4 steps to take before buying cloud services

How can agency managers set realistic expectations within their organizations before moving to cloud-based services?

“My suggestion is plan, plan, plan for the cloud,” Wolf Tombe, chief technology officer within the Customs and Border Protection’s Office of Information Technology, told attendees at a cloud computing conference.

“It is incredibly important to get past the hype about the cloud,” Tombe said during a session at the Cloud and Virtualization Conference and Expo Sept. 9 in Washington, D.C. The conference was sponsored by 1105 Media Inc., parent company of Government Computer News.

Agency managers have to do their homework and bring themselves up to speed with which cloud capabilities will realistically work within their organizations, Tombe said.

Related coverage:

Pay off your private cloud -- by sharing it

Here is what he recommended.

1. Have serious talks with the vendors. CBP is focusing on a hybrid approach to cloud computing, implementing a private cloud for mission-critical applications and hosting its public-facing website with a cloud provider. CBP’s Office of International Trade is working with partners to host a collaborative site in the cloud, Tombe said.

There are applications that are easy wins moving to the cloud, such as e-mail and collaboration tools, he said. However, when it comes to “your custom-generated applications, you really want to have a number of conversations with various cloud vendors,” Tombe said. “Those will be enlightening.” 

2. Define "cloud." Ask the vendors for their definition of the cloud, Tombe said; he noted they will probably ask you what your definition is.

CBP adheres to the National Institute of Standards and Technology’s definition. Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction from the service provider.

3. Focus on the SLA. Next ask vendors about their service-level agreements. If they can’t ensure they will work for no outages or downtime for maintenance or upgrades within the SLA, find another vendor.

Closely scrutinize their security controls and certification: Are they compliant with Federal Information Security Management Act at the low, moderate or high security levels? Most agencies with mission critical data will want the high level of security, he said.

4. Think about the problem resolution process. Find out what are the vendors’ monitoring capabilities and what visibility will they give you into your applications. If they don’t want to give you any visibility, walk away, Tombe said. Another important aspect to focus on is a vendor's capabilities for problem resolution. Will it take weeks? That doesn’t align with a cloud environment, which is supposed to be agile, he noted.

“Here is the key part: Take everything that works and all your requirements and put them in your contract,” Tombe said. Enter into a performance-based contract that rewards vendors for doing great and punishes them for failure.

The need for business-centric, service-level agreements was a theme that ran through the key presentations given earlier in the day by Bajinder Paul, deputy associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies. Having the right service-level agreements is critical for cloud computing, Paul said, noting that he expects his service providers to give hard numbers so he can verify that they are meeting their objectives.

“At the end of the day nothing works more powerfully than financial incentives,” Paul said.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Tue, Sep 13, 2011

Uh, how about a mention of FEDRamp?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group