Sunday, June 17, 2012

CLOUD COMPUTING, THE NEXT IT REVOLUTION


FROM:  U.S. GENERAL SERVICES ADMINISTRATION
Statement of Dr David McClure "The Next IT Revolution? Cloud Computing Opportunities and Challenges"

STATEMENT OF
Dr. David McClure
Associate Administrator
Office of Citizen Services and Innovative Technologies
General Services Administration
BEFORE THE
HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE
SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION
September 21, 2011
"The Next IT Revolution? Cloud Computing Opportunities and Challenges"
Chairman Quayle and Members of the Subcommittee:
Thank you for the opportunity to appear before you today to discuss the General Service
Administration's (GSA) leadership role in ongoing efforts to enable and accelerate adoption of cloud computing across the federal government. Cloud adoption is a critical component of the Administration’s plan to improve management of the government’s IT resources. The reforms underway are enabling agencies to use information more efficiently and effectively, delivering improved mission results at lower cost.

Cloud computing offers a compelling opportunity to substantially improve the efficiency, agility and performance of the federal information technology portfolio. It allows agencies to pay only for the resources they use in response to fluctuating demand, avoid the expenses of building and maintaining costly IT infrastructure, and control the appropriate level of security for data and applications. Cloud computing is also a key technology for achieving cost effective IT. In fact, agencies have already started to realize numerous benefits as they begin to adopt cloud computing across their programs. These include cost reduction, faster deployment of systems and applications, increased productivity, greater flexibility and scalability and improved self-service capabilities. As agencies consolidate and virtualize their data centers, cloud provides an ideal path forward to achieve needed results while substantially lowering costs – an essential focus given federal budget constraints.

GSA is playing a leadership role in facilitating easy access to cloud-based solutions from
commercial providers that meet federal requirements, enhancing agencies’ capacity to analyze viable cloud computing options that meet their business and technology modernization needs, and reducing barriers to safe and secure cloud computing. We are developing new cloud computing procurement options with proven solutions that leverage the government’s buying power, ensuring effective cloud security and standards are in place to lower risk, and identifying and leveraging government-wide uses of cloud computing solutions such as email.

These are highlighted on our web page Info.Apps.gov, which provides useful information about cloud computing and available solutions. The Administration’s efforts to apply rigor to information technology management and foster cloud adoption is framed by several key guidance documents and policies, including the OMB 25 Point Implementation Plan to Reform Federal Information Technology Management and the Federal Cloud Computing Strategy issued by the federal CIO’s office. The initiatives being implemented in response to these documents are making significant progress tackling long standing challenges in the way IT is acquired and managed. These reforms are also meeting the Administration’s goals to make government more responsive, operationally effective, cost efficient, transparent, participatory, collaborative, and innovative for the citizens it serves.

The Subcommittee asked that I address the four questions outlined below.
(1) Please provide an overview of how the General Services Administration (GSA) is
implementing the Office of Management and Budget’s (OMB) 25 Point Implementation
Plan to Reform Federal Information Technology Management, the OMB Federal Data
Center Consolidation Initiative, and the Federal Chief Information Officer’s Federal
Cloud Computing Strategy. GSA plays a central role in realizing the goals set forth in the Administration’s initiatives and strategies to reform IT management, consolidate data centers and implement cloud computing  Below are the primary initiatives underway to achieve the policy goals of Data Center Consolidation, the Cloud Computing Strategy and the specific objectives of the 25 Point Plan. Below is an overview of the work we are conducting to support specific objectives of the Federal IT Reform Strategy. Each objective of the 25 Point IT Reform Plan for which GSA is directlyresponsible is identified in bold; the specific section is in parenthesis.Complete detailed implementation plans to consolidate at least 800 data centers by 2015.

(#1)
Create a government-wide marketplace for data center availability (#2)
The Federal Data Center Consolidation Initiative (FDCCI), managed jointly by GSA and OMB, is charged with reversing the federal government’s explosive data center growth to optimize and improve efficiency of federal IT infrastructure. The FDCCI is chartered to engage with agencies, support and facilitate agency data center consolidation planning, and to provide tools to federal partners.

Under the FDCCI, GSA is accomplishing the following:
Working with a government-wide task force co-chaired by DHS and DOI that meets
monthly and includes representatives from all 24 CFO Act agencies.

Assisting agencies to maximize the return on investments for data centers to remain in
their inventory after consolidation Ensuring consistent data collection of the federal data center inventory by developing
and disseminating standard templates to collect, manage, and analyze agency data
center inventory data.

