The General Services Administration’s (GSA) digital services team is bullish on its new project, cloud.gov.
Developed by 18F, the digital consultancy that is part of GSA’s Office of Citizen Services and Innovative Technologies, cloud.gov will allow agencies to develop and run applications without having to use–or even build–their own infrastructure to support the work.
18F product lead Bret Mogilefsky shared some thoughts about cloud.gov with FedRAMP411–what it means for Federal agencies and what it took to build the cloud service.
FedRAMP411: What need/issue does cloud.gov address?
Mogilefsky: Moving your agency’s site or application to the cloud solves a number of problems, but it also creates the need for cloud management expertise. On top of that, you’ve still got to prepare all of the necessary documents to get an authority to operate (ATO) and demonstrate compliance with the Federal Information Security Management Act (FISMA). The cloud.gov platform bundles together 18F’s cloud management expertise and includes a tool to drastically reduce the amount of time required to prepare compliance documentation. The cloud.gov platform will help your team save time and money, improve the security of your application, and reduce the burden of the Federal compliance process.
FedRAMP411: How will it save time/money and can you quantify the savings?
Mogilefsky: Based on our experience with FISMA, we think cloud.gov will help agencies save dramatic amounts of time and money versus doing cloud operations and documenting everything for ATO processes on their own. At 18F, it’s allowed our development teams to stay small despite quickly deploying a number of projects that use development best practices. We don’t yet have an easy way to quantify the effect across all agencies, because they are at different levels of existing cloud-readiness, and we don’t have full insight into how much of their cloud-related labor costs cloud.gov might obviate.
FedRAMP411: Where do agencies start if they want to use it?
Mogilefsky: We’re in a closed pilot right now with a small group of Federal agencies. Interested government parties should add their email in the form at the bottom of cloud.gov to get information about availability and potentially gain access to the pilot.
FedRAMP411: Are the Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) elements FedRAMP approved? Do they need to be?
Mogilefsky: The underlying infrastructure of cloud.gov is a FedRAMP- and FISMA-approved usage in Amazon Web Services. Cloud.gov itself has not yet been FedRAMP approved, though all of our work is aimed at getting it approved.
FedRAMP411: Does cloud.gov have the potential to speed up Federal cloud adoption?
Mogilefsky: Absolutely. We believe any Federal agency tackling this problem will face the same regulatory and compliance impediments we faced, as well as the bottleneck around cloud operations expertise. By lowering the barrier to entry and reducing the regulatory burden, our platform can help speed up the Federal government’s move to the cloud. This is also part of 18F’s model. By using open-source technology and being transparent about our work, we hope all the efficiencies we achieve and
the problems we solve can help other agencies work smarter and faster.
FedRAMP411: How long was cloud.gov in the works and how much did the project cost?
Mogilefsky: We didn’t build cloud.gov from scratch. The hard work was done in the open-source Cloud Foundry project, which is open to anyone, including vendors in the PaaS space. This put us way ahead. The first prototype took about three months to complete, the first applications started launching on cloud.gov a month after that, and then the team has been tweaking the platform based on the lessons we’ve learned from using it to launch 18F products. As an agile product, cloud.gov is always under
development, and we expect to learn a lot from the private pilot program.