Cloud brokers, the sequel

Agency managers began grappling with the cloud brokerage concept in 2011. At the time, the idea was that brokers would serve as intermediaries between cloud service providers, such as Amazon Web Services, and government customers. Brokers would handle the details of negotiating contracts with vendors and acquire services on an agency’s behalf.

Four years later, notions about what constitutes a cloud broker and what role it should play in the government market have changed considerably. That’s hardly surprising given the fast-paced development of cloud technology. Some services have matured to the point of commoditization — for example, file sync-and-share services such as Dropbox — while other cloud deployments have grown in sophistication. Similarly, workloads entrusted to the cloud have evolved from low-risk, public-facing websites to business-critical applications.

Those changing market forces have encouraged government and industry executives to rethink and redefine cloud brokerages. Although the broker as contracting agent hasn’t entirely disappeared, other services are becoming more prominent. In some cases, brokers are starting to resemble the systems integrators of the 1990s as they pull together comprehensive solutions for customers. In other situations, brokers are taking on a consulting role and serving as trusted cloud advisers for their government clients.

Roopangi Kadakia, Web services executive at NASA, said brokers can serve a valuable role by helping agencies evaluate service providers and determine which platform will suit a given project. “The broker needs to have the ability to find the best services,” she said.

Why it matters

Federal agencies have made some headway in cloud adoption since the Office of Management and Budget launched its “cloud first” policy in 2010. The Government Accountability Office recently reviewed seven agencies and found that the number of cloud services they deployed grew from 21 in 2012 to 101 in 2014.

The agencies — Agriculture Department, General Services Administration, Department of Health and Human Services, Department of Homeland Security, Small Business Administration, State Department and Treasury Department — budgeted a collective $529 million for cloud services in fiscal 2014, a 72 percent increase over fiscal 2012 spending levels, according to a September 2014 GAO report.

But the cloud accounts for a tiny slice of the government’s overall IT spending. The agencies GAO studied allotted 2 percent of their IT budgets for cloud services. Although those budgets are growing, auditors noted that “agencies are still devoting a large portion of their IT budgets to non-cloud computing expenditures.”

So what’s hindering wider adoption? According to GAO, agencies have yet to assess the majority of their IT investments for their suitability as cloud migration candidates. A lack of cloud-savvy employees represents another barrier.

“Migrating legacy systems to cloud computing services requires knowledgeable acquisition staff and appropriate processes,” GAO’s report states, adding that HHS officials said they had the ability to purchase cloud services but “found post-award management to be a challenge.”

Cloud brokers say they can address such obstacles. For instance, they can help agencies sort through their IT assets with an eye toward the cloud, said Mike O’Brien, director of the Cloud Solutions Group at Aquilent. Companies like his can “help the customer determine which workloads are ideally suited for which cloud environments,” he added.

Brokers can also assist agencies as their cloud deployments become more complicated and even span multiple cloud solutions.

“We have seen a lot of customers that have part of an application sitting in a public cloud and part in an on-premise environment and another part in a different cloud because of security and compliance reasons,” O’Brien said.

The fundamentals

When the government began investigating the potential of cloud brokers four years ago, it needed to come up with a definition. The National Institute of Standards and Technology made its first attempt in the 2011 Cloud Computing Reference Architecture, which describes a cloud broker as an organization that “manages the use, performance and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.”

In 2012, GSA issued a request for information to explore the broker model. The Defense Department went a step further that same year: Then-CIO Teresa Takai issued a memo designating the Defense Information Systems Agency as the DOD Enterprise Cloud Service Broker and directing all DOD components to “acquire cloud services by using the broker.”

In the ensuring years, cloud developments have compelled the government to re-evaluate the broker’s purpose. NIST is in the process of refining its broker definition. Bob Bohn, NIST’s cloud computing technical program manager, said the draft update identifies two types of cloud brokers: business and technical.

A business broker focuses on support functions such as contractual intermediation and billing. The service does not have any contact with the customer’s data or operations in the cloud, and the broker never touches a machine.

“All [the business broker has] to do is manage the relationship,” Bohn said.

The technical broker, in contrast, gets hands-on with the customer’s IT assets. Such brokers aggregate services provided by multiple cloud vendors and address any issues associated with the movement of data and applications among the services.

“I think there is going to be a big role for the technical cloud broker,” Bohn said. “They are dealing with lots of different providers in the background. Since they are doing that, they have to work at solving interoperability and portability issues.”

Depending on a customer’s requirements, an organization could serve as a technical broker, a business broker or both.

NIST’s two-part definition underscores the divergence between the administrative go-between in the earlier vision and the broadening role of the broker. NASA is working through this transition with its cloud broker, InfoZen.

Last year, the company helped NASA migrate websites and applications to the cloud. Kadakia said InfoZen has been providing acquisition support and working with cloud service providers on the agency’s behalf. But NASA plans to migrate cloud management duties to its Computer Services Service Office, which will purchase services directly from providers such as Amazon Web Services, Microsoft Azure and Google. The office will negotiate and hold master contracts, and serve as a resource for the entire agency.

Kadakia said that approach will help the agency maintain consistency in how it manages cloud service providers. As a result, the broker will get out of the acquisition business and become more of an adviser.

She said one of the biggest advantages of using a broker is the ability to thoroughly analyze a particular cloud service. Many people might want to go directly to a cloud provider to buy a file sync-and-share service, for example, but in doing so, they don’t receive the benefit of having the broker study the requirements and assess different cloud options, she added.

“The cloud broker would want to do that analysis and look at the alternatives and provide some options on what the best solution is,” Kadakia said.

Raj Ananthanpillai, CEO and president of InfoZen, said his company still handles cloud procurement for some customers, but that service is largely commoditized these days. Instead, the company focuses on helping customers identify requirements and securely migrate complex systems to the cloud.

Mark Pietrasanta, chief technology officer at Aquilent, agreed that customers are looking for a more highly specialized set of services from cloud brokers. “Buying cloud isn’t the hard problem at this point,” he added. “It is very commoditized.”

The hurdles

Cloud brokers face a couple of obstacles that could hinder adoption, including the lack of a definitive, widely accepted definition of what a cloud broker does.

“‘Cloud broker’ means different things to different people,” Pietrasanta said.

The types of companies offering brokerage services might also contribute to the ambiguity. For instance, some cloud service providers say they can also play the broker role and will consider other service providers — not just themselves — when sizing up a customer’s needs.

Given that potential conflict of interest, “I don’t think a cloud services provider can be the independent broker,” Kadakia said.

Another challenge is a maturing market that could reduce the need for a broker as cloud services become even easier to buy. The Pentagon is taking that route with its recently revised cloud policy. In December 2014, DOD CIO Terry Halvorsen issued a memo permitting DOD components to “acquire cloud services directly.”

In addition, the Federal Risk and Authorization Management Program eliminates some of the security vetting that a broker might otherwise conduct. However, industry executives said brokers still have room to evaluate cloud security beyond the measures certified under FedRAMP.

What’s more, FedRAMP won’t help customers understand why they should select one provider over another when it comes to factors such as performance, bandwidth and platform expertise, said Shawn McCarthy, a research director at IDC Government Insights. Among other things, brokers can make recommendations based on differences in the size of workloads providers are capable of supporting.