Feedback to the US OMB Office of the Federal Chief Information Officer
Regarding the Proposed “Cloud Smart” Federal Strategy
Submitted by HPE.
The proposed Federal “Cloud Smart” strategy is a great initiative to help the US Federal Agencies understand cloud computing and how to adopt cloud in an effective fashion. This strategy is something that is sorely need by the US Federal Agencies. However, the document, as currently written, continues to lag behind the current best practices for cloud adoption. The document still embraces old practices and misconceptions that are no longer valid and need to be re-assessed and evaluated.
The first action item is to properly define what “Cloud” is. This concept is not well defined in the document. One common misconception is that cloud can only be offered by a third party. The implication that cloud only comes from a third party is simply not true. The reality is that any IT organization can (and should) provide cloud services to its internal users. Another item to keep in mind is that cloud is not always data center focused. Workloads and applications are also at the Edge of today’s Hybrid IT landscape.
The fact that IT organizations can provide their own private cloud services is an important fact because it leads into a key point: The world is Hybrid. It is no longer an either “on-premise” (i.e. “on-prem”) or “off-premise” (i.e. “off-prem”) equation. Hybrid IT reflects the notion that each and every IT organization has an “estate” of environments that they need to choose from and manage. At a high level, the Hybrid IT “estate” is composed of the following three basic environments: Legacy, On-Prem Cloud, and Off-Prem Cloud. Every IT organization should think about their new IT environment as being made up by these three components. Therefore, the key to success becomes the ability to effectively and rationally decide and choose which applications/workloads properly belong in each one of these environments.
In addition to the strategy being “Hybrid”. The strategy should also be “Multi-Cloud”. The “Multi-Cloud” aspect of the strategy reflects the notion that not all Cloud Service Providers (CSPs) are the same. Each CSP will have a portfolio of services which will offer different suitability to the different applications owned by the Federal Agencies. Therefore, the agencies should be cognizant of this fact an endeavor to find the CSP who offers the best fit of the given application. From an education and workforce enablement point of view – the Cloud Smart policy should address that fact that all “clouds” and/or CSPs are not created equal. Meaning just because someone advertises a FedRamp Cloud service – that doesn’t mean the implemented cloud architecture is compatible with others. Likewise for a private cloud implementation. But that is the point of agencies starting with private cloud – not only for application and workload rationalization – but to ensure they understand the underlying architecture and any potential portability and compatibility “gotchas”.
The ability to properly evaluate workloads and to effectively place these workloads in the right environments is paramount for a successful cloud policy. Many IT organizations, including their executive leaders, are under the false impression that Public Cloud is always better than an on-prem environment. We know from experience that this is not the case. In many cases the applications are simply not ready to take advantage of the key features of the cloud such as auto-scaling. In some other cases, applications are inexorably linked with other applications and databases making migrations extremly complex and difficult. For these reasons and others, not all applications will be suited for the public cloud. In general terms, this becomes a greater issue the older the organizations is. The reason for this is that, the older the reorganization, the older the applications it is running. The older applications typically present greater challenges regarding their suitability for the cloud. This fact applies to most of the US Federal Agencies who are working with applications that were developed decades ago.
From all of this, we realize that the path to a successful cloud strategy is to pursue a Hybrid IT strategy that includes legacy, on-prem cloud and off-prem cloud. The critical success factor is the ability to evaluate the applications and to correctly decide in which environment they belong. More than anything else, the ability to do this right will dictate the success for the cloud strategy of the Agency. Conducting a careful Application Assessment requires the following important attributes: First, the application migration must be based on a set of criteria. The criteria is the way in which the organization will evaluate the suitability of the application for the cloud. Second, the criteria must be assigned weights which will quantify the criteria and allow for a rational comparison and decision making process. The criteria and the weights assigned to the criteria items will be unique to each agency, but should include basic/ common parameters such: Cost, security, latency, and agility. Third, for applications that are found suitable for the cloud, their suitability should be evaluated across a number of potential Cloud Service Providers as each CSP has different characteristics and services which offer varying degree of suitability for the agency’s workloads.
In conclusion, only by following a strategy like the one outlined above will the US Federal Agencies be able to find success in their use of the Cloud.
