We are especially fortunate to be experiencing an exciting change within the IT industry – the rise of cloud computing. This evolutionary transformation is fast replacing the legacy IT model not only within private industry but also within the Federal government. The “25 Point Implementation Plan to Reform Federal Information Technology Management” authorizes a “Cloud First” policy.

At the Department of Homeland Security, our private and public cloud initiative is well underway—with some exciting early successes.

First, let’s consider why the cloud is so vital.

The legacy IT model needs to evolve to meet the growing customer demands within a budget- constrained environment. The traditional IT model is not well positioned to reduce time to market for new services, provide transparency for operational expenses, and introduces higher risk due to up-front capital expenditures. Customized applications hosted in traditional environments cannot scale fast enough to support urgent demand in real-time. The Cloud business model however, provides readily available secure infrastructure-on-demand, enabling applications to scale rapidly, better supporting mission and business needs. Further, cloud enables further efficiencies in reducing delivery cycle time considerably over current delivery models. While the cloud enables resources to expand as needed, it also increases standardization and drives green IT, by shrinking our carbon footprint.

It is difficult to say which is more compelling—scalability and rapid deployment, or full transparency for managing operational costs. For many, controlling and reducing capital expense (the expenditures used to acquire physical assets, including both equipment and office space) is uppermost, while others argue meeting demand is the foremost concern. Whichever ranks first in your mind, it is clear that the cloud business model is becoming vital to how we align IT to support mission and business requirements.

At DHS, we have aggressively pursued private and public cloud offerings over the last 18 months. Our strategy directly aligns with the “25 Point Implementation Plan” as well as supports our own ongoing data center migration initiatives.

Our focus includes a two-part strategy: Private Cloud and Public Cloud services. We are establishing private cloud services to manage sensitive data and those services include: standing up development/ test and production virtual environments; establishing virtual desktops and mobility services to enable a mobile workforce; transitioning our legacy e-mail systems to E-mail as a Service (EaaS); enabling virtualized, multi-tenant collaboration environments to improve information sharing; providing authentication services across the department; and cultivating Customer Relationship Management (CRM) services. All of these initiatives are either in implementation, acquisition, or development phases. Further, all of these initiatives are based on the premise of paying for usage, no upfront capital expense, and with the ability to both deploy rapidly and scale quickly.

DHS’ early successes in the cloud include:

• Providing authentication services to more than 60 department applications.
• Transitioning more than 400 virtual machines in our data centers to our private cloud development/test and production infrastructure as a service offerings over the next six months.
• Deployed more than 23,000 users on the Collaboration as a Service in FY11, with plans to migrate more than 60,000 additional users to the collaboration environment by the end of December 2011.
• Reducing time to market significantly – for example, traditional delivery periods to provision of new servers ranged from six to nine months, and that timeline has been reduced now to a couple weeks. The target is to provision new development server environments within one business day and for production infrastructure, within one week.
• Migrating more than 50,000 email accounts to the Email as a Service by the end of December 2011.
• Having more than 5,000 users on the Virtual Desktop as a service offering in the spring 2012.

Establishing these Private Cloud services are critical to our success. At DHS, Private Cloud services enables the many components within our department to outsource equipment for operations, including storage, hardware, servers, and networking elements, to our two enterprise data centers. This model enables components to pay on a per-use basis, rather than standing up isolated capabilities throughout the organization that duplicate efforts and costs. In fact, early projections for these services look to yield cost avoidance savings of 8 to 10 percent once we transition to private cloud infrastructure services. Not only does the move to our Private cloud model eliminate redundancy and reduce costs, it also bolsters information security. DHS’ IT security Defense-in-Depth (DiD) strategy is fully in place at our enterprise data centers, to which components are aggressively migrating. DiD provides multiple layers of defense with strong cross-layer inherited controls that significantly lesson the costs of accrediting migrating and new systems and granting them an authority to operate. But DHS is not just wedded to establishing private cloud services at our two enterprise data centers. We are embarking on a public cloud strategy as well. This is important for DHS over the next few years. While we will continue to deploy and mature our private cloud, public cloud services will offer Federal agencies options that will continue to drive both mission effectiveness improvements and drive down costs. I want to make sure DHS can take advantage of these public cloud offerings as we look to consolidate all DHS public facing websites (i.e. dhs.gov, fema.gov, etc..). And I believe the FedRAMP initiative, over the next few years, will address critical security concerns of agency CIOs. To get started in leveraging public cloud offerings, DHS will soon award a public cloud hosting contract off the GSA’s IaaS Blanket Purchase Agreement (BPA) to have a cloud computing provider host DHS public facing web sites. Once awarded, we will initiate the consolidation of our public-facing Web sites to enhance DHS’ ability to service citizens. In addition to leveraging the GSA IaaS contract, we have already leveraged public cloud services to deliver:

• Restore the Gulf, a web portal that provides citizens with clear and accessible information and unified resources about the BP Deepwater Horizon oil spill response and recovery. The one- stop repository provides the news, data, and operational updates of administration-wide efforts addressing the spill, as well as mitigation of its impact on the environment, the economy, and public health.
• E-Verify Self Check, launched March 21, 2011, a free, Internet-based service application enabling workers to confirm employment eligibility in the United States. Self Check went live in several states including Arizona, Colorado, Idaho, Mississippi, Virginia, and the District of Columbia. Self Check is part of E-Verify, a DHS program administered by the U.S. Citizenship and Immigration Services in partnership with the Social Security Administration. DHS recently launched Self Check version 2, which includes a Spanish Module and is now available in 22 States, plus the District.

While I am very excited about the use and leverage of both private and public cloud services for DHS, I don’t underestimate the challenges CIOs have in bringing such capabilities to the agencies within the Federal government. Here are some on the list of challenges:

• CIOs must work closely with acquisition, procurement, and finance communities to address the new business paradigm represented by cloud computing. While cloud computing represents some technology changes, the bigger change management issues lie in the business and contracting models.
• CIOs must address changes to the workforce based on this changing paradigm. As the cloud transforms the way we deliver IT service, the traditional roles of IT specialists change too. CIOs must provide leadership to address both the updating of skills for existing personnel and the recruitment of new staff in an environment under significant change.
• CIOs must assess the tradeoffs between the benefits of operational and financial gains of public cloud computing with security risks associated with managing and storing sensitive data.
• Finally, CIOs will need to address their governance and management models to address the leverage of cloud computing of the rest of the IT organization.

These challenges are already inherent in the CIO’s role. And, they have one thing in common—change. Perhaps above all, the cloud challenges CIOs to lead cultural change within their organization. Yet it may be that this challenge alone best matches the role of today’s CIO, which is to be a key strategist and change agent to support true business transformation for an agency.