Cloud brokers, the sequel

By John Moore

By John Moore

|

The broker definition continues to evolve as new roles emerge and cloud deployments become more complex.

Shutterstock image (by Lightspring): businessman hanging from a cloud concept image.

(Image: Lightspring / Shutterstock)

Agency managers began grappling with the cloud brokerage concept in 2011. At the time, the idea was that brokers would serve as intermediaries between cloud service providers, such as Amazon Web Services, and government customers. Brokers would handle the details of negotiating contracts with vendors and acquire services on an agency’s behalf.

Four years later, notions about what constitutes a cloud broker and what role it should play in the government market have changed considerably. That’s hardly surprising given the fast-paced development of cloud technology. Some services have matured to the point of commoditization — for example, file sync-and-share services such as Dropbox — while other cloud deployments have grown in sophistication. Similarly, workloads entrusted to the cloud have evolved from low-risk, public-facing websites to business-critical applications.

Those changing market forces have encouraged government and industry executives to rethink and redefine cloud brokerages. Although the broker as contracting agent hasn’t entirely disappeared, other services are becoming more prominent. In some cases, brokers are starting to resemble the systems integrators of the 1990s as they pull together comprehensive solutions for customers. In other situations, brokers are taking on a consulting role and serving as trusted cloud advisers for their government clients.

Roopangi Kadakia, Web services executive at NASA, said brokers can serve a valuable role by helping agencies evaluate service providers and determine which platform will suit a given project. “The broker needs to have the ability to find the best services,” she said.

Why it matters

Federal agencies have made some headway in cloud adoption since the Office of Management and Budget launched its “cloud first” policy in 2010. The Government Accountability Office recently reviewed seven agencies and found that the number of cloud services they deployed grew from 21 in 2012 to 101 in 2014.

The agencies — Agriculture Department, General Services Administration, Department of Health and Human Services, Department of Homeland Security, Small Business Administration, State Department and Treasury Department — budgeted a collective $529 million for cloud services in fiscal 2014, a 72 percent increase over fiscal 2012 spending levels, according to a September 2014 GAO report.

But the cloud accounts for a tiny slice of the government’s overall IT spending. The agencies GAO studied allotted 2 percent of their IT budgets for cloud services. Although those budgets are growing, auditors noted that “agencies are still devoting a large portion of their IT budgets to non-cloud computing expenditures.”

So what’s hindering wider adoption? According to GAO, agencies have yet to assess the majority of their IT investments for their suitability as cloud migration candidates. A lack of cloud-savvy employees represents another barrier.

“Migrating legacy systems to cloud computing services requires knowledgeable acquisition staff and appropriate processes,” GAO’s report states, adding that HHS officials said they had the ability to purchase cloud services but “found post-award management to be a challenge.”

Cloud brokers say they can address such obstacles. For instance, they can help agencies sort through their IT assets with an eye toward the cloud, said Mike O’Brien, director of the Cloud Solutions Group at Aquilent. Companies like his can “help the customer determine which workloads are ideally suited for which cloud environments,” he added.

Brokers can also assist agencies as their cloud deployments become more complicated and even span multiple cloud solutions.

“We have seen a lot of customers that have part of an application sitting in a public cloud and part in an on-premise environment and another part in a different cloud because of security and compliance reasons,” O’Brien said.

The fundamentals

When the government began investigating the potential of cloud brokers four years ago, it needed to come up with a definition. The National Institute of Standards and Technology made its first attempt in the 2011 Cloud Computing Reference Architecture, which describes a cloud broker as an organization that “manages the use, performance and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.”

In 2012, GSA issued a request for information to explore the broker model. The Defense Department went a step further that same year: Then-CIO Teresa Takai issued a memo designating the Defense Information Systems Agency as the DOD Enterprise Cloud Service Broker and directing all DOD components to “acquire cloud services by using the broker.”

In the ensuring years, cloud developments have compelled the government to re-evaluate the broker’s purpose. NIST is in the process of refining its broker definition. Bob Bohn, NIST’s cloud computing technical program manager, said the draft update identifies two types of cloud brokers: business and technical.

A business broker focuses on support functions such as contractual intermediation and billing. The service does not have any contact with the customer’s data or operations in the cloud, and the broker never touches a machine.