Feedback to the US OMB Office of the Federal Chief Information Officer Regarding the Proposed “Cloud Smart” Federal Strategy Submitted by HPE.
The proposed Federal “Cloud Smart” strategy is a great initiative to help the US Federal Agencies understand cloud computing and how to adopt cloud in an effective fashion. This strategy is something that is sorely need by the US Federal Agencies. However, the document, as currently written, continues to lag behind the current best practices for cloud adoption. The document still embraces old practices and misconceptions that are no longer valid and need to be re-assessed and evaluated.
The first action item is to properly define what “Cloud” is. This concept is not well defined in the document. One common misconception is that cloud can only be offered by a third party. The implication that cloud only comes from a third party is simply not true. The reality is that any IT organization can (and should) provide cloud services to its internal users. Another item to keep in mind is that cloud is not always data center focused. Workloads and applications are also at the Edge of today’s Hybrid IT landscape.
The fact that IT organizations can provide their own private cloud services is an important fact because it leads into a key point: The world is Hybrid. It is no longer an either “on-premise” (i.e. “on-prem”) or “off-premise” (i.e. “off-prem”) equation. Hybrid IT reflects the notion that each and every IT organization has an “estate” of environments that they need to choose from and manage. At a high level, the Hybrid IT “estate” is composed of the following three basic environments: Legacy, On-Prem Cloud, and Off-Prem Cloud. Every IT organization should think about their new IT environment as being made up by these three components. Therefore, the key to success becomes the ability to effectively and rationally decide and choose which applications/workloads properly belong in each one of these environments.
In addition to the strategy being “Hybrid”. The strategy should also be “Multi-Cloud”. The “Multi-Cloud” aspect of the strategy reflects the notion that not all Cloud Service Providers (CSPs) are the same. Each CSP will have a portfolio of services which will offer different suitability to the different applications owned by the Federal Agencies. Therefore, the agencies should be cognizant of this fact an endeavor to find the CSP who offers the best fit of the given application. From an education and workforce enablement point of view – the Cloud Smart policy should address that fact that all “clouds” and/or CSPs are not created equal. Meaning just because someone advertises a FedRamp Cloud service – that doesn’t mean the implemented cloud architecture is compatible with others. Likewise for a private cloud implementation. But that is the point of agencies starting with private cloud – not only for application and workload rationalization – but to ensure they understand the underlying architecture and any potential portability and compatibility “gotchas”.
The ability to properly evaluate workloads and to effectively place these workloads in the right environments is paramount for a successful cloud policy. Many IT organizations, including their executive leaders, are under the false impression that Public Cloud is always better than an on-prem environment. We know from experience that this is not the case. In many cases the applications are simply not ready to take advantage of the key features of the cloud such as auto-scaling. In some other cases, applications are inexorably linked with other applications and databases making migrations extremly complex and difficult. For these reasons and others, not all applications will be suited for the public cloud. In general terms, this becomes a greater issue the older the organizations is. The reason for this is that, the older the reorganization, the older the applications it is running. The older applications typically present greater challenges regarding their suitability for the cloud. This fact applies to most of the US Federal Agencies who are working with applications that were developed decades ago.
From all of this, we realize that the path to a successful cloud strategy is to pursue a Hybrid IT strategy that includes legacy, on-prem cloud and off-prem cloud. The critical success factor is the ability to evaluate the applications and to correctly decide in which environment they belong. More than anything else, the ability to do this right will dictate the success for the cloud strategy of the Agency. Conducting a careful Application Assessment requires the following important attributes: First, the application migration must be based on a set of criteria. The criteria is the way in which the organization will evaluate the suitability of the application for the cloud. Second, the criteria must be assigned weights which will quantify the criteria and allow for a rational comparison and decision making process. The criteria and the weights assigned to the criteria items will be unique to each agency, but should include basic/ common parameters such: Cost, security, latency, and agility. Third, for applications that are found suitable for the cloud, their suitability should be evaluated across a number of potential Cloud Service Providers as each CSP has different characteristics and services which offer varying degree of suitability for the agency’s workloads.
In conclusion, only by following a strategy like the one outlined above will the US Federal Agencies be able to find success in their use of the Cloud.