A key accelerator for USA GovCloud adoption is their own hosting service: Cloud.gov.
It is the first Government certified distribution of Cloud Foundry, to offer an open source PaaS (Platform as a Service) specifically tailored for the USA public sector.
The platform is run by 18F, a team within the GSA, and as they write on their blog it is intended to provide a central function that reduces a common burden across government.
In this post they walk through a case study of an implementation, for Performance.gov, that utilizes the platform and highlights a critical benefit – The standardized and accelerated adoption of Digital Government practices that every agency is required to comply with.
Rapidly achieving compliance with a multitude of legislative obligations with much reduced effort is the key theme.
As this video of a presentation by the team describes, of the required 325 security controls required for compliance, Cloud.gov addresses 269 of these, 41 are shared responsibility and 15 are for the customer directly.
It also offers costs reduction benefits. Running through the pricing options. customers such as the Federal Election Commission, saved $1.2m per year, versus their own data centre hosting, when upgrading their fed.gov web site.
Cloud Native Government as a Platform
Use of a PaaS (Platform as a Service) in this manner provides a foundation for the ‘Platform Business Model’ and enables adoption of what is now known as ‘Cloud Native’ practices.
This is an effect described by Jez Humble in this presentation – Cloud Native in the US Federal Government.
Again he repeats the key message – The platform approach ‘bakes in compliance’, embedding controls and best practices into a standardized environment.
Jez describes how with these compliance controls built into the PaaS layer, combined with Agile development features like push button deployments, teams were empowered to safely speed up their innovation rates, while simultaneously encouraging best practices for distributed system design.
Simple functions like templates for compliance documentation, speeded up work to a matter of weeks versus many months, and automating operational tasks like renewing SSL certificates removed much of the mundane burden, freeing up developers to focus on higher value productivity.
These new, accelerated approaches to software development and deployment will have considerable impact downstream on the IT Service Operations team, captured in this AWS blog by Mark Schwartz previously CIO of a major US Government agency, where he notes:
“In my role as CIO of USCIS I once made the mistake of not paying enough attention to that portion of ops that lies outside of DevOps. We had a large initiative going on with about 15 agile teams. When they released code into production, they found that they needed to set up a process for handling user problems and questions, production incidents, and monitoring alerts.
As the system became more complex, this burden became heavier. In a few cases, business leaders as well as teams working on other systems downstream and upstream complained that they hadn’t been notified of outages that affected them.”
Ultimately this sets the scene for Government as a Platform, a concept described by visionary Tim O’Reilly as far back as 2010, coining the concept in this presentation and documented in this book section.
He describes how traditional IT for government should become more like Facebook, Twitter and the other Internet pioneers who have been harnessing the evolution of the Cloud to become ‘platforms’, doing so for government would enable a shared infrastructure that enables more rapid digital transformations.
As reported in this NextGov article Ed Mullen, a tech designer involved in developing many of these initiatives, offers a refreshed, detailed repeating of this same vision:
“This loosely-coupled ecosystem would have new pieces that are operated by the federal government that states can integrate with and use. It would utilize inexpensive commodity tools offered broadly in the private sector.
Microservices from companies would be employed where appropriate to provide functionality the companies are uniquely positioned to offer. Custom development would be reserved for situations where other options are not available. Application programming interfaces (APIs) would assemble all the pieces into user-centric products which would be deployed on cloud infrastructure.”