Potential users and providers should try to match their needs as closely as possible, top IT managers say.
Even though emerging efforts such as the Federal Risk and Authorization Management Program are simplifying the government's use of the cloud, shared services that are based in the cloud can still be tricky for agencies, according to two top IT managers from agencies that provide such services.
Federal efforts to evolve shared-services platforms can yield cost efficiencies and greater security, but they can also result in divergent demands and other difficulties, said Zachary Goldstein, deputy CIO at the National Oceanic and Atmospheric Administration.
Joe Paiva, executive director of virtual lifetime electronic records at the Department of Veterans Affairs, said agencies should carefully consider the funding of the agency providing a service and ensure that the potential provider has some shared interests.
Both men spoke at AFCEA Bethesda's May 8 breakfast panel on delivering shared services.
Goldstein said NOAA is a longtime provider of shared services and makes weather data and models widely available for companies and other federal agencies. The VA shares medical information services with the Defense Department.
When services are provided and used among agencies with complementary operations and needs, they work well because those agencies have similar demands and expectations, Goldstein said. However, if an agency higher up the ladder uses the same service, he said, "there's a different dynamic." The demands of the larger or higher-level agency won't mesh as well. But even peer agencies can have duties and responsibilities that are too divergent for a good fit, he added.
Those differences make a one-size-fits-all approach to services difficult, he said.
FedRAMP's third-party assessment organizations, which help cloud service providers and government agencies comply with security regulations, was an early win for agencies looking to implement the services. However, FedRAMP can create unrealistic expectations, Goldstein said.
The program's "authorization packages aren't shortcuts to the hard work of qualifying [products and services] for your organization," he said.
Not only should potential users and providers try to match their needs as closely as possible, they should also look at their respective budgets while doing so, Paiva said. Getting services from an agency that might not have the budget to support them is a possible pitfall, he added.
Despite the caveats, Paiva and Goldstein said shared services inject speed and agility into agencies' operations, and Paiva lamented that some basic management services aren't being more widely shared.
"We could do a lot more," he said, adding that some accounting and human resource services such as payroll could be provided across a number of agencies via a shared platform.
NEXT STORY: FirstNet CIO builds up his shop