Exec Tech

Cloud brokers: Simplifying complexity

Cloud computing icon

As cloud adoption grows, so does the complexity of the acquisitions. Cloud brokers can help ease the path. (Stock image)

The Obama administration’s cloud-first strategy, data center consolidation directive, and security certification process for cloud products and services all point agencies toward greater cloud adoption. Indeed, the policies and programs that seek to spark cloud acceptance are now largely in place. What’s lacking, however, is a definitive statement on how to coordinate cloud resources. Over time, agencies will likely end up juggling their own private clouds, public clouds provided by companies such as Amazon and multiple software-as-a-service (SaaS) offerings.

As a result, the concept of the cloud broker has emerged as a way to deal with increasingly complex cloud environments. A cloud broker, also called a cloud services brokerage, basically creates a buffer between the customer and the cloud solutions.

Bob Bohn, cloud program manager at the National Institute of Standards and Technology, said a broker “can take a complex situation for a consumer and make it manageable.”

Why it matters

Agencies have begun to explore the cloud broker model. Last year, the General Services Administration and the Defense Information Systems Agency issued requests for information to learn more from industry about cloud brokers.

GSA has received voluminous feedback. Stanley Kaczmarczyk, acting director of GSA’s Center for Strategic Solutions and Security Services, said the agency’s RFI had garnered 79 responses and 1,467 pages of material as of December 2012.

“With that amount of data, it is important to understand that the responses covered the spectrum of possibilities from ‘This is a good idea’ to ‘Try something else,’” Kaczmarczyk said. “However, a significant majority of responses have viewed some concept of a cloud brokerage as positive.”

Jamcracker, a company that provides brokerage solutions, has submitted responses to both the GSA and DISA RFIs, said Steve Crawford, the company’s vice president of marketing and business development. He said those agencies’ interest in cloud brokers is a logical outcome of the cloud-first policy.

“It is almost kind of an exponential problem as you scale up the number of different cloud services you are using,” Crawford said. “You are increasing the complexity of how you manage that.”

The cloud deployment challenge involves dealing with different billing relationships, consolidating demand across various pockets of an organization and optimizing license management, Crawford said.

“I think what GSA and DISA have done is really kind of wake up the IT market in general in terms of how [to] adopt this cloud model from an IT delivery perspective,” he added.

Crawford said he expects to see many cloud broker pilot projects in 2013 and full-scale broker rollouts in 2014.

What's next

Technology leaders at the Energy Department’s National Nuclear Security Administration anticipate the following developments in the cloud broker arena:

  •  Technical innovation. Vendors will develop the ability to dynamically and securely move workloads between cloud service providers, which is essential for boosting cloud adoption, said Anil Karmel, NNSA’s deputy chief technology officer.
  •  Changes in business models. Vendors will aggregate and sell multiple cloud offerings to consumers as a service so they can change the customer’s relationship from one-to-one to one-to-many, Karmel said.
  •  Shared agency brokers. NNSA officials want other agencies to be able to take advantage of its YOURcloud broker, said Chris McFearin, an IT specialist at NNSA. Therefore, the agency used the Federal Risk and Authorization Management Program’s standardized approach to security assessment as a benchmark and are seeking provisional authorization for YOURcloud under FedRAMP. It’s a trend that other agencies are likely to follow.

The fundamentals

In 2011, NIST defined cloud broker functions as part of its Cloud Computing Reference Architecture and noted that a cloud broker “manages the use, performance and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.”

In one scenario, the broker’s role would focus on provisioning cloud services in a streamlined fashion by offering customers a single source through which to acquire cloud services from multiple providers.

Brokers could also go beyond that level of service by pulling together offerings from a variety of cloud providers and crafting a custom solution. Bohn said cloud providers individually might fall short of providing a solution that meets a customer’s unique needs, “but if you took service provider one and service provider two and service provider three and mixed and matched their services together, you could get a really nice mashup.”

Market researcher Gartner, meanwhile, describes a cloud broker’s primary functions as aggregation, integration and customization. Aggregation is essentially the service provisioning role, while integration and customization move brokers higher up the value chain.

Some agencies choose to be their own cloud brokers. The Energy Department’s National Nuclear Security Administration, for example, launched a cloud services brokerage called YOURcloud. Anil Karmel, NNSA’s deputy chief technology officer, said YOURcloud is built on Los Alamos National Laboratory’s Infrastructure on Demand (IOD), a hybrid cloud broker created through a collaborative effort with industry.

IOD “acts as a single control plane across both on-premise private clouds and commercial cloud service providers, giving users of the service a single point to manage and provision both servers and services,” Karmel said.

