Suzette Kent
Executive Office of the President
Office of Management and Budget (OMB)
Office of the Federal Chief Information Officer
725 17th Street NW, Washington, DC 20503
ofcio@omb.eop.gov
Subject: Response to Request for Comments on 2018 Federal Cloud Computing Strategy
Dear Suzette Kent and Members of the OMB Office of the Federal Chief Information Officer: Since the Cloud First policy was released in 2011 the federal government has made tremendous progress in establishing policies and momentum towards scalable information technology and mission modernization. On behalf of Salesforce, we applaud the Office of the Federal Chief Information Officer’s continuous efforts to reach the cloud modernization tipping point that is palpable across CFO Act Agencies. Thank you for the diligent, iterative efforts that will lay the foundation for sustainable operating model changes across the Federal IT community. These comprehensive efforts which range from ATO reform, TIC reform, workforce transformation, and best practice sharing will allow the Federal Government to rapidly bridge the gap between commercial and Government cloud adoption rates. Salesforce is the global leader in Customer Engagement CRM (customer relationship management) SaaS and high productivity application platform as a service (hpaPaaS) solutions, delivering cloud platforms that empower agencies to connect with and service citizens and employees in engaging and powerful new ways. As a cloud leader in CRM SaaS and hpaPaaS solutions, we appreciate the opportunity to share recommendations derived from our efforts in supporting enterprise modernization across CFO Act Agencies and Fortune 100 companies over the past 24 months. Enclosed you will find three major themes along with the associated Cloud Smart action, details, and key recommendations that we respectfully suggest. Salesforce is happy to provide more details and engage in further discussion as requested. Please contact me at Redacted or Redacted with any questions you may have.
Sincerely,
Dave Rey
EVP, North America Public Sector Enclosure
Recommendations
Theme #1: Increase Impact of Cloud Adoption Best Practices by Linking Cloud Smart to Customer Experience (CX) Policy and Efforts
Associated Cloud Smart Action - #2: The Chief Information Officers Council will work with the Office of Management and Budget, the General Services Administration, and agency and private industry experts to develop methods for optimizing agency usage of cloud services. Details: In calendar year 2018, Salesforce has observed first-hand the pace at which the OMB and GSA Centers of Excellence effort has expedited mission and IT modernization at the Department of Agriculture (USDA). In less than one year, USDA has completely transformed the way they provide (once fragmented) services to their customers via the single front door, farmers.gov portal. By linking Secretary Purdue’s goal to become the most customer-centric Agency in Government with cloud migration and IT modernization efforts, USDA has proven that real mission modernization can be achieved in unprecedented time frames. More specifically, this vision provides a repeatable framework for omni-channel citizen engagement, and collaborative digital service delivers personalized modern customer experiences and the most efficient government operations as possible. In fact, this complete end-to-end architecture satisfies the key requirements of the 21st Century Integrated Digital Experience Act requirements for going paperless, delivering a single web experience, providing enterprise search, automating entirely digital services, visualizing data driven decisions, and native mobile experiences. Key Recommendations:
• Create a strong linkage between Cloud Smart policies and OMB / GSA Centers of Excellence operating model.
• Continue to scale the Customer Experience successes that have been achieved at USDA and update Cloud Smart policies with Customer Experience objectives (E.g. “Single Front Door” concept of CX modernization).
