The Capital Beltway is 64 miles of interstate surrounding Washington, D.C. Shaped as a loop (hence the “belt”), the Beltway has an outer circle and inner circle and runs contiguously with other major interstates. Unless you’ve driven on it, you may not know that the highway is typically congested with never-ending construction projects, poor driving maneuvers (i.e., diplomats), and predictable bumper-to-bumper-traffic.
However, it’s the talk within the Beltway regarding cloud computing that is more stagnant than the traffic on the Beltway.
It seems that the majority of agency officials within the beltway are often not up-to-speed with the current state of the cloud, or the appropriate models for cloud computing. Those within the Beltway mostly regard the cloud as a static model or entity – merely an IT resource located outside their physical building that is consistent and unchanging.
In order for government to properly implement its Cloud First policy (an initiative to reform operational efficiencies by adopting cloud technologies), it must understand the nuances of cloud computing and consumption models. An example of this lack of understanding is apparent when considering the abysmally slow cloud adoption rate; the federal government currently uses about three-quarters of its $80 billion annual IT budget on maintaining out-of-date legacy systems. This highlights the main reason for the slow adoption of cloud security by the government.
Understanding cloud computing means the government must first differentiate between private cloud and public cloud and know their options. Once this understanding firmly takes root within the Beltway, on Capitol Hill, and across the government IT sector, federal enterprises may begin getting the most out of cloud technology and reap the benefits of viable and secure cloud solutions.
Let’s take a look at the differences among the capabilities offered by public cloud offerings and those of the private cloud and offer an alternative to the way the government thinks about cloud computing.
For too long, the government has relied on the public cloud; there are elements of the public cloud that are cause for concern in the public sector. This cloud is designed as a pay-per-use model and as an elastic compute cloud (an expansion and contraction means of storing data, processing applications, and general computing), it allows unlimited capacity and quick access to shared resources.
Public cloud does not necessarily suffice for the government’s needs; however, it does allow a necessary degree of flexibility, which is often desirable, but for the government, public cloud should not be seen as a service – it should be a commodity.
When digging into the details of public cloud, the disadvantages become more apparent. Consider the following points:
Extracting data from the cloud can prove to be an insurmountable challenge. Since the data does not exist on one machine, this can be a tricky scenario – particularly when handling sensitive government information. Even if the data exists in an encrypted state today, it is not safeguarded against the decryption methods of tomorrow. Ironically enough, the reason the feds are paranoid about cloud security is because of the public cloud itself.
Its unpredictability in regard to handling data in a secure fashion can be potentially devastating, as it could open services up to threats and hackers from across the globe.
Though the government tends to be thrifty with cloud resources, they are unaware of the financial shortcomings of the public cloud. The hidden cost model often associated with the public cloud is the total cost of ownership. By using an elastic scale of computing, the government is being charged for usage – and the cost of bandwidth can go up. Think of it like your electricity bill; as usage rises, so does the utility fee. Again, this illustrates the unpredictability of public cloud. The public cloud cost model makes things difficult for agencies operating on a budget to have a predictive cost analysis on the total cost of ownership.
Additionally, there are the costs associated with having the on-staff expertise to architect, configure, and manage public cloud systems as well as bringing those systems up to the minimum security compliance standards set by the government.
Private cloud solutions resolve the foremost issues of the public cloud. It presents the same capabilities and flexibility as a public cloud offering, but also provides the peace of mind of cost control, security optimization, knowing where the data resides, and the ability to retrieve data at any time.
When hosted on-site or in a private hosting environment, private clouds offer security, privacy, management, control, and data accessibility capabilities the public cloud simply does not.
Private cloud siloes off data and technology updates from other users, so that clients who are dedicated to one network are separated from other users not in their network.
Environmental isolation is a major benefit of private cloud, as it provides another layer of abstraction through dedicated resources, keeps data private, and allows for an underlying infrastructure that has been security hardened.
With private cloud, government agencies can work with a cost-predictive model; all fees are built in, all rates are flat. This mitigates any total cost of ownership (TCO) issues, as it eliminates hidden costs and provides users a fixed price model – no more budget guessing or maintaining dedicated system administrator.
Depending on the hosting partnership an agency works with, they can also achieve compliance standards necessary to operate. Having this authorization through a private provider who already is compliant can save the government a significant amount of time and money, and equals a faster time to market.
A hybrid cloud does not necessarily give you the best of both worlds.
“Hybrid cloud” is a new IT hot topic inside the Beltway. Such an infrastructure entails a combination of on-site equipment and managed hosting services. This way, agencies can keep sensitive data on premise, but can burst applications publicly when needed.
In reality, this addition of extra capacity at commodity prices is not as beneficial as one would think. A hybrid cloud defeats the purpose of cloud. After all, the idea behind the cloud – and particularly the Cloud First initiative – is the removal of in-house hardware and overhead (and the costs associated with them). Mixing elements of the public infrastructure with private management does not eliminate hardware erosion, security issues, and the nearly $60 billion spent annually on equipment maintenance.
Which Option is Better?
The government’s misunderstanding of the detriments of public cloud and benefits of private cloud, leaves many agencies inside and outside the Beltway asking, “Which is better for my organization, a public or private cloud?”
Considering the time, money, and effort put into government IT, such direct questions deserve direct answers. We need to be clear about cloud computing for the government:
To meet the cloud computing needs of the federal government, your agency needs to move away from commodity-based solutions and look toward managed private solutions architected for security, capability, and support.
To learn more about how Contegix can help you with your FedRAMP cloud solutions, contact us.