Jim Warren is chief information officer of the <a href="http://www.recovery.gov/Pages/home.aspx" target="_blank"Recovery, Accountability and Transparency Board.
He tells Fed Cloud Blog all about why they decided to make the move.
FCB: Where do you see cloud taking you in the future?
JW: After performing a formal feasibility study to confirm our assessment that our migration into cloud would provide substantial, tangible and intangible benefits, the decision to make the move was all but trivial.
It’s important to note that our decision to move was completely rooted in business optimization. In fact, it wasn’t until after the migration that we learned that we were the first governmentwide information system to successfully migrate to the public cloud environment, which is a major milestone for the government. . . . We expect to save approximately $750,000 over the next 18 months, with even more savings expected to follow. The Board intends to repurpose more than a million [dollars] in computer equipment to the accountability mission, which will strengthen our Recovery Operations Center by allowing for increased tracking of stimulus dollars.
Furthermore, the move to the cloud environment has freed up Board staff resources, allowing us to focus more in improving and displaying richer content on Recovery.gov.
Finally, the cloud model provides efficiency for operating the website, allowing rapid expansion or contraction of resources on an as-needed basis, and ensuring availability and a high-quality experience for our users.
Now, as far as challenges — timing and resource management were our two largest obstacles of migrating into the public cloud infrastructure. Given the technical approach we used, and the contingency options at hand, my team and I were quite confident that our movement to the cloud would be a very low-risk move.
FCB: As you said, you’re the first governmentwide system, really, to move to the cloud. Have you gotten a lot of attention from other agencies who have come to you and said, ‘Hey, how’d you do it?’ What has the reaction been?
JW: The minute the federal [CIO] made that announcement and the press releases hit, I had several agencies contacting me. . . . We are currently in the process of providing guidance and materials, artifacts and lessons learned to several other organizations.
FCB: Speaking of those lessons learned, can you maybe go over two or three? Is there anything you can pass as a best practice or lessons learned?
JW: From a lessons learned perspective, I’m not sure we had any negative lessons. The move was well-orchestrated. We had contingency options along the way, [such as] a COOP site in place.
The official date for our migration to the cloud was actually far sooner than what was publicized because we had flipped back and forth between the COOP site, exercising it to make sure that when we went to full production . . . that Recovery.gov would stay alive. We did that transition numerous times back and forth between COOP and production and, quite frankly, no one in the world knew.
So, we had nothing but a very pleasurable experience in making the migration.
FCB: [Speaking of] challenges, was there anything specific, now that you’ve been on the cloud, that you’re seeing that has really stood out? Are there [issues] you will have to deal with in the future? Anything that surprised you?
JW: Well, not really. There’s some benefits that we knew we would gain that I’m looking at now, like the elasticity, for instance. The performance in the cloud has just been phenomenal, and the elasticity of our provider is just phenomenal.
But what I do not have a firm grasp of yet is performance management of a contractor that utilizes a cloud model.
Because we are the first out there, these methodologies and techniques for providing the performance management simply don’t exist, at least to my knowledge. There are some loose frameworks, but I have not seen anything concrete enough that we could use it.
To give you an example, if you look at a security control evaluation, for instance, using Special Publication 853-A by NIST — how do you really use that in a cloud environment? Do we rely on the service provider to perform security for us?
So, we’re still trying to put our arms around some of the security components and security oversight [and] even though the contract covers that well, and we are FISMA compliant and we do have an authority to operate . . . we’re continuing to optimize the business and we just want to make sure that we’re getting value management and performance management, and we also want to implement good security practices.