Theme #2: Move Up the Stack and Establish a SaaS First Cloud Policy Framework
Associated Cloud Smart Action – General and #10, 14: (10) The Information Technology Category Manager and Cloud Solutions Category Team will work with the Office of Management and Budget to contribute to the portal in Action 1 to centralize information about cloud initiatives and resources for procurement. (14) The Office of Management and Budget and the General Services Administration will create, or leverage existing, cross-government working groups to identify agency Service Level Agreements not addressed by existing commercial industry offerings specific to unique government requirements. Details: Choosing the appropriate cloud service can be daunting due to ambiguity and industry noise about options. Agencies are often so focused on managing, scaling, and troubleshooting legacy systems that they have few resources for innovation. As a result, many organizations that are unsure about which type of cloud services to use make the mistake of simply lifting and shifting legacy applications to Infrastructure as a Service (IaaS) offerings. The question that is core to cloud modernization success is, “what is the right mix of cloud services for
my agency”? Instead of just lifting and shifting architecture to the cloud, cloud leaders map applications to the most appropriate cloud service, whether SaaS (replace), hpaPaas (rebuild via configuration), PaaS (rebuild via code), or IaaS (rehost).
According to Gartner, Software as a Service (SaaS) remains the largest segment of the cloud market, with revenue expected to grow 22.2 percent to reach $73.6 billion in 2018. Gartner expects SaaS to reach 45 percent of total application software spending by 2021. In line with these SaaS market trends, global cloud leaders have implemented a “SaaS First” approach to cloud strategy. This ensures that SaaS solutions are evaluated for any major cloud investment to provide the enterprise with an opportunity to assume maximum business value and least technology risk. As more SaaS solutions are deployed to drive Customer Experience improvement, the OCIO organization within an Agency can transition to higher value activities. Key Recommendations:
• Implement a “SaaS first” principle and cloud decision model to guide Agencies away from a “lift and shift” focus and towards global best practice of considering SaaS technologies first for every cloud investment to implement solutions with out of the box business value.
• Tailor SLA and other security (e.g., logging) best practices to the appropriate cloud service model to ensure that best-practices and standards are fit-for-purpose.
Theme #3: Begin to Establish Preferred Target State Cloud Service Providers for SaaS, hpaPaaS, PaaS, iPaaS, and IaaS to Simplify Cloud Architecture Standards Associated Cloud Smart Action – General and #7: The Office of Management and Budget will work with the General Services Administration to expedite the authorization of low risk Software-as-a-Service offerings through the effective implementation of FedRAMP Tailored. They will also work to revise FedRAMP and FedRAMP Tailored as necessary to expand adoption. Details: Quite often, Federal Agencies leverage the FedRAMP website as a marketplace to shortlist their cloud service provider (CSP) selection. The authorized marketplace concept has provided Agencies with a tremendous resource to get started; however, this challenges those same Agencies to confidently move from shortlist to named CSP. In the same vein, we recognize the importance of FedRAMP Tailored and the opportunities for smaller niche SaaS providers that it provides. However, there are concerns that the FedRAMP marketplace can drive suboptimal cloud investment decisions in lieu of other CSP selection guidance. Global cloud leaders empower the “SaaS First” cloud strategy referenced above and map cloud modernization opportunities to mission capabilities such as “Manage Customer Service” or “Manage Recruiting”. They then select cloud service providers according to the following criteria: out-of-the-box business capabilities, technical fit / ease of integration, and vendor viability (often in this order). Vendor viability becomes critically important for Agencies to avoid “vendor lock out” and to invest in CSPs that will continue to provide innovative releases (e.g., Salesforce provides seamless releases 3x per year with innovative new features included such as Artificial Intelligence) that will stand the test of time. Additionally, vendor viability scores should be inclusive of the Independent Software Vendor ecosystem to ensure that additional capabilities, natively build on platforms strategic to government service delivery, are available via application marketplaces and that leverage the compliance already managed by the CSP. This opens up the ability for many more companies to more easily deliver extensions of CSP capabilities
without being hindered by the large investments required to satisfy unique market compliance needs. Key Recommendations:
• Provide vendor viability rating for FedRAMP marketplace solutions to make buyers aware of annual revenue guidance and vendor size prior to acquiring cloud solutions.
• Provide links to evaluation resources for FedRAMP marketplace solutions to include Gartner Magic Quadrant, Forrester ratings, etc.
• Build in “SaaS First” decision model tool into FedRAMP.gov website to influence SaaS first cloud adoption.
