The Cloud presents a great opportunity to reduce cost while increasing performance. Many federal agencies are moving past selecting an Infrastructure as a Service Provider (IaaS) and are wrestling with the challenge of actually achieving value from the cloud. Recent Request for Information/Sources Sought Notices (RFI/SSN) back this assertion as topics move to transition and multi-cloud environments. Conversations with agency cloud practitioners and procurement officials reveal the need for good, simple advice that help them move forward.
We have developed the golden rules to make the most of your cloud investment and implementation. On the surface many of these ideas may seem obvious, but the rate of Cloud Implementation failure suggests otherwise. After over 30 years in the Information Technology (IT) business, I find it is useful to put the golden rules in place as an organization builds their plan from the onset.
1. Start with a Cloud Center of Excellence (CCoE): Like most major IT investments that result in significant agency change, we recommend the stand up of a cross cutting CCoE with the charter, governance, leadership, expertise and clout necessary to achieve results. The CCoE should include a Program Management Office (PMO) to manage the financial, change, communications, technical and operational challenges associated with cloud implementations.
2. It’s still IT Infrastructure: Just like any Federal IT program, the same rules around governance and security still apply - with increased complexity and accelerated timelines. Make sure your CCoE PMO can work across the organization to get things done quickly.
3. Look beyond the technology: Successful cloud implementations go beyond simply ordering infrastructure as a service (IaaS) from a cloud service provider. Your cloud ecosystem should include Cloud Management Platforms, Disaster Recovery solutions, Governance and Compliance Monitoring tools and professional services to ensure success. As you move past IaaS, your ecosystem can be expanded to include Artificial/Machine Intelligence and Platform/Software as a Service.
4. Change management is important: Implementing the cloud involves the movement of sandpiles. Turf battles inevitably emerge. To avoid last minute confusion and standoffs, make sure a robust change management function is part of the PMO.
5. Start small and gain success incrementally: Most organizations that achieve cloud success avoid high risk, big bang multi-application transitions and start with one or two simple use cases to build organizational knowledge. As knowledge is gained, more use cases are added to the mix.
6. It is all about saving money: As you consider use cases, your cloud strategy needs to consider the total cost of ownership (TCO) implications of your investments and determine the right mix of cloud and on-premise data centers.
7. Watch out for Vendor lock in: Sometimes it is harder to get your data out of the cloud than putting it in – especially if your cloud instances accumulate data over time. Make sure you have the ability to move your data with a Disaster Recovery strategy that includes agnostic Cloud Data Management.
8. There is more to cloud security than FedRamp: FedRamp ≠ Authority to Operate (ATO). Federal agencies still need to go through the risk management framework to gain an ATO. Make sure your PMO has cloud security experts that can successfully navigate the RMF process. Conversely, an ATO may be gained for services that reside on premise or on your cloud-based instances, so don’t let FedRamp be a barrier to a really valuable cloud-based service.
9. Avoid putting all of your cloud eggs into one basket: The cloud market is advancing at a rapid pace with new capabilities being introduced daily. To maximize flexibility and minimize cost/performance risk, consider a cafeteria style multi-award procurement for cloud products and services.
10. Don’t forget about the Trusted Internet Connection (TIC): Cloud-based high volume solutions may require a significant amount of bandwidth that quickly overwhelms your agency's TIC. Make sure your support contractor has significant experience in working with the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) to successfully virtualize the TIC.
11. Stay out of the lake: Immediately implementing a data lake is like renting a storage locker; stuff builds up and you end up paying for storing things you do not need. Your data management strategy needs to consider the data specific to the use cases you are solving.
12. Maximize your Hybrid Edge: Optimizing traffic across a dispersed geographic area that can span multiple Internet Point of Presence (PoPs) is critical to the delivery of cloud-based Enterprise solutions. When paired with requirements to provide scaleable and elastic back-end computing, integration between on-premise, Cloud environments and Content Delivery Networks is required. The CCoE needs to include a Hybrid Edge approach.
For many agencies, transitioning to the Cloud can be a high-risk endeavor but following these protocols greatly increases success. Transformational change creates upheaval and does not happen overnight. Hopefully the golden rules of cloud implementation offer a starting point for you as you begin your journey to the cloud.
Rick Hill is a senior executive, consultant and engineer with over 30 years’ experience as a cloud, cybersecurity and infrastructure expert. His most satisfying work involves helping clients navigate convoluted problems, guiding teams and providing personalized solutions