Cloud First, infrastructure later? Hey, Federal IT, no need to wait

Joe McKairnes, November 11, 2015

Are you familiar with the Cloud First policy? For those who are not, it’s a government mandate that demands public sector agencies consider cloud services first for all purchases—a way of ensuring that IT invests in the most efficient, agile and scalable solutions. They’ve also been known to deliver superior customer experiences. We’re coming up on the five-year anniversary of the Cloud First policy and the US government has racked up an impressive list of success stories. MeriTalk, an organization focused on improving outcomes of government IT,  shared two notable results following an in-depth study on the subject:

  • Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) saved $1 million a year after it moved email to the cloud.
  • U.S. Department of Agriculture (USDA) moved email and other functions to private and public clouds, saving $75 million in the first year and anticipates reaching $200 million in cost savings.

According to the watchdog Government Accountability Office, Federal agencies accumulated IT cost savings of $3.6 billion between 2011 and 2014 through data center consolidation and migration to the cloud. It’s fair to say, the Cloud First program is a success. Why not cloud infrastructure? Now that government IT departments have gotten comfortable with the cloud (and have reaped the financial rewards), why then the collective foot-dragging when it comes to moving processes to a cloud infrastructure? In a word, security. No one wants to be tomorrow’s headline for a security breach. When the infrastructure is behind our firewall, we have proven controls to keep everything safe. However, these very controls are often obstacles to deploying new business lines and updating existing ones. Enter FedRAMP, the Federal Risk and Authorization Management Program, a government-wide program that standardizes security assessment, authorization and continuous monitoring for cloud products and services. Vendors like Amazon Web Services (AWS), IBM SoftLayer and GovCloud offer robust cloud infrastructure services that meet FedRAMP’s rigorous security requirements. Now a government-approved, security-compliant cloud infrastructure can be operational in a matter of days. e-SignLive is also in the process of achieving FedRAMP compliance to provide a standardized approach to security assessment, authorization and monitoring for cloud services used by U.S. federal agencies. Savvy vendors in the Federal space recognize they need to be flexible to remove obstacles to doing business. Some offer both SaaS and on-premise solutions (Hybrid)—a distinct advantage when working with legacy systems. Shortening time-to-value is another key advantage of cloud infrastructure. Deploying proof-of-concept (POC) in a non-production cloud environment takes the pressure off IT departments and increases the probability of success when brought into production. New processes can be implemented faster and cheaper than ever before with cloud infrastructure. MeriTalk reports the Recovery Accountability and Transparency Board (RATB) migrated to Infrastructure-as-a-Service (IaaS) on a public cloud, saving $854,800 in the first two years of operation. Cloud infrastructure’s time has come.