Recommendations from the MITRE-ATARC Cloud Technology Collaboration Symposium

Last June the MITRE Advanced Technology Academic Research Center (ATARC) hosted a series of discussion sessions at the Federal Cloud & Data Center Summit that brought together members of industry, the academic community, and government. These representatives contemplated challenges the federal government faces adopting and using cloud solutions, resulting in the release of a white paper summarizing their recommendations. Today’s post will examine those recommendations and offer a few thoughts on the potential implications for the federal cloud market.

The white paper covers five topics: 1) The next-gen cloud, 2) DevSecOps, 3) Adapting data center policy for speedy cloud migration, 4) From cloud to the edge - Handling IoT in the cloud, and 5) Cloud migration.

Next-Gen Cloud Recommendations

Government organizations need to adopt a business model for cloud that includes development methods and performance metrics. Organizations with this business model should also develop a strategic vision or cloud business case that identifies the goals, value, and challenges of transition. This vision should include an IT modernization roadmap developed in collaboration with industry partners.

Potential Market Impact – Consulting, consulting, consulting! One of the areas Deltek has emphasized repeatedly in recent years is the opportunity helping agencies chart paths to the cloud. Industry attention is largely focused on the “aaS” part of the cloud business with not enough consideration being paid to the fact that agencies often don’t know how to efficiently implement cloud solutions in the first place. The opportunity to help agencies move to the cloud will continue to expand as they become more experienced with cloud technology. Industry-provided brokerage services also fit the bill here.

DevSecOps Recommendations

Session participants advised that agencies increase workforce training and education to improve security, including “team-wide understanding of the operations life-cycle and security requirements in the cloud environment.” Agencies should also adopt integrated teams for handling security that include developers, security personnel, operations, and testing members. Additionally, agencies need to “ensure the proper understanding of cloud configuration management, automate only good quality code, leverage open source tools for automation, follow DevOps best practices, and use FedRAMP for security monitoring strategy guidance.”

Potential Market Impact – Services vendors take note, a lot of discussion revolves around “changing the culture” at agencies. Culture change comes slowly and training is a big part of it. Agencies acting on this recommendation will need industry help educating their staff on cloud security. Small businesses in particular could see opportunities to provide such services.

Adapting Data Center Policy to Speed Cloud Migration Recommendations

Application rationalization is a key first step to enabling cloud migration. Additionally, analyses of migration cost are advised as is study of the implications of cloud adoption for agency IT workforces.

Potential Market Impact – Most federal agencies are already in the throes of application rationalization as a result of the Data Center Consolidation Initiative a few years back. There may be some opportunities to continue this work. Agencies could also probably use assistance doing analysis of cloud costs vs. current legacy IT.

Handling IoT in the Cloud Recommendations

Government should establish an IoT device provisioning best practices guide that categorizes devices by their type (i.e., industry utilization and capability), an IoT to cloud data strategy development guide that suggests how best to manage and govern various data messaging formats and session layer protocols, and key data generation, collection, storage, and utilization metrics to enable the value of IoT investments.

Potential Market Impact – The discussions of this group illustrate how wide open the field of IoT technology is. Opportunity advising agencies on IoT strategy is rapidly developing. Cloud-based tools for managing IoT security and data will also be in demand for years to come.

Cloud Migration Recommendations

This final group recommended that agencies develop training programs to grow a workforce conversant with cloud migration. Additionally, agencies should simplify networks to facilitate access to cloud solutions. They should also revise security approaches to operate safely in the cloud, develop cloud billing management capabilities, and utilize automated tools that expedite cloud migrations.

Potential Market Impact – This final group touched on many of the biggest issues currently facing agency cloud migrations. Training of personnel is required, as is engineering support to flatten and consolidate networks. Presumably, some agencies will be using GSA’s new Enterprise Infrastructure Solutions (EIS) contract vehicle for this purpose. Revising security approaches could result in the outsourcing of security operations centers (SOCs) suggested by the American Technology Council earlier this year. The growing need for cloud billing tools and automated migration capabilities could benefit software providers.

The MITRE-ATARC sessions reveal a federal IT market in flux due to pressure – policy, legislative, budgetary, and security – to modernize. Cloud migration is just one part of the overall direction agencies are heading. It is a big part, however, providing business opportunity across all segments of the market.