Skip to main content

Statement of Dr David McClure "The Next IT Revolution? Cloud Computing Opportunities and Challenges"

STATEMENT OF

Dr. David McClure
Associate Administrator
Office of Citizen Services and Innovative Technologies
General Services Administration

BEFORE THE

HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE

SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION

September 21, 2011

"The Next IT Revolution? Cloud Computing Opportunities and Challenges"


Chairman Quayle and Members of the Subcommittee:

Thank you for the opportunity to appear before you today to discuss the General Service
Administration's (GSA) leadership role in ongoing efforts to enable and accelerate adoption of
cloud computing across the federal government. Cloud adoption is a critical component of the
Administration’s plan to improve management of the government’s IT resources. The reforms
underway are enabling agencies to use information more efficiently and effectively, delivering
improved mission results at lower cost.

Cloud computing offers a compelling opportunity to substantially improve the efficiency, agility
and performance of the federal information technology portfolio. It allows agencies to pay only
for the resources they use in response to fluctuating demand, avoid the expenses of building
and maintaining costly IT infrastructure, and control the appropriate level of security for data and
applications. Cloud computing is also a key technology for achieving cost effective IT. In fact,
agencies have already started to realize numerous benefits as they begin to adopt cloud
computing across their programs. These include cost reduction, faster deployment of systems
and applications, increased productivity, greater flexibility and scalability and improved self-
service capabilities. As agencies consolidate and virtualize their data centers, cloud provides an
ideal path forward to achieve needed results while substantially lowering costs – an essential
focus given federal budget constraints.

GSA is playing a leadership role in facilitating easy access to cloud-based solutions from
commercial providers that meet federal requirements, enhancing agencies’ capacity to analyze
viable cloud computing options that meet their business and technology modernization needs,
and reducing barriers to safe and secure cloud computing. We are developing new cloud
computing procurement options with proven solutions that leverage the government’s buying
power, ensuring effective cloud security and standards are in place to lower risk, and
identifying and leveraging government-wide uses of cloud computing solutions such as email.
These are highlighted on our web page Info.Apps.gov, which provides useful information about
cloud computing and available solutions.

The Administration’s efforts to apply rigor to information technology management and foster
cloud adoption is framed by several key guidance documents and policies, including the OMB
25 Point Implementation Plan to Reform Federal Information Technology Management and the
Federal Cloud Computing Strategy issued by the federal CIO’s office. The initiatives being
implemented in response to these documents are making significant progress tackling long
standing challenges in the way IT is acquired and managed. These reforms are also meeting
the Administration’s goals to make government more responsive, operationally effective, cost
efficient, transparent, participatory, collaborative, and innovative for the citizens it serves.

The Subcommittee asked that I address the four questions outlined below.

(1) Please provide an overview of how the General Services Administration (GSA) is
implementing the Office of Management and Budget’s (OMB) 25 Point Implementation
Plan to Reform Federal Information Technology Management, the OMB Federal Data
Center Consolidation Initiative, and the Federal Chief Information Officer’s Federal
Cloud Computing Strategy.

GSA plays a central role in realizing the goals set forth in the Administration’s initiatives and
strategies to reform IT management, consolidate data centers and implement cloud computing.
Below are the primary initiatives underway to achieve the policy goals of Data Center
Consolidation, the Cloud Computing Strategy and the specific objectives of the 25 Point Plan.

Below is an overview of the work we are conducting to support specific objectives of the Federal
IT Reform Strategy. Each objective of the 25 Point IT Reform Plan for which GSA is directly
responsible is identified in bold; the specific section is in parenthesis.

Complete detailed implementation plans to consolidate at least 800 data centers by 2015
(#1)

Create a government-wide marketplace for data center availability (#2)

The Federal Data Center Consolidation Initiative (FDCCI), managed jointly by GSA and OMB, is
charged with reversing the federal government’s explosive data center growth to optimize and
improve efficiency of federal IT infrastructure. The FDCCI is chartered to engage with agencies,
support and facilitate agency data center consolidation planning, and to provide tools to federal
partners.

Under the FDCCI, GSA is accomplishing the following:

Working with a government-wide task force co-chaired by DHS and DOI that meets
monthly and includes representatives from all 24 CFO Act agencies.
 

Assisting agencies to maximize the return on investments for data centers to remain in
their inventory after consolidation

Ensuring consistent data collection of the federal data center inventory by developing
and disseminating standard templates to collect, manage, and analyze agency data
center inventory data.

Collaborating with industry on best practices and solutions for key data center
consolidation issues.

Developing a comprehensive data center Total Cost Model for agencies to use to
analyze alternative consolidation scenarios, enable data-driven decision-making for
infrastructure cost and performance optimization.

Pursuing development of a data center marketplace that would help optimize
infrastructure utilization across government by matching agencies with excess
computing capacity with those that have immediate requirements. A working group is
addressing consensus-building, requirements gathering, and other key facets necessary
to ensure the marketplace’s success.

Stand up contract vehicles for secure IaaS solutions (#4)

IT infrastructure represents a multi-billion dollar investment that requires constant maintenance,
expensive technology upgrades, and dedication of valuable personnel. Agencies are faced with
outdated infrastructure requiring ongoing, major investments to keep pace with growing demand
and rapidly changing technology. Servers across both government and industry are highly
underutilized. To address these issues, GSA’s Federal Acquisition Service (FAS) established a
Blanket Purchase Agreement (BPA) with 12 companies (many with multiple partners) that offer
cloud storage, computing power, and cloud-based website hosting as commodity services that
enable agencies to optimize their infrastructure and achieve substantial, long-term cost savings.
Under these Infrastructure as a Service (IaaS) contracts, agencies pay only for what they need,
define performance requirements, have the flexibility to respond to changing demands, benefit
from commodity pricing, and are assured of secure solutions. At present, four contractors are
offering services under the BPA, with the remaining completing the security authorization
process. DHS has recently awarded a task order under this BPA for the consolidation and
migration of its public facing websites to a cloud hosting service.

Stand up contract vehicles for commodity services (#5)

Working closely with email and collaboration experts from across government, GSA developed
a government-wide contract vehicle to help agencies move email and collaboration solutions to
the cloud. The Email as a Service (EaaS) BPA is an active procurement managed by FAS;
responses are currently being evaluated. It will offer federal customers a streamlined
procurement vehicle to commercially available cloud email solutions that best fits their agency's
needs. Based on information from Forrester Research, average cost savings for agencies
migrating to cloud-based email are expected to be $11/mailbox/month, $1 million in annual
savings for every 7,500 users, or approximately 44% over existing on-premise email solutions.
The BPA will offer a range of email services in public, private, and highly secured clouds,
making available robust, feature-rich, secure email and collaboration service options similar to
those currently being implemented at GSA, USDA, USAID, DOE, and other agencies. It can
meet the needs of the 15 agencies that have identified 950,000 e-mail boxes they plan to move to
the cloud under the Administration’s IT Reform effort.

Launch an interactive platform for pre-RFP agency-industry collaboration (#25)


To streamline the procurement process and enhance communication with industry, GSA is
establishing "cross-trained" program teams and improving the way requirements are defined.
GSA is working to establish an interactive platform for pre-RFP agency-industry collaboration.
Based on input from government and industry, alternatives for design and delivery of an online
collaboration tool have been examined and rated. Candidates for the tool included existing
government systems and commercial collaboration tools.

GSA not only is fostering adoption of cloud computing government-wide, but as required under
the Cloud First policy, has recently completed a major cloud migration of our internal email and
collaboration solution that demonstrates the significant potential of cloud solutions to achieve
substantial cost savings. In approximately seven months, we moved 17,000 users to Google
Apps for Government. Savings over the next five years are projected to be over $15M. Not only
have we reduced costs, but we have also made significant gains in environmental sustainability
– we shut down 45 servers, which is equivalent to taking 60 cars off the road. The lessons
learned from our cloud implementation have been captured and are being shared with agencies
across the government as they seek to achieve similar success.

2. Please provide an overview of the costs associated with implementing these plans at
GSA, and provide a description of both the short-term and long-term budgetary
impacts of these changes.

To date, GSA’s Federal Cloud Computing Initiative has been funded under the e-Government
program administered by the Federal Chief Information Officer. In FY10 and FY11 GSA’s
Federal Cloud Computing Initiative (FCCI) Program Management Office (PMO) budget of $4.8
million was allocated to five primary tasks:

Establish procurement vehicles that allow agencies to purchase IT resources as
commodities - resulting in the award of the Infrastructure as a Service (IaaS) Blanket
Purchase Agreement under GSA Schedule 70

Address security risks in deploying government information in a cloud environment -
resulting in the development of the Federal Risk Authorization Management Program
(FedRAMP)

Establish a procurement vehicle that allows agencies to purchase cloud-based e-mail
services - resulting in the issuance of the Email as a Service (EaaS) procurement that is
currently underway

Work with agencies to consolidate their data center asset - resulting in the Federal Data
Center Consolidation Initiative that works with agencies to inventory their data center
assets and to identify targets for consolidation and optimization

Create apps.gov, an on-line storefront that provides access to over 3,000 cloud-based
products and services where agencies can research solutions, compare prices and
place on-line orders using GSA’s eBuy system.

