Saving $20m and going agile in the process

From an interesting sounding panel on government IT:

“We do discovery on a small chunk and then development, and then while that’s going on, we’re starting discovery on the next small chunk, and so on and so forth,” Smith said. “And then when the development is done, we loop back and we do user testing on that piece that’s done. But we don’t release it. That’s … one of the differences between agile and the way we did it. At the end of the phase we release everything.”

Also, some fun notes on consolidating legacy systems and resistance to going agile.

FedRAMP costs ~$3.5m, takes ~18 months

Because FedRAMP is the expected standard in this market, but acquiring an ATO is a difficult, expensive and lengthy process, the number of federal IaaS providers is limited. Our discussions with vendors that have completed the process suggest an average of 18 months and $3.5 million to go through the process. This has led to increasing dissatisfaction with the FedRAMP Program Management Office, particularly for small providers, and it is working on streamlining the process as a result. Because the FedRAMP certification process is lengthy, providers may be in the process of certification.

As they used to say “a lot of effort went into making this effortless.”

Source: Gartner Reprint

Link: IDC: Federal government seeing cloud spending push

“In addition, the government plans to increase PaaS spending from $227.1 million in FY15 to $231.3 million [in FY16].”

We’re still in a phase where categorization causes weird slices of spend like this, but there you have it. More figures on “cloud” spending in the piece.

Source: IDC: Federal government seeing cloud spending push

Automating the three ring binder, an example from the US Government

18F is fun the watch if you’re interested in transforming to cloud. In this FAQ about cloud.gov, their Cloud Foundry service, they talk about how they help speed up the slow meatware process of compliance:

A typical agency process to demonstrate compliance with FISMA and gain an ATO requires generation of a gigantic, copy-pasted document enumerating the full design of the system. We document all of the federally-required controls in every section of the cloud.gov platform in a software-friendly way. This enables us to generate different documents suitable to different contexts: human-readable, gap analysis, spreadsheet matrix, web page visualization, etc.

Any app deployed on cloud.gov will be able to leverage these “parts-included” descriptions to make generating their own documentation much easier; they only need to supply information about what their system adds on top of the PaaS. For more information, you can watch the recent DigitalGov University video on “Handling FISMA Faster and Better.”

There’s a few interesting things here:

  1. They automate as much of the process as possible, doing the copy and pasting for you. Now, this should make you question needing to do all that meatware work in the first place but…
  2. If you can’t beat the meatware process problem, join it and try to automate it. There’s probably some value in there, and even for the parts where there is no value, it might be a waste of effort to fight it (versus other ways to spend your resources of time and favors). 3. And, as I mention on my cloud strategy piece on dealing with legacy IT, perhaps by doing all this you can expose how silly it is and eliminate it.

(If you like this line of thinking, check out my webinar on Dec 1st in dealing with legacy IT in your cloud strategy.)