It’s been more than five years since the Obama administration outlined its “Cloud First” policy – and Sanjeev Nehra has been along for the ride.
As a technology executive with over 20 years of management and leadership experience in IT strategy and architecture, Nehra has helped outline best practices for federal agency adoption of commercial cloud solutions.
That focus continues in Nehra’s current role as chief technology officer at Dell Services Federal Government. While federal agencies have been required since June 2014 to utilize only FedRAMP-approved cloud service providers, the rate of cloud adoption across the government has remained uneven.
But that’s changing.
“Whether it’s applications, infrastructure, mission critical or supporting applications – that migration, that movement, is absolutely happening,” says Nehra, speaking from Dell’s Herndon-based federal services arm. And while traction picks up, so should a focus on comprehensive assessments, says Nehra.
“I think it’s important to emphasize that if you are an agency, you need to do an assessment of your requirements, both today and in the future – I call it a comprehensive assessment of your service requirements,” says Nehra.
While all federal agencies do an annual assessment of their enterprise architecture – using common practices such as the Federal Enterprise and the Department of Defense architecture frameworks –keeping a primary focus on needs (and secondly, on cloud technologies) ensures the greatest migration success, says Nehra.
As Nehra puts it, “The cloud is secondary to service requirements.”
“You have to look at your agency goals – and your mission, typically based on your agency’s strategic plans, three to five-years out – for what the needs will be from a mission perspective,” says Nehra.
Also critical, he adds, is a clear definition of how business, technology, data and infrastructure needs must change to meet a defined target – all followed by a through gap analysis between the target and accompanying road map.
Only with a clear articulation of needs and timelines can agencies adequately choose the right cloud delivery model and service partner, says Nehra. The same holds true for having a clear understanding of vendors’ credentials and offerings, he adds.
“Just because you are getting a cloud services provider, you still have to go from a provisional ATO [authority to operate]to granting a full ATO for that agency to consume the service,” says Nehra.
Equally important, he adds, is avoiding making assessments on cloud offerings – such as email-as-a service, SharePoint or websites – on a piece-by-piece basis.
“Each investment and isolation may look like the right thing to do but when you start looking at investments, which run across all of these different cloud services, that is going to lead to a suboptimal solution,” cautions Nehra.
“I would rather,” he adds, “agencies not go where they end up in ‘cloud sprawl,’ because getting out of that would be a lot more difficult than making the upfront planning decisions and investments so you don’t get into that situation.”
That upfront approach underpins Dell Services Federal Government’s recent work in the cloud migration space.
At the Nuclear Regulatory Commission (NRC), for example, Dell Services Federal Government recently built a custom private cloud that could meet the agency’s FISMA High requirements – a much higher requirement for cloud security than is currently provided under FedRAMP, which only meets the FISMA moderate security level.
“As part of our effort we didn’t bend the cloud to the NRC, we took them on a journey toward the cloud,” says Nehra.
Part of that journey meant consolidating more than a dozen data centers, then ensuring they were virtualized at 80 percent or above – and all of it fueled by a custom-built cloud.
“After building the cloud not only is the NRC able to provision their own infrastructure – their own virtual machines using self-provisioning tools provided by us – they’ve also now successfully migrated hundreds of applications into the NRC private cloud that we built,” says Nehra.
For Nehra that work speaks to an assessment-first approach.
“That’s an example where we worked closely with a customer, understood their security needs, identified the right controls and then, based on that [discovery process], provided a cloud solution,” he says.
“Just building the cloud was only one part of the story,” he adds. “So was migrating that infrastructure, as well as the applications, and ensuring they had the self-provisioning [capability]through which they could order a new server [virtual machine]within a day rather than weeks – it was all a substantial savings from a lapse time and automation perspective.”
In agencies like the NRC, the pace of cloud adoption will only continue to grow, adds Nehra.
“I think as FedRAMP is now one part of it, as the security concerns start getting mitigated, and as agencies start seeing an ROI from their investments into offerings like email-as-a-service, all of that will put additional confidence among agencies into doing the migration,” says Nehra.
“It’s a one-way train,” adds Nehra, “and sooner or later, most agencies will jump on it – it’s just a question of when.”