priority to Web-based applications and services. ...

The Obama administration has said that cloud computing will allow more people to share a common infrastructure, cutting technology and support costs. But some technologists have warned that Web-based software may not be as secure as systems built for a dedicated purpose. And the programs often depend on stable network connections." 

The cloud first policy itself has several specific mandates in section 3.2. "Each Agency CIO will be required to identify three 'must move' services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems. Of the three, at least one of the services must fully migrate to a cloud solution within 12 months and the remaining two within 18 months."

Moving forward, many implementation questions remain. How will the cloud computing contracts actually work across multiple agencies with different requirements? Will security protections be adequate? What parameters will be in place to prohibit offshore cloud facilities? Will the promised savings materialize? What flexibility will be included to allow state and local governments to take advantage of these new federal cloud offerings?

Still, these are the right actions overall for the federal government to take, in my opinion. A "cloud first" policy will shape the future for IT management in government. Many of these 25 federal reforms need to be adopted by state and local governments. So what should state and local technology leaders be doing now? What does a cloud first policy really mean outside the DC beltway? Quite a bit, I think. Here are three items to consider:

  • Cloud computing is the new normal for all of us. "Shared services" is here to stay. Learn more by reading and learning about what your federal, state and local counterparts are doing now.
  • Develop a cloud computing strategy for your government with meaningful deliverables and milestones. Figure out what can go into a "public cloud" and what needs to remain in your government's "private cloud." Or, more likely, will you implement a “hybrid cloud.” Federal Computer Week suggests that agencies should start with cloud-based email
  • Build partnerships. We need help from the private sector companies, other governments and associations like NASCIO

What are your thoughts regarding the announced "cloud first" policy? What does it mean for your government?

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

DAN LOHRMANN

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso