Rackspace was honored to sponsor the AWS Public Sector Summit this year and spend several days with AWS and public sector technology leaders and partners, all learning and growing together.
Rackspace is a relative newcomer to the public sector, but a stalwart of cloud computing. We have a working theory about what it will take to be successful in both, and several of the predications that led us to enter this industry are proving to be accurate.
Compliance is still a barrier
One of the primary reasons Rackspace entered the public sector was our understanding that the newest cloud technologies are not readily accessible to those in heavily regulated industries. The additional security and compliance requirements associated with the public sector often act as a de facto prohibition on technology advancement.
One of the biggest barriers to cloud adoption remains “the compliance and accreditation part,” as Teresa Carlson, vice-president of AWS World Wide Public Sector said in an interview with FedScoop following the Summit. “In the last two days, I’ve heard a lot from my partners that they are really struggling with getting the compliance and accreditation through. And I asked why, and they said because they don’t know how to do it — they literally don’t have the skills, because they’re used to the old model… not the AWS part — that’s ready. It’s their application that they’re building on top of it, because they just don’t have that experience.”
For all the talk of innovation and rapid adoption of technology at this year’s summit, honestly, a lot of it is still just that: talk. NASA’s Jet Propulsion Laboratory led an inspiring discussion about “How Rapid Experimentation with Technology is Achieving Results in the Enterprise.” The teaser promised “an explosion of new and promising technologies that could help solve our enterprises’ problems.”
The operative word there is ‘could.’ Don’t get me wrong, I love what JPL is doing, and it is working for their experimental mission and culture. (Because of this passion for experimentation, NASA will always be near and dear to Rackspace; together we co-founded OpenStack.) However, for most government organizations, all new technologies have to undergo a full Assessment and Authorization process before they ‘could’ be used for production workloads. If you don’t already know, the government A&A process is ‘not a mundane detail,’ to steal a quote from Office Space. It’s a very lengthy and expensive process for everyone involved.
FedRAMP was created specifically to help address this problem, and it has certainly helped. But after nearly seven years of FedRAMP, there are still only 74 FedRAMP authorized SaaS solutions, several by the same vendors. Of the approximately 12,000 software vendors out there, only 60 have successfully made it all of the way through the FedRAMP process — that’s less than one percent of the innovation going on out there. (I would be remiss not to point out that several of those SaaS providers were authorized on top of our own FedRAMP authorized platform — so if you’re an ISV seeking FedRAMP authorization, I encourage you to contact Rackspace, as we can significantly shorten your time-to-market and security expenses.)
Acquisition is stuck in the Cold War
It’s not just the added security and compliance requirements that keep these advances in technology out of the government, it’s also how the government buys technology. In my previous blog post, I gave a very high-level explanation of the government’s IT budget process. If that alone doesn’t help you understand the rationale behind the antiquated technology rampant in the government, consider the Federal Acquisition Regulation (FAR) and its DoD counterpart the Defense FAR Supplement. The FAR was created in 1984 to provide “uniform policies and procedures for acquisition.” That’s right, uniform procedures for buying EVERYTHING. The government is buying cloud services like it buys intercontinental ballistic missiles and MREs.
AWS’s Carlson, in the same FedScoop interview, also noted that “acquisition is a big barrier for some [agencies] still. They don’t know how to write a good cloud contract… even within an agency, you’ll see some doing a really great job and others sort of just struggling a bit more. So I think we’ve got to work on that, this sort of cloud acquisition workforce.”
Moving to the cloud is not just about outsourcing your IT infrastructure by using someone else’s computer. Unfortunately, that’s the going in position of too many government IT professionals. To truly gain the benefits of cloud adoption, your entire mindset toward technology must change. It’s no longer about getting new hardware every three to five years. It’s about continuous delivery. It’s about rapid adoption. It’s about failing fast. The NIST definition of cloud still holds true; cloud is ubiquitous, convenient, on-demand access to a pool of configurable resources that can be rapidly provisioned and released with minimal effort. This is an evolutionary step in technology.
Government contracts need to evolve accordingly. Read just about any cloud solicitation, and you will be reminded that cloud and government still do not mix:
“Firm Fixed Price per year.”
“Not To Exceed one server.”
“Must provide 10 Full Time Equivalent staffed positions.”
“Remote work will not be considered.”
No shortage of excitement or desire
I have enjoyed attending the AWS Public Sector summit for six consecutive years now, first, as a government employee, then, as an AWS employee and now, as a Rackspace employee. Every year, the attendance grows by leaps and bounds and the energy increases. The government legitimately wants to be successful in their cloud journey, just like any other enterprise. But “Modernizing Government Technology,” as the law now requires, is going to require a massive shift in security and compliance and acquisition mechanisms.
If your organization is looking for help, Rackspace can assist. We offer expert guidance within the framework of the Modernizing Government Technology Act. Government organizations are confronting a daunting task: pursuing a “cloud-first” digital transformation in the face of complex, longstanding legacy technology and contract challenges.
By turning to Rackspace, you get a team of unbiased experts across a range of leading cloud and infrastructure technologies — built on a compliance-ready framework and backed by ongoing managed operations, continuous monitoring, security services, living compliance documentation and audit assistance. We are a web-scale managed service provider, delivering 24x7x365 hybrid-cloud management, operational support and security services as a packaged, on-demand, audited and pay-as-you-go service. You get the same commercial services that power the Fortune 100, in a compliance-ready state, with the additional security controls and governance necessary for your unique mission.