As a result, YOURcloud “shortens the server provisioning process from months to minutes,” said Travis Howerton, NNSA’s CTO. It also simplifies data center consolidation and hosts SaaS applications across the agency’s distributed environment, he added.

In another in-house move, the Defense Department designated DISA as its cloud broker in June 2012, asking DISA to make it easier to “navigate, integrate, consume, extend and maintain cloud services,” according to a DOD memo.

At the other end of the spectrum, agencies could opt to fully outsource the broker function. Companies such as Appirio, Cloud Sherpas and Infosys are among the vendors offering such services.

Or an agency could opt for a middle ground of maintaining responsibility for the broker function but outsourcing specific tasks to contractors. For example, DISA’s RFI asks for industry help in shaping a broker business model and says contractors might perform activities such as managing and monitoring the performance of cloud services.

GSA also plans to maintain a degree of control over the broker function even as it solicits industry input. Kaczmarczyk said brokers could help drive down costs while providing federally approved offerings and common technical services across multiple cloud services.

However, “this doesn’t mean that we would give up any of our inherently governmental functions, including governance, technical requirements, information security and contracting,” he added.

The hurdles

Government officials face a couple of key questions as they consider the cloud broker model. The most obvious: Does an agency need such a service?

Glenn Weinstein, CIO at Appirio, said government agencies lag behind the commercial sector in the adoption of multiple cloud solutions and, therefore, have less of a need for brokers.

“We are still not at the point...where we are seeing widespread adoption of individual point cloud solutions” at federal agencies, he said.

However, if an agency decides its cloud holdings require a broker, a three-pronged question arises: Is it best to go it alone, seek contractor support or fully outsource the broker function?

Arguments for the self-service approach include the ability to house all the agency’s data in an internal cloud and maintain close oversight of security, Crawford said.

Vic Berger, principal technologist at reseller Affigent, said the choice hinges on the level of expertise in a given organization. In that regard, service provider agencies such as DISA “would be much better prepared to be their own brokers versus another organization,” he said.

The key disadvantage of the fully in-sourced brokerage is the time and effort it takes to accumulate the technical expertise required to run a brokerage. “There is a learning curve in becoming a cloud broker,” Crawford said. “If you want to get this up and running quickly, this is going to be a challenge.”

“In every kind of cutting-edge marketplace, your time to market is extremely long when you try to do it yourself,” said Joe Brown, president of Accelera Solutions, a virtualization solutions provider.

Moreover, professionals with skills that are in high demand tend to move on to other jobs, which puts agencies in the position of continually replacing knowledge developed internally, Brown said.

Total outsourcing — that is, turning to a public cloud broker — speeds up the process but results in reduced oversight. “The issue is you have less direct control over the security policies associated with how that public cloud brokerage is operating,” Crawford said.

Agencies can try to split the difference. A contractor-supported government broker offers a potential way to balance control and time-to-market considerations.

Agencies will have to make a choice at some point. Right now, they work directly with cloud service providers or resellers to acquire individual cloud services such as e-mail, Kaczmarczyk said. But though that approach has worked for first adopters, it won’t prove viable in the long run.

“This is not a sustainable method for government to procure cloud because it treats each engagement as a silo,” Kaczmarczyk said. “A cloud brokerage provides a method to eliminate duplication of cloud acquisition, standardize cloud services, recognize commodity pricing and keep pace with technology.”

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Mon, Jan 14, 2013

A problem that will slow the governments move to the cloud is that some agencies don't understand the definition of broker or what a cloud broker is. A broker matches a requirer to a provider. That is what a cloud broker does with a set of business rules and a technology solution to manage the transactions. Unfortunately, some government agencies are focusing on cloud brokerage as a governance opportunity and a means to redeploy a currently irrelevant and bloated workforce. A broker doesn't determine the requirement and they don't tell the requirer how they will do business. If agencies don't get that, the move to the cloud will be a slow and painful process. There is an opportunity for in-process governance and once an agency has completed the move, opportunities for consolidation and normalization will be apparent (rationalization). The cloud broker mission is not people heavy and is not an opportunity to build the next empire.

Tue, Jan 8, 2013 testpilot DC

Dwindling technical knowledge in the company is another cloud cost that may be overlooked when migrating to cloud services. Cloud providers don't provide the full-service of a single POC and all of the technical and architectural knowledge that a company needs to manage the service contract. Companies that outsource their infrastructure and admins to the cloud eventually lose the system architects too. A broker can make sure that services align with business needs and argue for effective remediation when service levels aren't met.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above