Rush to the Cloud
This is a time when it's natural to recap 2010 and wonder what milestones during the past year might be a game-changer for computing, software and information technology (IT). At the beginning of 2010, one could easily forecast there would be a steady stream of news about cloud computing. As expected, there were new product offerings and movement on the merger and acquisition front. But perhaps the most important news was the U.S. government's embrace of cloud computing.
In December 2010, the government's CIO, Vivek Kundra, released a 25-point plan for an overhaul of Federal IT that emphasizes a cloud-first policy for federal agencies. Currently the federal government is on pace to spend $79 billion on IT this year, with more than 20% going to infrastructure spending. Because the US government has spent $600 billion on IT over the past decade, the plan's intent is to reduce IT spending by the federal government.
In February 2010, the government announced the Federal Data Center Consolidation Initiative (FDCCI) that required agencies to do an inventory of IT assets. It was believed the government operated 1,100 data centers but the FDCCI effort revealed there were 2,100 data centers.
The new 25-point plan establishes a Data Center Consolidation Task Force with a goal of reducing the number of data centers by 800 as of 2015. The plan also touts scalability as a reason for embracing the cloud over traditional solutions. It cited the example of a private-sector company doing video editing that experienced a surge of demand and was able, using the cloud, to scale from 50 to 4,000 virtual machines in three days.
The Kundra plan calls for each government agency to identify three services that must move to the cloud, enabling them to benefit from "commodity IT funding". There's an expectation that moving applications such as e-mail to the cloud will facilitate data center consolidation and reduce IT budgets. Some federal agencies have already awarded contracts to move e-mail to the cloud. In addition, the government has selected a dozen vendors to supply Infrastructure-as-a-Service (Iaas).
Google and Microsoft want the government's cloud business and they've undertaken a PR campaign including announcements of high-profile contract awards. The General Services Administration (GSA) recently awarded Unisys and Google a contract to host e-mail in the cloud. The US Department of Agriculture (USDA) selected Dell to supply Microsoft Online Services for the migration of 120,000 users and 21 e-mail systems to the cloud.
Microsoft was the winner of a Department of the Interior contract for moving e-mail to the cloud, a selection that Google protested. Google and its reseller, Onix Networking Corp, have filed suit against the Department of the Interior to overturn that selection (Google vs. US complaint).
A major factor in the selection process for government agencies is whether they have a preference for Google Apps for Government or Microsoft's Business Productivity Online Suite-Federal (BPOS). Microsoft BPOS includes Exchange Online, SharePoint Online, and Office Communications Online. Both Google Apps for Government and BPOS have been certified as being compliant with the Federal Information Security Management Act (FISMA). Being given FISMA Authority to Operate (ATO) is a certification the cloud infrastructure is a secure, trusted environment for government applications and databases they use.
The federal contracts for hosting e-mail in the cloud are not the first Big Government embrace of hosted e-mail. Microsoft reportedly has several hundred state and local agencies using its cloud services. New York City recently announced it will adopt Microsoft BPOS for 30,000 city users. The State of California awarded a contract to Microsoft and Computer Sciences Corporation (CSC) for the migration of 130 of e-mail systems to Microsoft BPOS. The State of Minnesota Office of Enterprise Technology (OET) announced an agreement with Microsoft to migrate Exchange e-mail and other communications services to BPOS in a private cloud. BPOS will be accessible via Minnesota's secure network and Minnesota CIO Gopal Khanna has said it will not be accessible to Microsoft employees.
In October 2009, the city of Los Angeles selected Google Apps for Government and it experienced problems in making the transition to hosted services. Google and CSC missed a June 2010 deadline for full implementation. The primary reason for the delay was security issues raised by the California Department of Justice and the Los Angeles Police Department. Those agencies had concerns about encryption and data segregation. They requested background checks of Google employees who will have access to law enforcement data and communications. There were also concerns about the e-mail system generating confirmation of delivery of important documents such as subpoenas.
Service Level Agreements and Uptime With BPOS and Google Apps for Government competing for new contracts, it's no surprise that service level agreements and uptime have been put under the microscope. Microsoft BPOS experienced outages in August and September 2010 that reduced uptime for some to 98.07%, less than advertised 99.9% uptime specified by the Microsoft BPOS service level agreement. Lars Tønnesen of Astrofarm AS in Norway reported serious uptime problems with BPOS EMEA over a 4-month period.
The Google Apps Premier Edition Agreement also has an uptime guarantee of 99.9%. Gmail had six outages in an eight month period of 2008 but Google said it still averaged 99.9% uptime. In February 2009, Google Apps Premier Edition paying customers received a service credit because uptime dropped to 95% due to a February 24 outage. Google reported Google Mail service interruptions in November, 2010, with the most recent outage being on December 3, 2010.
Cloud Security In a prime example of putting the cart before the horse, the federal government has been awarding contracts to cloud vendors before identifying the security requirements their platforms must satisfy.
One of the announced goals of the FDCCI was to "Increase the overall IT security posture of the government". It will be interesting to see how that plays out with organizations such as Microsoft and Google hosting government applications and being responsible for the security of sensitive government data.
Update January 5, 2010 A federal judge has ordered the Department of the Interior to hold off on awarding the contract to Microsoft for migration of Interior's e-mail to the cloud.
Next: FISMA, sensitive data and cloud securityThe Kundra plan calls for each government agency to identify three services that must move to the cloud, enabling them to benefit from "commodity IT funding". There's an expectation that moving applications such as e-mail to the cloud will facilitate data center consolidation and reduce IT budgets.