This initial funding provided by the e-Gov Fund allowed GSA to accomplish significant results.
However, there are key activities that still need to be accomplished to realize the significant,
additional potential cost savings and productivity improvements that GSA can help agencies
achieve. The continuation of these cost-saving initiatives is dependent on FY12 eGov Fund
budget levels and decisions.

3. What cybersecurity steps is the GSA taking to protect federal data and
communications in the cloud? To what extent does GSA work with NIST on the
development of cybersecurity standards for federal cloud computing use?

The primary goal of the Administration’s Cloud First policy is to achieve widespread practical
use of secure cloud computing to improve operational efficiency and effectiveness of
government. Currently, each agency typically conducts its own security Certification and
Accreditation (C&A) process for every system it acquires, leading to unnecessary expense,
duplication and inconsistency. According to the 2009 FISMA report to Congress, agencies
reported spending $300M on C&A activities alone.

Working in close collaboration with DHS, NIST, DoD and OMB and the Federal CIO Council,
GSA is leading establishment of the Federal Authorization Risk Management Program
(FedRAMP) to accelerate adoption of secure cloud solutions by agencies across government.
Key benefits include:

Provides a single, consistent security risk assessment and authorization that can be
leveraged across agencies – an "approve once, and use often" approach

Establishes a common set of baseline security assessment and continuous monitoring
requirements using NIST standards

Approves and makes available qualified, independent third party assessors, ensuring
consistent assessment and accreditation of cloud solutions and based on NIST’s proven
conformity assessment approach

Shifts risk management from annual reporting under FISMA to more robust continuous
monitoring, providing real-time detection and mitigation of persistent vulnerabilities and
security incidents.

There is strong support and demand for FedRAMP from agencies seeking to adopt cloud
services, as required by the Administration’s Cloud First policy, and from industry. FedRAMP's
processes, policy, governance, and technical security standards have all been arrived at via a
consensus-based approach that includes agencies’ Chief Information Security Officers, the
Federal CIO Council, National Institute of Standards and Technology (NIST), Department of
Homeland Security (DHS), Department of Defense (DoD), National Security Agency (NSA), and
numerous industry organizations. This new program is expected to be initially launched this Fall.

4. What other challenges face federal agencies in adopting cloud computing services,
and what steps is the GSA taking to overcome these challenges?

Considerable progress has been made in adopting successful cloud solutions. Cloud computing’
is now an accepted part of the federal IT lexicon. However, there continues to be a need for
more thorough understanding of the cloud’s deployment models, unique security implications,
and data management challenges. Agency executives should not focus on cloud technology
itself; rather, they should focus on the desired outcome driving the need for cloud adoption.
CIOs need to work with their line of business executives and program managers to develop and
deploy effective cloud roadmaps that address pressing agency mission needs, taking into
account costs savings and expected performance improvements. Agencies should analyze
business needs and identify cloud solutions that best fit their requirements by making cloud
adoption part of an overall IT portfolio management and sourcing strategy. NIST is currently
working on a Cloud Computing Technology Roadmap that will be released in November. If
linked to cloud provider products and services, it would greatly assist in this decision-making.

Cultural resistance is also a major challenge. Cloud adoption requires moving away from
managing physical assets to buying services. As GSA’s own experience has shown, these
issues can be effectively addressed. Critical success factors include robust communication,
practical training and emphasis on the benefits of cloud, and especially on the control agencies
gain by buying what they need and defining performance metrics that are tied to desired
performance results. GSA found that having a group of early adopters fostered buy-in and
enthusiasm, and provided a ready corps of skilled users.

Conclusion
Mr. Chairman, General Services Administration is leading the Administration’s charge to make
government more open, transparent, and effective for the citizens it serves. In our increasingly
data-centric and network-based world and workplace, effective and efficient procurement and
implementation of information technology will be paramount in making sure the federal
government closes the IT performance gap between it and the private sector. Cloud computing
and data center consolidation are key initiatives that should be pursued aggressively to achieve
needed costs savings and improve effectiveness of government operations.

Thank you for the opportunity to appear today. I look forward to answering questions from you
and members of the Subcommittee.

 


IT Cloud Computing Security NIST FISMA FedRamp