Written byGreg Otto
Since coming aboard in February, U.S. Chief Information Officer Tony Scott has been pressing for what he calls a “mass digitization” of government services, transforming old, analog processes into dynamic digital services.
Having helped construct Microsoft Azure, Scott knows how revolutionary cloud computing can be in creating those digital services. He discussed Tuesday how the government can harness that power during the National Institute of Standards and Technology’s cloud computing workshop.
Scott’s talk largely focused on the need to bake security into cloud computing by default. In recent appearances, Scott has used the analogy likening installing an airbag in a 1965 Ford Mustang to the way government thinks about security — bolting new features onto a system that really wasn’t built to handle them. Likewise, Scott said security needs to be integrated from the beginning if cloud architectures are to be successful.
“Even in the most mature cloud architectures, it still feels a little bit like the ’65 Mustang example,” Scott said. “We’re trying to slap on security, into the applications, the hardware, the [operating system], the network, storage and all that.”
This mindset is not new to any sector of IT, government or otherwise. Scott said his prior private sector teams often wanted to “lift and shift” when it came time to integrate enterprise systems into the cloud. He eventually learned that the “lift and shift” was “fundamentally a bad idea.”
“I’m all for virtualization and things that make cloud work, but to preserve the exact same architecture in the cloud that you started with is a usually a bad idea,” he said.
Read: Tony Scott’s plan for restoring confidence in the government’s cybersecurity posture — making it faster, newer, better.
Beyond measures built into the design, Scott said security needs to be top of mind when building a cloud system into an enterprise’s workflow. He listed workflow changes as a top challenge for CIOs when deploying a cloud system, using another analogy — how architects have differences between “as built” and “as designed” drawings when it comes to building a house — to describe how this often looks inside IT departments.
“As organizations, we fail to capture the ‘as built’ drawing and use that as the basis for change,” he said. “That has to be built into the design.”
Ultimately, Scott sees cloud computing greatly simplifying the convoluted bureaucracy that comes with large government agencies. Currently, citizens, business or nonprofits interact with agencies for grants, permits or licenses, encountering numerous offices before decisions are made. With cloud, Scott envisions that process becoming flat, taking away steps by creating scalable applications or the increased use of APIs.
“When I think about what every big government agency does, they all do more or less the same thing,” he said. “Another necessary process of this cloud machine is scalable cloud services that allow us to have [other] services that don’t have to be built into every application. Think Social Security, think immigration and naturalization, think IRS.”
Be it a better way to check tax records online or applying for a government grant digitally, Scott said he knows what it takes to quickly harness cloud’s potential. During his time at Microsoft, former CEO Steve Ballmer told Scott he wanted everything on the cloud in five years. He yet again used an analogy to describe how this is possible, likening the process to a beginner musician’s path to one day playing at Carnegie Hall.
It takes “practice, practice, practice,” Scott said.