Collaborating with industry on best practices and solutions for key data center
consolidation issues. Developing a comprehensive data center Total Cost Model for agencies to use to
analyze alternative consolidation scenarios, enable data-driven decision-making for
infrastructure cost and performance optimization.

Pursuing development of a data center marketplace that would help optimize
infrastructure utilization across government by matching agencies with excess
computing capacity with those that have immediate requirements. A working group is
addressing consensus-building, requirements gathering, and other key facets necessary
to ensure the marketplace’s success. Stand up contract vehicles for secure IaaS solutions

(#4)
IT infrastructure represents a multi-billion dollar investment that requires constant maintenance, expensive technology upgrades, and dedication of valuable personnel. Agencies are faced with outdated infrastructure requiring ongoing, major investments to keep pace with growing demand and rapidly changing technology. Servers across both government and industry are highly underutilized. To address these issues, GSA’s Federal Acquisition Service (FAS) established a Blanket Purchase Agreement (BPA) with 12 companies (many with multiple partners) that offer cloud storage, computing power, and cloud-based website hosting as commodity services that enable agencies to optimize their infrastructure and achieve substantial, long-term cost savings.

Under these Infrastructure as a Service (IaaS) contracts, agencies pay only for what they need, define performance requirements, have the flexibility to respond to changing demands, benefit from commodity pricing, and are assured of secure solutions. At present, four contractors are offering services under the BPA, with the remaining completing the security authorization process. DHS has recently awarded a task order under this BPA for the consolidation and migration of its public facing websites to a cloud hosting service. Stand up contract vehicles for commodity services

(#5)
Working closely with email and collaboration experts from across government, GSA developed a government-wide contract vehicle to help agencies move email and collaboration solutions to the cloud. The Email as a Service (EaaS) BPA is an active procurement managed by FAS; responses are currently being evaluated. It will offer federal customers a streamlined procurement vehicle to commercially available cloud email solutions that best fits their agency's needs. Based on information from Forrester Research, average cost savings for agencies migrating to cloud-based email are expected to be $11/mailbox/month, $1 million in annual savings for every 7,500 users, or approximately 44% over existing on-premise email solutions.

The BPA will offer a range of email services in public, private, and highly secured clouds,
making available robust, feature-rich, secure email and collaboration service options similar to those currently being implemented at GSA, USDA, USAID, DOE, and other agencies. It can meet the needs of the 15 agencies that have identified 950,000 e-mail boxes they plan to move to the cloud under the Administration’s IT Reform effort. Launch an interactive platform for pre-RFP agency-industry collaboration

(#25)
To streamline the procurement process and enhance communication with industry, GSA is
establishing "cross-trained" program teams and improving the way requirements are defined. GSA is working to establish an interactive platform for pre-RFP agency-industry collaboration. Based on input from government and industry, alternatives for design and delivery of an online collaboration tool have been examined and rated. Candidates for the tool included existing government systems and commercial collaboration tools.

GSA not only is fostering adoption of cloud computing government-wide, but as required under the Cloud First policy, has recently completed a major cloud migration of our internal email and collaboration solution that demonstrates the significant potential of cloud solutions to achieve substantial cost savings. In approximately seven months, we moved 17,000 users to Google Apps for Government. Savings over the next five years are projected to be over $15M. Not only have we reduced costs, but we have also made significant gains in environmental sustainability – we shut down 45 servers, which is equivalent to taking 60 cars off the road. The lessons learned from our cloud implementation have been captured and are being shared with agencies across the government as they seek to achieve similar success.

2. Please provide an overview of the costs associated with implementing these plans at
GSA, and provide a description of both the short-term and long-term budgetary impacts of these changes. To date, GSA’s Federal Cloud Computing Initiative has been funded under the e-Government program administered by the Federal Chief Information Officer. In FY10 and FY11 GSA’s Federal Cloud Computing Initiative (FCCI) Program Management Office (PMO) budget of $4.8 million was allocated to five primary tasks:

Establish procurement vehicles that allow agencies to purchase IT resources as
commodities - resulting in the award of the Infrastructure as a Service (IaaS) Blanket
Purchase Agreement under GSA Schedule 70.

