Blog post

Public And Private Cloud Computing in Government: Balancing Act or Battlefield?

By Andrea Di Maio | July 16, 2009 | 3 Comments

cloud

Yesterday I had a great conversation with a European client who is tasked with identifying a roadmap for government departments across his jurisdiction to collectively benefit from cloud services. The starting point for him – like for a number of other clients I have been talking to lately – is (1) a set of ongoing consolidation and virtualization initiatives involving departmental data centers and (2) the desire of benefiting from the “on-demand” model of cloud computing to better utilize both infrastructure and applications.

Our conversation touched upon a number of important issues:

  • the never-ending private-vs-public cloud argument,
  • how to strike the balance between the provider and the user view in a context where several agencies run or control their own infrastructure and may wish to “sell” excess capacity to others
  • the relationship between application as a service and infrastructure as a service
  • looking at cloud computing in isolation as opposed to as a relatively new sourcing model, to be seen in a broader context

We have covered some of these issues in a recent Gartner research note.

In looking at what is going on around the world, the discussion inevitably ended up mentioning what the GSA and the OMB (through the newly established Federal CIO) are doing. Shortly after my client inquiry I read several news reporting Vivek Kundra’s interview about cloud computing, where he described the establishment of a online storefront for cloud computing services.

This clearly refers to “public cloud services”, and is a way to make sure that federal agencies purchase public cloud services that fulfill a number of federal requirements through a single purchasing vehicle, with predetermined levels of flexibility and elasticity.

While this is an attractive model, it is just the tip of the iceberg in dealing with cloud computing opportunities in the federal government. A much bigger issue, and one that was at the very core of my conversation with the European client, is how to organize and source “private cloud” services (or – using the NIST definition – “private and community cloud services”). In fact most government workloads may still need to run on an environment on which users can exercise a greater degree of control than what is possible though the public cloud services accessed through the online storefront. Further, and in some cases most importantly, the issue is not just whether a workload can run on a public cloud infrastructure or not, but that there are existing assets or existing contracts with service providers that force those workloads to be kept withn the boundaries of a “private cloud” infrastructure.

In his interview, Vivek Kundra clearly recognizes this, since – according to an article –

Kundra acknowledged that approach (the online storefront for public cloud services) won’t work for tasks involving sensitive federal data. He said a private cloud could be developed for these activities, and he’s working with an 11-member group of federal CIOs to sort out which data is suitable for consumer cloud applications and which data must be housed on government-owned infrastructure

My sense is that data-sensitivity is only one of the criteria that determine whether workloads should run on a private or public cloud infrastructure. How much does the legacy, government-owned infrastructure as well as the contracts around it make the transition to a “private cloud infrastructure” possible, desirable or just financially viable? How far have virtualization programs gone to support all the attributes of cloud computing? How many agencies, and for which workloads, do really need the elasticity, flexibility, fine-grain metering and the other cloud computing attributes? To what extent the governance of a private cloud infrastructure involving several agencies (community cloud in the NIST definition) is effective enough to make sure it does not fall into the same problems that many pre-cloud shared service initiatives ran into?

What Vivek and the GSA are doing is important to provide a reference framework to anybody who wants to use public cloud infrastructure services, but also to push the boundaries of collective thinking within the federal government. Should they pursue the development of a collection of private and community clouds as a natural evolution of the IT Infrastructure Line of Business,? Or should they evolve the online public cloud storefront to support also more sensitive workloads, even if this puts the use of existing, government-owned infrastructure at risk?

In any large jurisdiction (countries, large stated and provinces) cloud computing may soon become a battlefield between those agencies who own infrastructure and want to retain it and provide it as a service to others, and those agencies who want just to buy more cheaply and flexibly, and do not care whether those services come from inside or outside government. Organizations like whole-of-government CIO offices, procurement agencies, e-government taskforces and the likes will be stuck in middle of that battlefield.

Comments are closed

3 Comments

  • The GSA could be a storefront for internal (private cloud) service providers too, not just external ones. Other gov’ts have done this kind of thing — I can think of one agency where the shared enterprise mainframe data services are actually provided by two departments as needed (there is no single enterprise data center).

  • @Bruce Robertson
    Agreed, but that’s exactly where the governance issue kicks in. One could argue that something similar could happen for pretty much any shared service, and yet it does not 8we have plenty of sad stories around shared services in government).
    What I am observing is that there are a few agencies that claim they are “private/community cloud service providers” but I am really unsure whether it will be easier for GSA to get them together or just to act as a broker of market offerings.

  • Daria says:

    The Cloud Computing debate on public vs. private is indeed an endless one. I think that the security of the cloud should be a stronger argument since that has been a greater debatable factor and should be more so as more institutions adopt the cloud (especially ones with sensitive/private data).