This week, we bring you a special treat — an extended conversation with Mark White, a principal with Deloitte Consulting LLP who works with both the firm’s Federal and Technology practices. He is also the CIO of Deloitte Consulting.
FCB talked with him at length about cloud computing and a variety of issues that are currently facing the industry.
He started by explaining what Deloitte does for the federal government in terms of cloud.
MW: “In talking with our federal clients about cloud, there are two or three different stages in which we find ourselves. There’s still the stage of trying to put some structure around what cloud means, how to actually come to a common understanding and an actionable conversation about it. That’s sort of the first [challenge] — understanding structure frameworks that allow a common basis of understanding and definition and that can allow you to have conversations and make plans that lead to a decisive outcome.
That, a year ago, was sort of the most common part of it. Now, with all of the attention that’s been spent and all of the time that’s been spent, that, while it still goes on, is probably not the most significant part.
The next phase, if you will — or generation of it — is in analyzing strategies and evaluating and helping make plans — plans to do analysis, plans to adopt, in certain cases, plans to expand — that is becoming of the most common of the three phases of the understanding, planning — and then the third phase, which is going to be actual implementation. That is the third phase — implementation of certain aspects.
It’s interesting. One of the points — and, in fact, one of our fundamental planks in the platform about cloud is that it’s technologically evolutionary. The impact on the mission can be revolutionary. So, when I say implementation is beginning to be an area in which we work more with our federal clients, that’s speaking specifically to those things that were originally described as so called ‘cloud’.
When I think about the fact that the technology aspects of cloud are essentially evolutionary in nature, they’re the next logical generation of the technologies and techniques and methods and disciplines we’ve been applying for data center consolidation, virtualization and operations automation.
So, having said that, we have been — and continue — to help our clients with implementation of those technology disciplines and capabilities and tools. It’s those that would, out of the box or from the get-go, have described it as a cloud implementation. That actually is beginning to increase.
FCB: With all of these changes happening — and I know different organizations sometimes have different definitions for cloud — but going based on what you just told me, what are you doing in terms of security. When I talk to agencies themselves, they say, ‘We’re really excited to take this next step, but we’ve got all this data that we don’t want getting out there.’ Talk a little bit about the security aspect and maybe alleviate some of those concerns.
MW: In order to have a common definition of cloud, there are two steps to set the table, if you will. The first step is — what are the characteristics of the mission problem that you’re trying to solve, or perhaps the technology solution you’re proposing? And do those characteristics imply or outline a cloud solution?
We use the five characteristics that NIST has put forward, and if you look around, you’ll see slight variations on a theme, but I think those are perfectly reasonable. . . . So, if your mission problem or your technology solution embodies or implies or needs all five of those, clearly we need to have a conversation about cloud. If it requires fewer than five — maybe three — then perhaps we ought to talk about a more mature technology — utility computing or managed services or even plain old outsourcing.
That’s the first part of having a cloud conversation — what are the characteristics of the problem or solution?
The second part of having a cloud conversation is three dimensions of the answer. The first dimension is the capability, or what kind of cloud: infrastructure-as-a-service, platform-as-a-service, software-as-a-service, or business process-as-a-service. The second is, what source? Is it a public cloud? A private cloud? A hybrid cloud? A community cloud, which actually obviously GSA defined in that RFI coming up on two years ago now. . . . And then the third, and this is may not be quite as familiar because it doesn’t get talked about as much, but we think it’s really important, is — what is the business model?
There are four layers. Layer one is — the business model is, ‘I want to be a cloud service subscriber’. Layer three is, ‘I want to be a cloud service provider. I want to make money by providing cloud services in the marketplace’. Layer four is, ‘I want to be a cloud service enabler. I produce technologies or skills or capabilities that allow the cloud service providers to do their job’. And then layer two is a cloud service broker.
So, dimensioning a cloud conversation first — what are the five characteristics and do you really need cloud? Then, the three dimensions — what kind of service, what source of service and what business model? And, if you will tell me what we’re talking about, then we can have an actionable conversation — we can conclude with action. So, you might say to me, “I want to be a subscriber of a public cloud infrastructure,’ at which point we can have a very meaningful conversation about the obstacles and the enablers and the challenges and the benefits, one of which, obstacles, by the way, is the security and private data security and privacy issue.