Address security risks in deploying government information in a cloud environment -
resulting in the development of the Federal Risk Authorization Management Program
(FedRAMP)

Establish a procurement vehicle that allows agencies to purchase cloud-based e-mail
services - resulting in the issuance of the Email as a Service (EaaS) procurement that is
currently underway

Work with agencies to consolidate their data center asset - resulting in the Federal Data
Center Consolidation Initiative that works with agencies to inventory their data center
assets and to identify targets for consolidation and optimization

Create apps.gov, an on-line storefront that provides access to over 3,000 cloud-based
products and services where agencies can research solutions, compare prices and
place on-line orders using GSA’s eBuy system.

This initial funding provided by the e-Gov Fund allowed GSA to accomplish significant results. However, there are key activities that still need to be accomplished to realize the significant, additional potential cost savings and productivity improvements that GSA can help agencies achieve. The continuation of these cost-saving initiatives is dependent on FY12 eGov Fund budget levels and decisions.

3. What cybersecurity steps is the GSA taking to protect federal data and communications in the cloud? To what extent does GSA work with NIST on the development of cybersecurity standards for federal cloud computing use?

The primary goal of the Administration’s Cloud First policy is to achieve widespread practical use of secure cloud computing to improve operational efficiency and effectiveness of government. Currently, each agency typically conducts its own security Certification and Accreditation (C&A) process for every system it acquires, leading to unnecessary expense, duplication and inconsistency. According to the 2009 FISMA report to Congress, agencies reported spending $300M on C&A activities alone. Working in close collaboration with DHS, NIST, DoD and OMB and the Federal CIO Council,
GSA is leading establishment of the Federal Authorization Risk Management Program
(FedRAMP) to accelerate adoption of secure cloud solutions by agencies across government.

Key benefits include:
Provides a single, consistent security risk assessment and authorization that can be
leveraged across agencies – an "approve once, and use often" approach

Establishes a common set of baseline security assessment and continuous monitoring
requirements using NIST standards

Approves and makes available qualified, independent third party assessors, ensuring
consistent assessment and accreditation of cloud solutions and based on NIST’s proven
conformity assessment approach

Shifts risk management from annual reporting under FISMA to more robust continuous
monitoring, providing real-time detection and mitigation of persistent vulnerabilities and
security incidents.

There is strong support and demand for FedRAMP from agencies seeking to adopt cloud
services, as required by the Administration’s Cloud First policy, and from industry. FedRAMP's processes, policy, governance, and technical security standards have all been arrived at via a consensus-based approach that includes agencies’ Chief Information Security Officers, the Federal CIO Council, National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DoD), National Security Agency (NSA), and numerous industry organizations. This new program is expected to be initially launched this Fall.

4. What other challenges face federal agencies in adopting cloud computing services,
and what steps is the GSA taking to overcome these challenges?
Considerable progress has been made in adopting successful cloud solutions. Cloud computing’ is now an accepted part of the federal IT lexicon. However, there continues to be a need for more thorough understanding of the cloud’s deployment models, unique security implications, and data management challenges. Agency executives should not focus on cloud technology itself; rather, they should focus on the desired outcome driving the need for cloud adoption.

CIOs need to work with their line of business executives and program managers to develop and deploy effective cloud roadmaps that address pressing agency mission needs, taking into account costs savings and expected performance improvements. Agencies should analyze business needs and identify cloud solutions that best fit their requirements by making cloud adoption part of an overall IT portfolio management and sourcing strategy. NIST is currently working on a Cloud Computing Technology Roadmap that will be released in November. If linked to cloud provider products and services, it would greatly assist in this decision-making.

Cultural resistance is also a major challenge. Cloud adoption requires moving away from
managing physical assets to buying services. As GSA’s own experience has shown, these
issues can be effectively addressed. Critical success factors include robust communication,
practical training and emphasis on the benefits of cloud, and especially on the control agencies gain by buying what they need and defining performance metrics that are tied to desired performance results. GSA found that having a group of early adopters fostered buy-in and enthusiasm, and provided a ready corps of skilled users.

Conclusion
Mr. Chairman, General Services Administration is leading the Administration’s charge to make government more open, transparent, and effective for the citizens it serves. In our increasingly data-centric and network-based world and workplace, effective and efficient procurement and implementation of information technology will be paramount in making sure the federal government closes the IT performance gap between it and the private sector. Cloud computing and data center consolidation are key initiatives that should be pursued aggressively to achieve needed costs savings and improve effectiveness of government operations.

Thank you for the opportunity to appear today. I look forward to answering questions from you and members of the Subcommittee.







Search This Blog

Translate

White House.gov Press Office Feed