October 24, 2018
Suzette Kent Executive Office of the President Office of Management and Budget (OMB) Office of the Federal Chief Information Officer 725 17th Street NW, Washington, DC 20503 ofcio@omb.eop.gov
Subject: Response to Request for Comments on 2018 Federal Cloud Computing Strategy
Dear Suzette Kent and Members of the OMB Office of the Federal Chief Information Officer: Since the Cloud First policy was released in 2011 the federal government has made tremendous progress in establishing policies and momentum towards scalable information technology and mission modernization. On behalf of Salesforce, we applaud the Office of the Federal Chief Information Officer’s continuous efforts to reach the cloud modernization tipping point that is palpable across CFO Act Agencies. Thank you for the diligent, iterative efforts that will lay the foundation for sustainable operating model changes across the Federal IT community. These comprehensive efforts which range from ATO reform, TIC reform, workforce transformation, and best practice sharing will allow the Federal Government to rapidly bridge the gap between commercial and Government cloud adoption rates. Salesforce is the global leader in Customer Engagement CRM (customer relationship management) SaaS and high productivity application platform as a service (hpaPaaS) solutions, delivering cloud platforms that empower agencies to connect with and service citizens and employees in engaging and powerful new ways. As a cloud leader in CRM SaaS and hpaPaaS solutions, we appreciate the opportunity to share recommendations derived from our efforts in supporting enterprise modernization across CFO Act Agencies and Fortune 100 companies over the past 24 months. Enclosed you will find three major themes along with the associated Cloud Smart action, details, and key recommendations that we respectfully suggest. Salesforce is happy to provide more details and engage in further discussion as requested. Please contact me at Redacted or Redacted with any questions you may have. Sincerely, Dave Rey EVP, North America Public Sector Enclosure
Recommendations Theme #1: Increase Impact of Cloud Adoption Best Practices by Linking Cloud Smart to Customer Experience (CX) Policy and Efforts Associated Cloud Smart Action - #2: The Chief Information Officers Council will work with the Office of Management and Budget, the General Services Administration, and agency and private industry experts to develop methods for optimizing agency usage of cloud services. Details: In calendar year 2018, Salesforce has observed first-hand the pace at which the OMB and GSA Centers of Excellence effort has expedited mission and IT modernization at the Department of Agriculture (USDA). In less than one year, USDA has completely transformed the way they provide (once fragmented) services to their customers via the single front door, farmers.gov portal. By linking Secretary Purdue’s goal to become the most customer-centric Agency in Government with cloud migration and IT modernization efforts, USDA has proven that real mission modernization can be achieved in unprecedented time frames. More specifically, this vision provides a repeatable framework for omni-channel citizen engagement, and collaborative digital service delivers personalized modern customer experiences and the most efficient government operations as possible. In fact, this complete end-to-end architecture satisfies the key requirements of the 21st Century Integrated Digital Experience Act requirements for going paperless, delivering a single web experience, providing enterprise search, automating entirely digital services, visualizing data driven decisions, and native mobile experiences. Key Recommendations: • Create a strong linkage between Cloud Smart policies and OMB / GSA Centers of Excellence operating model. • Continue to scale the Customer Experience successes that have been achieved at USDA and update Cloud Smart policies with Customer Experience objectives (E.g. “Single Front Door” concept of CX modernization). Theme #2: Move Up the Stack and Establish a SaaS First Cloud Policy Framework Associated Cloud Smart Action – General and #10, 14: (10) The Information Technology Category Manager and Cloud Solutions Category Team will work with the Office of Management and Budget to contribute to the portal in Action 1 to centralize information about cloud initiatives and resources for procurement. (14) The Office of Management and Budget and the General Services Administration will create, or leverage existing, cross-government working groups to identify agency Service Level Agreements not addressed by existing commercial industry offerings specific to unique government requirements. Details: Choosing the appropriate