There has been a growing appetite across the U.S. government for cloud services, driven by two promises: saving taxpayer dollars while allowing government IT workers to step away from the tedious work of maintaining legacy systems. In December, President Donald Trump helped this along by signing the Modernizing Government Technology (MGT) Act into law, which provides incentives around government cloud adoption.
But there is still work to be done.
Recent data from the Center for Digital Government shows that 33 percent of business-critical IT systems at the state-level are considered legacy, meaning they are at least 17-years-old and understandably, unable to meet current user demands. It is estimated that nearly 75 percent of the federal government’s $80 billion IT budget goes to maintaining and operating legacy systems.
With government agencies being among its largest customers, Microsoft has front row seats to the decisions and thought processes behind IT modernization at the local, state and federal levels of the public sector.
“The past several years we’ve done a lot of state and local government work, and I guess it makes sense: they are smaller agencies, they’re more cash-strapped, and more willing to share technologies across for efficiency,” Julia White, Microsoft corporate vice president for Azure, said.
“It feels like now we’re seeing the tipping point on the more federal side as well. I think the slowest thing to change ultimately is the people and the policies around that,” she said, noting that the cloud-first mandate of the Obama administration established the framework for cloud adoption by federal agencies.
Now, White said, we’re at a point where there are “meaningful applications at the federal level looking to cloud, versus just piloting or dabbling.” The current climate – one where agencies are actively looking to cloud-based tools – is a mix ofpeople being ready for change and cloud providers like Microsoft ready to provide the necessary controls and compliance.
Jason Holloway, head of public sector at desktop-as-a-service provider Frame, has seen this change firsthand in his 20 years spent in federal service, both as active duty U.S. Air Force and an officer in the CIA, and later as part of the leadership team that led commercial cloud services adoption in the intelligence agency.
"The majority of U.S. government workloads that are trying to move to cloud-based infrastructure have some sort of regulatory or compliance overhead that they have to meet," Holloway said. Frame is a hosted platform service that runs on hyperscale clouds, including Microsoft Azure, and allows users to deliver Windows or Linux desktops application to any endpoint through a browser.
"The great thing with Azure government is it is the same software stack as the rest of Azure, the only difference is how it's managed and how you qualify to get access to it. The whole government gets access to that innovation that's being driven by 90 percent of the global use case in a custom region that's tailor made for them," he said.
A lot of government cloud adoption comes down to compliance, but also the comfort of the people at the various agencies, White said.
“At the federal level, these organizations are so big that there are pockets of them that are innovating and trying something new, and there’s pockets that are far from being interested in doing it,” she said, pointing to the U.S. Postal Service as an example.
“They have this great mobile app,” she said, “and yet they have seven-year-old systems that haven’t been modernized, all within one organization.”
Government agencies typically start their cloud adoption journey with disaster recovery workloads or software-as-a-service.
“Across the board we’ve probably seen SaaS adoption run in front of IaaS adoption in most of these agencies,” Paul Lormier, Distinguished Engineer for the Office 365 Enterprise Cloud, said. “In the state and local space, I think you see heavy adoption in terms of productivity and SaaS, and I think there’s a movement into the IaaS and PaaS, but that’s taking a little bit longer for folks to get their head around.”
But with SaaS and productivity applications the benefits can be seen almost immediately, Lormier said.
“I was working with a general from Air Force and they want to move to the productivity cloud to get airmen out of the data centers,” he said. “Where airmen are doing repetitive tasks and running Exchange, Sharepoint, and Skype, if they can outsource that it frees them up to do cyber work or other mission work.”
Aside from pursuing higher compliance with its cloud services, Microsoft embracing open source may also be a boon for its government cloud business, particularly outside of the U.S. where some countries mandate the use of open source technologies.
“As we start working more closely with federal I expect a huge majority of their applications are sitting on Linux,” White said.
Security No Longer Barrier to Government Cloud Adoption
Though security has long been cited as a significant blockade to government cloud adoption, Microsoft executives see it as a selling point with the agencies they talk to.
“We’re now at a point where people see that the security happening in the cloud is superior to what they can accomplish,” White said.
The people who work closest to security see the value of what Microsoft is doing, she said, particularly in terms of using machine learning to detect anomalies. The business leaders on the other hand may be harder to convince.
“Sometimes the business leaders have this falsely positive idea of what their own security must be,” she said. Sometimes it’s not until a business leader steps inside a Microsoft data center before they understand just how sophisticated the capabilities around security are compared to what they can provide in-house, White said.
The typical federal agency has at least 60 different security tools, Susie Adams, CTO for Microsoft’s Federal Government business, said in a recent presentation in Washington, D.C. What’s more, these tools have not evolved to detect today’s sophisticated threats, having been designed for classic perimeter attacks.
“We haven’t spent a lot of time as an industry on the detection phase, and moving forward this is what we need to do,” she said.
For Some Federal Agencies, IoT, Containers Next Phase
The disparity between how federal agencies approach cloud adoption can be seen in more advanced capabilities like IoT as well. The Miami-Dade Country Water and Sewer Department (WASD) had been collecting data from their systems for 22 years, but there was little analysis done to make the metrics useful. Working with Microsoft, WASD migrated over fifteen billion rows of historical data collected from its control system architecture into Azure SQL Data Warehouse.
“This not only equips WASD to better analyze and act on its existing infrastructure but will allow for better insight which can help the planners, operations and maintenance staff identify and respond. If the pumps are overworked, this can be quickly identified for a maintenance crew to respond,” per a case study.
“I think the next 12 months are going to see these IoT scenarios start to light up. And those are just game-changers,” White said. Some of these IoT scenarios will continue to play out as more agencies adopt Azure Stack.
Aside from IoT adoption, White said containers could be another exploratory area for government agencies looking to modernize outdated systems.
“I do think that is catching fire and it’s still not mainstream yet. I think people see the promise around it. I think the primary use case is around application modernization and government is maybe the best example of that. Decades of applications that are hard to use, people who wrote them are long gone, yet they’re important and need to run more efficiently and update them,” White said. “Container technologies gives them that agility and the way to break them into parts and be able to update pieces over time. And then move to the cloud more easily too.”
White said that government IT decision-makers are looking at how they can work with Microsoft to drive policy change. “They get it and want to unlock it but the Congressional system has to change before they can really take advantage of it,” she said.
She believes this role in working to drive change at a policy-level sets Microsoft apart from other cloud vendors.
“I think we have a more mature point of view about how engaging with government is not just about selling them tech. It’s about being a partner in helping drive culture forward,” White said. “It does put us in a different light and conversation and hopefully it earns us the goodwill to be a trusted partner with them.”
Whether the MGT Act will have meaningful and long-term impact on government cloud adoption remains to be seen, but the $228 million in funding allocated to the Technology Modernization Fund won’t go far. Still, it seems to be a positive step, even if it is a small one.