Cloud brokers: Simplifying complexity

The Obama administration’s cloud-first strategy, data center consolidation directive, and security certification process for cloud products and services all point agencies toward greater cloud adoption. Indeed, the policies and programs that seek to spark cloud acceptance are now largely in place. What’s lacking, however, is a definitive statement on how to coordinate cloud resources. Over time, agencies will likely end up juggling their own private clouds, public clouds provided by companies such as Amazon and multiple software-as-a-service (SaaS) offerings.

As a result, the concept of the cloud broker has emerged as a way to deal with increasingly complex cloud environments. A cloud broker, also called a cloud services brokerage, basically creates a buffer between the customer and the cloud solutions.

Bob Bohn, cloud program manager at the National Institute of Standards and Technology, said a broker “can take a complex situation for a consumer and make it manageable.”

Why it matters

Agencies have begun to explore the cloud broker model. Last year, the General Services Administration and the Defense Information Systems Agency issued requests for information to learn more from industry about cloud brokers.

GSA has received voluminous feedback. Stanley Kaczmarczyk, acting director of GSA’s Center for Strategic Solutions and Security Services, said the agency’s RFI had garnered 79 responses and 1,467 pages of material as of December 2012.

“With that amount of data, it is important to understand that the responses covered the spectrum of possibilities from ‘This is a good idea’ to ‘Try something else,’” Kaczmarczyk said. “However, a significant majority of responses have viewed some concept of a cloud brokerage as positive.”

Jamcracker, a company that provides brokerage solutions, has submitted responses to both the GSA and DISA RFIs, said Steve Crawford, the company’s vice president of marketing and business development. He said those agencies’ interest in cloud brokers is a logical outcome of the cloud-first policy.

“It is almost kind of an exponential problem as you scale up the number of different cloud services you are using,” Crawford said. “You are increasing the complexity of how you manage that.”

The cloud deployment challenge involves dealing with different billing relationships, consolidating demand across various pockets of an organization and optimizing license management, Crawford said.

“I think what GSA and DISA have done is really kind of wake up the IT market in general in terms of how [to] adopt this cloud model from an IT delivery perspective,” he added.

Crawford said he expects to see many cloud broker pilot projects in 2013 and full-scale broker rollouts in 2014.

The fundamentals

In 2011, NIST defined cloud broker functions as part of its Cloud Computing Reference Architecture and noted that a cloud broker “manages the use, performance and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.”

In one scenario, the broker’s role would focus on provisioning cloud services in a streamlined fashion by offering customers a single source through which to acquire cloud services from multiple providers.

Brokers could also go beyond that level of service by pulling together offerings from a variety of cloud providers and crafting a custom solution. Bohn said cloud providers individually might fall short of providing a solution that meets a customer’s unique needs, “but if you took service provider one and service provider two and service provider three and mixed and matched their services together, you could get a really nice mashup.”

Market researcher Gartner, meanwhile, describes a cloud broker’s primary functions as aggregation, integration and customization. Aggregation is essentially the service provisioning role, while integration and customization move brokers higher up the value chain.

Some agencies choose to be their own cloud brokers. The Energy Department’s National Nuclear Security Administration, for example, launched a cloud services brokerage called YOURcloud. Anil Karmel, NNSA’s deputy chief technology officer, said YOURcloud is built on Los Alamos National Laboratory’s Infrastructure on Demand (IOD), a hybrid cloud broker created through a collaborative effort with industry.

IOD “acts as a single control plane across both on-premise private clouds and commercial cloud service providers, giving users of the service a single point to manage and provision both servers and services,” Karmel said.

As a result, YOURcloud “shortens the server provisioning process from months to minutes,” said Travis Howerton, NNSA’s CTO. It also simplifies data center consolidation and hosts SaaS applications across the agency’s distributed environment, he added.

In another in-house move, the Defense Department designated DISA as its cloud broker in June 2012, asking DISA to make it easier to “navigate, integrate, consume, extend and maintain cloud services,” according to a DOD memo.

At the other end of the spectrum, agencies could opt to fully outsource the broker function. Companies such as Appirio, Cloud Sherpas and Infosys are among the vendors offering such services.

Or an agency could opt for a middle ground of maintaining responsibility for the broker function but outsourcing specific tasks to contractors. For example, DISA’s RFI asks for industry help in shaping a broker business model and says contractors might perform activities such as managing and monitoring the performance of cloud services.

GSA also plans to maintain a degree of control over the broker function even as it solicits industry input. Kaczmarczyk said brokers could help drive down costs while providing federally approved offerings and common technical services across multiple cloud services.

However, “this doesn’t mean that we would give up any of our inherently governmental functions, including governance, technical requirements, information security and contracting,” he added.

The hurdles

Government officials face a couple of key questions as they consider the cloud broker model. The most obvious: Does an agency need such a service?

Glenn Weinstein, CIO at Appirio, said government agencies lag behind the commercial sector in the adoption of multiple cloud solutions and, therefore, have less of a need for brokers.

“We are still not at the point...where we are seeing widespread adoption of individual point cloud solutions” at federal agencies, he said.

However, if an agency decides its cloud holdings require a broker, a three-pronged question arises: Is it best to go it alone, seek contractor support or fully outsource the broker function?

Arguments for the self-service approach include the ability to house all the agency’s data in an internal cloud and maintain close oversight of security, Crawford said.

Vic Berger, principal technologist at reseller Affigent, said the choice hinges on the level of expertise in a given organization. In that regard, service provider agencies such as DISA “would be much better prepared to be their own brokers versus another organization,” he said.

The key disadvantage of the fully in-sourced brokerage is the time and effort it takes to accumulate the technical expertise required to run a brokerage. “There is a learning curve in becoming a cloud broker,” Crawford said. “If you want to get this up and running quickly, this is going to be a challenge.”

“In every kind of cutting-edge marketplace, your time to market is extremely long when you try to do it yourself,” said Joe Brown, president of Accelera Solutions, a virtualization solutions provider.

Moreover, professionals with skills that are in high demand tend to move on to other jobs, which puts agencies in the position of continually replacing knowledge developed internally, Brown said.

Total outsourcing — that is, turning to a public cloud broker — speeds up the process but results in reduced oversight. “The issue is you have less direct control over the security policies associated with how that public cloud brokerage is operating,” Crawford said.

Agencies can try to split the difference. A contractor-supported government broker offers a potential way to balance control and time-to-market considerations.

Agencies will have to make a choice at some point. Right now, they work directly with cloud service providers or resellers to acquire individual cloud services such as e-mail, Kaczmarczyk said. But though that approach has worked for first adopters, it won’t prove viable in the long run.

“This is not a sustainable method for government to procure cloud because it treats each engagement as a silo,” Kaczmarczyk said. “A cloud brokerage provides a method to eliminate duplication of cloud acquisition, standardize cloud services, recognize commodity pricing and keep pace with technology.”