Moving out smartly on cloud and modernization
- By David M. Wennergren
- Sep 09, 2019
Hopefully your summer reading list included the Office of Management and Budget's recently released Federal Cloud Computing Strategy, sub-titled "From Cloud First to Cloud Smart." Kudos are in order for Federal CIO Suzette Kent, Federal Deputy CIO Margie Graves and the rest of the OMB team for a (forgive the pun) smart policy that recognizes significant shifts in the market and refocuses federal agencies on priorities that will have direct mission benefit. And even if you didn't get to it while relaxing on the beach, it's worth reading now for its emphasis on new approaches for applications, security, procurement and the workforce -- efforts that will matter far more than past practices of counting data centers.
It's been nine years since OMB issued their Cloud First policy, which in internet time is essentially forever! While initial efforts to move to infrastructure-as-a-service were a good first step, they were just the opening ante on the value proposition of the cloud. Fortunately, the new Cloud Smart policy recognizes that mission outcomes matter most, and I'm excited by a number of ideas in the policy.
First, there's the focus on application rationalization. Even if progress has been made in moving to the cloud, there are still thousands of legacy systems and applications at federal agencies to be addressed. The term of art is "application rationalization" -- recognizing that while every legacy application doesn't need to be tossed out, without a focused plan to address all of these systems, agencies will still have IT budgets skewed to sustaining the old rather than implementing the new. And with the opportunity to now buy "applications as a service," agencies can further optimize performance and manage costs by dynamically managing allocation of machine resources, with pricing based on actual amount of resources consumed by an application when in use.
Merely counting data center reductions doesn't ensure improved outcomes, nor, depending on the size of the facility closed, necessarily result in significant savings. IT Modernization is so much more than infrastructure-as-a-service, and a relentless focus on which legacy applications must be retired, replaced or refreshed is a key focus of the Cloud Smart policy.
Just as compelling as the case for IT modernization is the cybersecurity imperative. The OMB policy highlights the changing nature of cybersecurity in a world where more services are provided by the private sector. As an example, Trusted Internet Connections (TIC) was a great initiative when then-Federal CIO Karen Evans and I championed it over a decade ago. Agencies with thousands of Internet access points and no monitoring were just asking for trouble. However, in a world where off-premise cloud solutions are becoming more the norm, this enclave-based security model was due for a significant overhaul to help encourage cloud adoption rather than serve as a knothole to be overcome.
Even more important is the policy's focus on data layer security. A new area of thought that deserves our attention is Zero Trust Networks. In the era of cloud, rather than focusing security on the perimeter of a network (and allowing open access to those within the network), zero trust presumes no one in the network can be trusted and focuses on strong identity management, continuous authentication and authorization, and data level security. This approach is needed to move from risk aversion to risk management, as well as to accelerate rather than impede the adoption of commercial best practices. If you'd like to read more about zero trust, check out the recent report on Zero Trust Cybersecurity Current Trends that was developed by federal and industry cybersecurity leaders at the request of the Federal CIO Council and is available on the ACT-IAC website.
The cloud smart policy also offers insights on procurement and the workforce. Just as cybersecurity efforts are adopting a risk-based approach, our acquisition efforts must similarly move away from approaches that are imagined to minimize risk but that in reality stifle innovation and speed to market. It's not new news, but it is worth repeating that there are flexibilities in the FAR not taken advantage of often enough, and that service level agreements are crucial, when focused on the smaller set of outcome-based measures that matter.
Finally, issues around reskilling our existing workforce and being an employer of choice in attracting and retaining the workforce of the future must be faced as the "future of work" will be radically different in a world of artificial intelligence, big data and 5G.
To paraphrase a quote often attributed to John Wayne, IT modernization is tough, and it's tougher if you're stupid. The Cloud Smart policy offers some thoughtful ideas on moving away from counting boxes to measuring meaningful results.
David M. Wennergren is the CEO of ACT-IAC, the national non-profit public-private partnership dedicated to advancing the business of government through the application of technology. He has extensive leadership experience in information technology and change management and has served in a number of senior positions, most recently in the private sector as a Managing Director at Deloitte Consulting LLP, Executive Vice President and Chief Operating Officer at the Professional Services Council and a Vice President at CACI International Inc. During his career in government, he served as the Department of the Navy Chief Information Officer, Vice Chair of the U.S. Government’s Federal CIO Council, Deputy Assistant Secretary of Defense for Information Management, Integration and Technology/Deputy Chief Information Officer and Department of Defense (DoD) Assistant Deputy Chief Management Officer.
Mr. Wennergren is a Fellow of the National Academy of Public Administration and a CIO-SAGE at the Partnership for Public Service. He received his B.A. in Communications/Public Relations from Mansfield University, and received the University’s Alumni Citation Award in 2012. He was a recipient of a Secretary of the Navy Civilian Fellowship in Financial Management, culminating in a Master of Public Policy (MPP) from the University of Maryland's School of Public Affairs.
His awards include the Department of Defense Distinguished Civilian Service Award, the Department of the Navy Distinguished, Superior and Meritorious Civilian Service Awards, the Secretary of Defense Meritorious Civilian Service Award, and the Office of the Secretary of Defense Exceptional Civilian Service Award. Other honors include the: 2012 Roger W. Jones Award for Executive Leadership (American University), TechAmerica Terman Award 2010 Government Technology Executive of the Year, Federal CIO Council 2008 Azimuth Award winner, Federal Computer Week 2006 Eagle Award (Government Leader of the Year), 2006 John J. Franke Jr. Award from the American Council for Technology, Government Computer News 2005 Defense Executive of the Year, three Federal Computer Week Fed 100 Awards, Computerworld Premier 100 Award, and 2008 General James M. Rockwell AFCEAN of the Year. A huge believer in the “power of team,” he is also honored to have worked in two organizations that were awarded the Department of the Navy Meritorious Unit Commendation.
Follow David on Twitter: @davewennergren or on LinkedIn: https://www.linkedin.com/in/dave-wennergren-9416956/
Learn more about ACT-IAC at www.actiac.org.