Cloud computing as a term was introduced in the late 1990’s and became a viable technology strategy in the late 2000’s. The commercial enterprises were early adopters, along with research institutions of higher education. State government has been lagging in its adoption of this paradigm due to many factors inherent in the environment of public IT, not the least of which are Federal regulations and the public perception of security uneasiness. The hurdles to widespread cloud adoption have largely been cleared and Governments have been moving to cloud computing as the default platforms for new computing projects. This shift is not without struggles along with lessons learned from early adopters.
Although there are now many disciplines that are included in the term cloud computing, I will discuss infrastructure, platform, software, and other “as a service” segments.
State government will be multi-cloud customers embracing multiple commercial solutions from multiple providers on multiple platforms. While commercial enterprises might be able to embrace a Microsoft or AWS as their all-in solution, state government won’t be able to due to the varied practices of all the agencies in the executive branch. With agencies that focus on healthcare, law enforcement, taxes, environment, and education, software solutions are developed on various public and government cloud tenants by the software developers and then states who adopt them also adopt the cloud ecosystem they run on. This further complicates the adoption as agencies will have to specialize in Microsoft or Amazon toolsets and the collective abilities of the state will be spread out instead of centralized. Partnering with specialists, consultants, and migration firms will be the normal course of business. Gone are the days of building large “mainframe-like” resource teams with long tenure doing the same things day after day. The technology stacks and tools evolve almost daily and don’t fit this old style of IT.
Hybrid-Cloud, or the use of a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the platforms, is the strategy the state will use. Government cloud is the destination for workloads that include heavily regulated data like criminal justice, taxpayer and defense. These cloud options include pre-certified US only data centers that help with compliance to federal standards. Commercial cloud could and should be used for all other workloads. The government cloud lags in tool and technology releases and costs more per unit. It is wrong to assume that all state workloads belong in the government cloud just because it has the word government in the name.
Not all cloud technologies will help lead state IT out of the data center business. Private cloud, especially on-premise cloud technologies, are a perfect solution for satisfying the demands of agencies who can’t or won’t allow their data and processing to leave the confines of the state data centers. Benefits in running a cloud stack management over traditional server and SAN architectures include elasticity of workloads, operations automation and orchestration, freedom from vendor and technology silos, and scaling up and down seasonal workloads. Be careful with contract negotiation as a wise plan can save double-digit percentages over traditional workloads. Consider shopping vendors who will provide services via outcome- based models instead of purely technical bits and bytes. Even though the “cloud” will be so close you can touch it, resist the temptation to become hardware brand siloed and focus on the on-premise cloud operations stack. Azure stack is an impressive offering for agencies that could be moved into public cloud after trying their workloads on-premise. Several vendors now specialize in multi-cloud management tools allowing workloads to be moved from on-prem to public cloud and vice-versa. Open tools like OpenStack and Apache CloudStack will continue to be largely ignored in state government due to the lack of partner and consultant support.
So, if public cloud, private cloud, government cloud and hybrid cloud technology is ready for prime-time production workloads, why not lift and shift all of production in a cloud-first strategy? Many of the problems that lead to the delay of government adoption in the early stages remain, including training and workforce deficits. Cloud technologies came to popularity during and after the financial collapse of 2008. Training budgets were slashed as governments began cutting everything that wasn’t critical to operations. Skills went stale as IT departments in state government “hunkered down” to weather the downturn. Now, the best IT folks that don’t already work for you are employed in other industries and are going to have to be recruited away from their current employer; this is not a mode state government operates in. Work has been done by our state to reclassify IT positions to better align with the current technical market, but that will always lag behind developments in IT and is very time consuming and politically costly. How do you attract quality talent, especially in red-hot segments like cybersecurity and data/analytics? The real draw is also what makes my position the most fun job I have ever had - working to make a difference in advancing the state; working with business needs that can only be found in government and the challenges that presents. Once you have a taste of government IT, you see how truly difficult the job is and how rewarding the results are.
"Not all cloud technologies will help lead state IT out of the data center business."
Cloud adoption in any industry requires strong sets of centralized policies around network and security configuration. The 2018 ransomware shutdown of Colorado DOT was due to a cloud VM that was “spun up” without strong security settings baked into the image and almost instantly the VM was compromised. As the training and skills in this area don’t normally exist internally, consider leaning heavily on a cloud migration partner to help with configuration policies and test and audit them often. Consider the cloud destination as an extension of your on-premise data center and make sure tools and administrators are all viable in every mode of cloud employed. This is where the toolsets and vendors will create real “stickiness” as it will become very difficult to change these crucial tools.
As a central IT organization to the state, our services are charged back to the agencies as they consume them. Cloud may help with very granular usage and metering, however the ability for run-away jobs and cloud sprawl to get an agency in budget trouble is very real. If your customer agency allows a VM to consume too many resources or doesn’t have controls in place to keep developers from standing up too many test sessions, then they may not have the budget or encumbrance to pay when the bill comes due. Staying on top of all cloud consumption with transparency to the customer agencies is paramount and not something the state has currently. This also will require new tools and partnerships. Once implemented, these billing management systems will not be easy to leave, so know what divorce looks like prior to getting married.
Procurement of cloud technologies is causing issues for procurement laws that are slow to adopt as a service paradigm. Are cloud technologies a professional service, software subscription, hardware lease or commodity? In some states the answer to this question determines the procurement lane and processes. It will also determine the requirement to buy lowest cost or best fit. Discussions with state procurement and comptroller’s office are needed prior to moving in a strategic direction for cloud-based services. You probably already have SaaS products in your enterprise and you may even discover that they have been procured through different lanes in purchasing and accounting.
Lastly, as you move to workloads that don’t run on your LAN, remember that the state network was probably not designed for five 9’s of availability. Discuss with your cloud providers SLA’s that will line up with your expectations, but keep in mind you will have to provide that level of connectivity to the providers. If you are asking for 99 percent availability, can you provide 99 percent availability to your customers?
Will you include cloud aggregators, direct connection or large-scale VPN to reach cloud centers? Watch out for the charge differences between the connection types and try to formulate an all-in cost model. If the cloud provider has no charge ingress but charges for egress over VPN, then that would dictate heavy egress workloads would be expensive in this model. Backup-type workloads would be ideal instead since they are majority ingress and only use egress during a disaster recovery scenario. This variance doesn’t fit well into government budget models; the preference is for fixed cost models.
It is time for state governments to move to cloud technologies, but that is going to require retraining, new partnerships and a focus on network connectivity and resiliency.