cloud service can be daunting due to ambiguity and industry noise about options. Agencies are often so focused on managing, scaling, and troubleshooting legacy systems that they have few resources for innovation. As a result, many organizations that are unsure about which type of cloud services to use make the mistake of simply lifting and shifting legacy applications to Infrastructure as a Service (IaaS) offerings. The question that is core to cloud modernization success is, “what is the right mix of cloud services for my agency”? Instead of just lifting and shifting architecture to the cloud, cloud leaders map applications to the most appropriate cloud service, whether SaaS (replace), hpaPaas (rebuild via configuration), PaaS (rebuild via code), or IaaS (rehost). According to Gartner, Software as a Service (SaaS) remains the largest segment of the cloud market, with revenue expected to grow 22.2 percent to reach $73.6 billion in 2018. Gartner expects SaaS to reach 45 percent of total application software spending by 2021. In line with these SaaS market trends, global cloud leaders have implemented a “SaaS First” approach to cloud strategy. This ensures that SaaS solutions are evaluated for any major cloud investment to provide the enterprise with an opportunity to assume maximum business value and least technology risk. As more SaaS solutions are deployed to drive Customer Experience improvement, the OCIO organization within an Agency can transition to higher value activities. Key Recommendations: • Implement a “SaaS first” principle and cloud decision model to guide Agencies away from a “lift and shift” focus and towards global best practice of considering SaaS technologies first for every cloud investment to implement solutions with out of the box business value. • Tailor SLA and other security (e.g., logging) best practices to the appropriate cloud service model to ensure that best-practices and standards are fit-for-purpose. Theme #3: Begin to Establish Preferred Target State Cloud Service Providers for SaaS, hpaPaaS, PaaS, iPaaS, and IaaS to Simplify Cloud Architecture Standards Associated Cloud Smart Action – General and #7: The Office of Management and Budget will work with the General Services Administration to expedite the authorization of low risk Software-as-a-Service offerings through the effective implementation of FedRAMP Tailored. They will also work to revise FedRAMP and FedRAMP Tailored as necessary to expand adoption. Details: Quite often, Federal Agencies leverage the FedRAMP website as a marketplace to shortlist their cloud service provider (CSP) selection. The authorized marketplace concept has provided Agencies with a tremendous resource to get started; however, this challenges those same Agencies to confidently move from shortlist to named CSP. In the same vein, we recognize the importance of FedRAMP Tailored and the opportunities for smaller niche SaaS providers that it provides. However, there are concerns that the FedRAMP marketplace can drive suboptimal cloud investment decisions in lieu of other CSP selection guidance. Global cloud leaders empower the “SaaS First” cloud strategy referenced above and map cloud modernization opportunities to mission capabilities such as “Manage Customer Service” or “Manage Recruiting”. They then select cloud service providers according to the following criteria: out-of-the-box business capabilities, technical fit / ease of integration, and vendor viability (often in this order). Vendor viability becomes critically important for Agencies to avoid “vendor lock out” and to invest in CSPs that will continue to provide innovative releases (e.g., Salesforce provides seamless releases 3x per year with innovative new features included such as Artificial Intelligence) that will stand the test of time. Additionally, vendor viability scores should be inclusive of the Independent Software Vendor ecosystem to ensure that additional capabilities, natively build on platforms strategic to government service delivery, are available via application marketplaces and that leverage the compliance already managed by the CSP. This opens up the ability for many more companies to more easily deliver extensions of CSP capabilities without being hindered by the large investments required to satisfy unique market compliance needs. Key Recommendations: • Provide vendor viability rating for FedRAMP marketplace solutions to make buyers aware of annual revenue guidance and vendor size prior to acquiring cloud solutions. • Provide links to evaluation resources for FedRAMP marketplace solutions to include Gartner Magic Quadrant, Forrester ratings, etc. • Build in “SaaS First” decision model tool into FedRAMP.gov website to influence SaaS first cloud adoption.