Can PaaS carve out its place in the federal cloud?

Platform as a service promises significant savings of both time and money. The biggest names in cloud computing all offer PaaS solutions — as do countless providers that specialize in everything from mapping to content management to mobile app development. A few offerings already comply with the Federal Risk and Authorization Management Program, and a 2013 survey of federal IT professionals found that 95 percent believed their agency would benefit from migrating to PaaS.

So why is PaaS still mysterious to so many?

Partly it’s been a matter of structure and security. Many of the most popular early PaaS solutions, such as Heroku and Engine Yard, were available only in the public cloud, limiting their practical appeal for most federal agencies. Today, however, a wide array of PaaS providers offer private enterprise versions, while Pivotal’s Cloud Foundry and Red Hat’s OpenShift also come in downloadable, open-source versions that can be hosted locally or in a user’s own cloud.

A more significant challenge, however, might be pinning down what qualifies as PaaS. While software as a service (SaaS) is now a familiar concept and the paired pressures of FedRAMP and data center consolidation have put infrastructure as a service (IaaS) on most agencies’ radar, PaaS remains something of the muddle in the middle — more easily defined by what it isn’t than what it is.

The National Institute of Standards and Technology has detailed the differences between PaaS and its sibling services (see below), but it boils down to this: In addition to virtualized and easily scalable hardware, PaaS provides a ready-to-use suite of code libraries, change-management tools and other application-building resources that the provider installs and maintains.

That toolkit, combined with the convenience of not having to install and tune the core software stack, promises to slash deployment times and clear the way for more agile and API-driven development.

Federal Communications Commission CIO David Bray said PaaS lets agencies “ideally begin to build up this library of reusable modules, much like a quilt,” so that functions such as user authentication or map-based data visualization can be built once and then used by many different systems. “Then in the future, if Congress...or the president asks us to do something, it’s not a matter of building a system from scratch.”

The FCC is actively moving toward PaaS, Bray said. Once the agency shifts its servers offsite in December and January, the next step will be to move its data into a common data platform. And from there, he said, “we will use our [PaaS] to have that catalog of different modules.”

The FCC is not alone. “There are some early adopters scattered throughout government,” Bray said, particularly in the Defense Department and the intelligence community. However, PaaS remains aspirational for many agencies. In the 2013 survey (a Red Hat-sponsored MeriTalk study) that showed overwhelming belief in the benefits of PaaS, just 12 percent of respondents said they were already using it. And although 71 percent said they were at least considering a transition to PaaS, a recent search of FedBizOpps found just one solicitation in the past year that explicitly called for PaaS.

Other IT leaders said the slow embrace likely reflects uncertainty — not about PaaS’ potential benefits but about most agencies’ specific needs and the type of developer skills that will be available.

Compared to IaaS, “PaaS has a greater degree of ease and efficiency, but it also comes with a significant loss of freedom,” one agency’s senior developer said. “The needs [can be] so diverse that paying for and committing to a platform as a service doesn’t make a lot of sense right now.”

A year to 18 months down the road, “once things settle down a bit,” the developer added, “that’s when we would commit to PaaS.”

And even when an agency is prepared to zero in on a particular platform, there’s still the small matter of payment. With the operation and maintenance of legacy systems consuming 70 percent or more of agency IT budgets, there’s precious little money available to try something new — particularly when a PaaS investment cannot be directly tied to a mission system.

“That’s why we have to make the case to Congress for the initial investment” in PaaS, the FCC’s Bray said. “We need that little bit of breathing room so that we get out of the existing legacy model. Otherwise, the legacy model is just going to get more and more expensive.”