“All [the business broker has] to do is manage the relationship,” Bohn said.

The technical broker, in contrast, gets hands-on with the customer’s IT assets. Such brokers aggregate services provided by multiple cloud vendors and address any issues associated with the movement of data and applications among the services.

“I think there is going to be a big role for the technical cloud broker,” Bohn said. “They are dealing with lots of different providers in the background. Since they are doing that, they have to work at solving interoperability and portability issues.”

Depending on a customer’s requirements, an organization could serve as a technical broker, a business broker or both.

NIST’s two-part definition underscores the divergence between the administrative go-between in the earlier vision and the broadening role of the broker. NASA is working through this transition with its cloud broker, InfoZen.

Last year, the company helped NASA migrate websites and applications to the cloud. Kadakia said InfoZen has been providing acquisition support and working with cloud service providers on the agency’s behalf. But NASA plans to migrate cloud management duties to its Computer Services Service Office, which will purchase services directly from providers such as Amazon Web Services, Microsoft Azure and Google. The office will negotiate and hold master contracts, and serve as a resource for the entire agency.

Kadakia said that approach will help the agency maintain consistency in how it manages cloud service providers. As a result, the broker will get out of the acquisition business and become more of an adviser.

She said one of the biggest advantages of using a broker is the ability to thoroughly analyze a particular cloud service. Many people might want to go directly to a cloud provider to buy a file sync-and-share service, for example, but in doing so, they don’t receive the benefit of having the broker study the requirements and assess different cloud options, she added.

“The cloud broker would want to do that analysis and look at the alternatives and provide some options on what the best solution is,” Kadakia said.

Raj Ananthanpillai, CEO and president of InfoZen, said his company still handles cloud procurement for some customers, but that service is largely commoditized these days. Instead, the company focuses on helping customers identify requirements and securely migrate complex systems to the cloud.

Mark Pietrasanta, chief technology officer at Aquilent, agreed that customers are looking for a more highly specialized set of services from cloud brokers. “Buying cloud isn’t the hard problem at this point,” he added. “It is very commoditized.”

 

Next steps

1. Expanded definitions. The National Institute of Standards and Technology plans to revisit how it defines brokers and the other players in the cloud field: providers, carriers and auditors. More developments could emerge later this year.

2. More contracts. The General Services Administration awarded a $64.5 million contract to Booz Allen Hamilton in October 2014 to develop a cloud service broker solution for GSA’s Integrated Award Environment Office. And in November, GSA awarded a $100 million blanket purchase agreement under which Aquilent will provide cloud services from providers including Amazon Web Services.

3. Continued growth. Despite a few hurdles, the broker segment appears poised for expansion. MarketsandMarkets predicts that the global cloud services brokerage market will grow from $1.57 billion in 2013 to $10.5 billion in 2018.

The hurdles

Cloud brokers face a couple of obstacles that could hinder adoption, including the lack of a definitive, widely accepted definition of what a cloud broker does.

“‘Cloud broker’ means different things to different people,” Pietrasanta said.

The types of companies offering brokerage services might also contribute to the ambiguity. For instance, some cloud service providers say they can also play the broker role and will consider other service providers — not just themselves — when sizing up a customer’s needs.

Given that potential conflict of interest, “I don’t think a cloud services provider can be the independent broker,” Kadakia said.

Another challenge is a maturing market that could reduce the need for a broker as cloud services become even easier to buy. The Pentagon is taking that route with its recently revised cloud policy. In December 2014, DOD CIO Terry Halvorsen issued a memo permitting DOD components to “acquire cloud services directly.”

In addition, the Federal Risk and Authorization Management Program eliminates some of the security vetting that a broker might otherwise conduct. However, industry executives said brokers still have room to evaluate cloud security beyond the measures certified under FedRAMP.

What’s more, FedRAMP won’t help customers understand why they should select one provider over another when it comes to factors such as performance, bandwidth and platform expertise, said Shawn McCarthy, a research director at IDC Government Insights. Among other things, brokers can make recommendations based on differences in the size of workloads providers are capable of supporting.

NEXT STORY: Help wanted with 7 million lines of COBOL

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.