State-operated government clouds add another option to a growing menu of hosted infrastructure and application offerings.
While federal CIO Vivek Kundra was unveiling his high-profile cloud computing initiative, two of the nation's most technologically sophisticated states were making cloud plans of their own.
The September launch of Kundra's Apps.gov online storefront -- which makes it easier for government agencies to acquire cloud-based services from private companies like Google and Salesforce.com -- drew most of the attention. But state CIOs in Utah and Michigan are betting that some public-sector customers would rather get cloud services from another government instead of a commercial provider.
Both states are gearing up to launch public-sector clouds operated by their central IT agencies that will serve state agencies, as well as local governments and schools. Some expect this type of government-operated cloud to become common as states look to leverage their investments in consolidation and sophisticated technology infrastructure. For customers, emerging government clouds add another option to a growing menu of hosted infrastructure and application offerings -- an option that doesn't include turning over government data and applications to a private vendor.
Steve Fletcher, Utah CIO and executive director of the state's Department of Technology Services (DTS), views Utah's cloud as a natural extension of a data center consolidation initiative that has been under way for several years. It also dovetails with growing government interest in cloud computing and software as a service.
"We're in contact with six or eight cities that are saying, 'Yeah, we'd love to have you take over our operations,'" he said "They understand that we know how to protect the information and we know how to handle it. All those issues of access and ownership and security have already been resolved. So it's a lot safer for them, and if we can show them that our prices are very similar to what's offered in the commercial side, then they're saying, 'This is a good idea.'"
Utah's DTS is currently defining a package of software, platform and infrastructure services that will be offered to state agencies, local governments and schools. The plan envisions a "hybrid cloud" that provides a mix of state-hosted services and commercially provided offerings -- but they would all be delivered through the DTS IT Service Catalog.
"We're consolidating and virtualizing [state government servers] now. So from there, we will have all of our state agencies essentially virtualized -- they'll be in the cloud," Fletcher said. "Then we will start to add local entities."
Similar activity is under way in Michigan, where the state intends to break ground next year on a massive data center designed to provide cloud computing services to state agencies, cities, counties and schools.
Michigan CIO Ken Theis said there's huge demand for application hosting and managed services among local governments in Michigan, which has been battered by the decline of domestic auto manufacturing and other economic factors.
"The state government is hurting, and the local governments are hurting even more," he said. "So the heart of our cloud computing strategy is not a state of Michigan cloud, but a public-sector cloud, and there's a ton of interest in it."
Michigan's Department of Information Technology planned to release a request for information this fall to gauge industry interest in forming a public-private partnership to build and operate what is being called the Great Lakes Information & Technology Center. The state envisions a public-sector cloud that would offer application hosting and managed services to any public entity in Michigan.
"This is really big for us," Theis said. "It could potentially be an 80,000- to 100,000-square-foot data center. And we're not only looking at it from a shared-services and cloud-computing perspective, we're also looking at this for economic development."
The data center is being positioned as a magnet for technology-related economic development -- and even as a potential alternative to offshore application hosting and storage for private companies.
Michigan will tap funds from the American Recovery and Reinvestment Act and other sources to make the facility as green as possible, Theis said. Energy efficiency will be a key to the new data center's success as an economic-development engine, he added.
Michigan officials expect the new facility to become attractive for employers by offering low-cost hosting for startup companies. In addition, an extremely efficient Michigan data center could be a competitive option to offshore hosting for established companies.
"No private-sector CIO wants to offshore, but right now, there's not really a good alternative. And they have the same problem now as government does: They don't have any money," Theis said. "We'll give them what I call a second-tier solution. First tier is an on-site data center. Third tier is offshore hosting. This is a second tier. It won't be as cheap as offshore, but a lot more reasonable than having folks onsite."
States may be cranking up their own cloud strategies, but they're also watching federal cloud activity. Fletcher, Theis and others said they're tracking how the federal government handles data security and other issues associated with using commercial cloud computing services.
In July, the General Services Administration (GSA) released an RFP that outlined requirements for cloud computing and software-as-a-service offerings. Then in September, Kundra unveiled Apps.gov, which offers hosted business, productivity and social media applications. Cloud computing services -- such as storage, software development tools, virtual processing power and Web hosting -- will be added later.
"Part of what we're looking to see is what happens with the [federal] model, what kind of providers come online, when do they come online, how are they going to meet the federal requirements?" said Patrick Moore, CIO of Georgia. "If you look at the RFP, they are asking the providers to be FISMA [Federal Information Security Management Act] compliant. The [National Institute of Standards and Technology] is involved in helping define what cloud computing is from a federal government standpoint. So you're seeing the right kind of engagement to help develop the solution."
