GBC: One of the aspects of the Federal Cloud Computing Strategy urges IT managers to adopt quickly. Do you have any advice for them in fulfilling this mandate?

DARREN HOUSE: Cloud is a multi-pronged, multi-phased strategy and no one stock-keeping unit (SKU) can enable quick adoption. Agencies should focus first on desired mission outcomes, not vendor or technology, and work to standardize systems using reference architectures that integrate components into a single, flexible solution such as FlexPod™ architecture. Next, identify steps to achieve those desired mission outcomes. Then, think about staffing skills. Success in a cloud environment requires many non-technology skills, so find personnel you can train to jump between technology and business discussions. Finally, look for partners that can provide proof of concepts. Achieving lessons learned without risking your production environment is a big win.

GBC: As a part of the Federal Cloud Computing Strategy, the Cloud First policy asks managers to evaluate safe and secure cloud computing options before investing in any new technologies. What should federal managers focus on when making these evaluations?

DARREN HOUSE: Start with tried and true security basics and then work up to the security model you need. The NIST Risk Management Framework and Security Lifecycle is a good guide. Look for mature, industry accepted methods for authentication, authorization and accounting and solutions that provide automation to consistently deliver services through predefined and pre-approved processes. Take time to understand the real risks to your workloads in a shared-services or multi-tenant environment. Consider solutions that have mature answers to the multi-tenant problem, like the multi-tenancy pre-validated design from NetApp, Cisco and VMware. Understand the role you play in keeping your workloads secure.

GBC: It often takes years for end users to see the benefits of IT decision-making. What accounts for this time gap?

DARREN HOUSE: The lack of business agility, evolved from the accumulation of IT sediment over time, accounts for the time gap. Sediment is a naturally occurring material broken down by processes. In IT, continual change leads to difficulty in maturing with one technology and a constantly migrating workforce leaves projects unfinished. Changing budgets impact IT staffing levels and business perspectives of IT as an expense and not an asset can cause missed opportunities. These entrenched ideas about technology can prevent positive change, while miscommunications and conflicting incentives generate a lack of trust. Over time, these and many more “materials,” have been broken down and transported across IT environments as sediment, often stuck by its own weight.

GBC: Cybersecurity is a hot button issue for today’s federal managers. How can managers maintain security while transitioning to the cloud?

DARREN HOUSE: For public clouds, the issue is trust and transparency. Is your provider transparent enough to earn your trust in showing their instituted technologies, policies and procedures to secure your workloads? Learn about FedRAMP and keep up on its progress.

For private clouds, many commercial off-the-shelf (COTS) solutions have features that increase security postures. Agencies should start with a stable foundation based on standardization, virtualization, innovative virtual design approaches and orchestration. Current security mechanisms should be aligned with your end state cloud security models. Enforce standards through policy driven automation. Use a cloud suite that has baselines, compliance checks of workloads, monitoring, tracking, reporting, as well as Security Content Automation Protocol (SCAP) and Security Technical Implementation Guides (STIG)automation capabilities.

GBC:  How do you rectify bringing in new cloud technologies into current legacy systems?

DARREN HOUSE: This requires a multi-faceted approach well suited for FlexPod™ architecture. Using a standards-based reference architecture approach to delivering new technologies into legacy environments makes integrating with—and migrating from—legacy systems easier. FlexPod™ architecture enables a level of flexibility necessary to modify the reference architecture to best fit legacy requirements. When migrating from a legacy system, FlexPod™ architecture with multiple service profile configurations can be tested. In other solutions, you need multiple systems to test. With FlexPod™ architecture, the end result is business agility through rapid configuration and deployment, increased security and a standards-based approach that eases integration with legacy systems.