Indeed, federal interest in cloud computing prompted Google to announce a government-specific version of the company's popular cloud computing offerings. Google's government cloud will tailor the Google Apps suite -- which includes hosted e-mail, word processing, collaboration and Web site creation services -- to meet specific public-sector requirements. The company plans to launch the new offering in 2010, and it will be available to federal, state and local government agencies.
"One of the things that was said during the announcement of Apps.gov was that industry will need to step up and help move the government's cloud computing initiative forward," said Matthew Glotzbach, product management director of Google Enterprise, during a conference on the same day Kundra unveiled the federal cloud storefront. "So we're happy to rise to that challenge."
Glotzbach said Google's government cloud would comply with FISMA requirements, as well as other public-sector privacy and security policies. Unlike the company's commercial offerings -- which are hosted on infrastructure worldwide -- the government cloud will rely on Google facilities and equipment located only in the United States.
Although commercial providers are scrambling to make their cloud offerings government friendly, the jury is still out on how well commercial products can respond to specific state agency requirements. In Georgia, for example, the state is outsourcing its IT infrastructure to IBM in a move that will essentially create a private cloud for state government agencies. Under the deal, IBM's services must be FISMA compliant, but the federal standard alone doesn't satisfy all of the state's needs.
"Even with that standard, we still have state processes that the providers have to comply with. We had to build those into our solution. So I think when you compare the cloud model that you have today with a private government cloud, that's where some of the questions are raised," Moore said. "Can you customize a public cloud to meet certain requirements you might have around security and privacy of data? Or do you have to do it so much that it makes sense to develop a private cloud?"
Glotzbach said Google will "strive to meet the full set of requirements across federal, state and local government." But he added that agencies will need to standardize their requirements on issues like security and privacy to gain the benefits of cloud computing.
"I think that's one of the challenges that cloud computing faces. A lot of the procedures and policies in place today were designed in a different era of single tenancy and dedicated systems, where any given agency -- whether it be a local government, a state government or the federal government -- would have its own set of policies and procedures," he said.
Some standardization already is under way. For instance, state and local agencies follow U.S. Department of Justice rules for handling some types of sensitive data, he said. And the Obama administration's aggressive push for cloud computing adoption should drive even more progress on the issue.
"One of the agenda items, if you will, going forward between the technology industry and government agencies is to strive for the standardization of those policies, where we can all agree on a common set of criteria for things like background checks for employees working on government applications," Glotzbach said. "Maybe we can do the background check once, and the federal government holds those credentials, and they can be made available to state governments when needed."
Ultimately CIOs say governments are likely to choose a mix of commercial and private cloud services as the concept evolves. Those decisions will revolve around the importance and sensitivity of data and applications.
"If it's business-critical, then I'm going to maintain it because I understand it, and I can control that environment. If it's more of a support function, those are things that I think are very ripe to put in a vendor-based cloud," Theis said. "If you want to stick a component of my HR system in a vendor cloud, I'm not going to have an issue with that. But my Medicaid system or my food stamp system is going to be maintained in my cloud."
Even Kundra, a vocal proponent of using commercial cloud offerings, acknowledges that some data will remain on government servers for the foreseeable future.
"We are approaching [cloud computing] from two different angles. One is information that may be public in nature, that's not classified or sensitive, that could sit in consumer applications. And two, information that may be classified in nature that would have to be in infrastructure that is government owned and operated," Kundra said in a July interview.
For Utah's Fletcher, cloud-based applications will generate more interest than hosted infrastructure. Thanks to the state's ongoing consolidation initiative, Utah already understands the cost of running enterprise services such as e-mail and can beat the price of a hosted solution, Fletcher said.
"What I'd love to see, quite frankly, is an MMIS [Medicaid Management Information System] offered in the cloud, because every state has to have one," he said. "I'd love to pay them on a subscription basis or something like that."
And regardless of where cloud-based services come from -- governments, commercial providers or some mix of both -- CIOs agree the concept is here to stay.
"I do believe that the model is real, and more and more people are adopting it. I do think there is reality to the model," Moore said. "To an extent, all governments really struggle with the same things. Maintaining and operating a sound infrastructure is very difficult in the government environment. I think a lot of people are going to be looking at cloud computing and the solutions that cloud computing has to offer."