Cloud.gov: Offering agencies production-level security and scalability

By: | May 18, 2016
Share

download
In October 2015, 18F announced cloud.gov, a new platform that will enable federal teams to rapidly develop and deploy web services with best-practice, production-level security and scalability. The platform will also help agencies reduce the work required to comply with federal security regulations.

Bret Mogilefsky, Innovation Specialist at 18F, recently shared his perspective on this game-changing initiative. Don’t miss his presentation at Cloud Foundry Summit 2016.

Making an impact
Mogilefsky’s professional accomplishments are diverse. They include time at Sony PlayStation, where he managed the developer-services group and helped pioneer the use of web-based support for pro game developers. Before that, Mogilefsky worked at LucasArts as the lead programmer and assistant designer of Grim Fandango, a beloved 1998 LucasArts adventure game.

Indeed, his resume features stints at some of the most remarkably creative organizations in the world. So, how did a former gaming engineer get involved with 18F, an office inside the General Services Administration (GSA) that helps other federal agencies build, buy, and share efficient and easy-to-use digital services?

Bret Mogilefsky, Innovation Specialist at 18F

Bret Mogilefsky, Innovation Specialist at 18F

“I wanted to make an impact,” Mogilefsky said. “I have always campaigned for greater government transparency and action on major issues affecting U.S. citizens. Before joining 18F, I had to do this within the margins of my professional and personal life. Now, I can apply my experience and natural love of agile methods to effect IT transformation within the U.S. government. It’s the opportunity I have always dreamed of having.”

Open government, open source
As President Obama outlined in his Open Government Directive, the three principles of transparency, participation, and collaboration form the cornerstone of an open government. As federal agencies work to apply these principles to how they operate while complying with a broad set of regulations, the enormity of the technological implications is real. These are some of the reasons why 18F has built its own PaaS, called cloud.gov, on the Cloud Foundry open source project.

18F_logo.svg

18F created cloud.gov to fix pervasive problems. Traditionally, when a federal government agency wants to roll out a new application, the process involves a large operations organization that works methodically over an extended period of time to get the project deployed. Significant resources are typically dedicated to ensuring compliance  with federal regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP) and agency-specific Authority to Operate (ATO) requirements.

Whether the project is cloud-based or deployed on-premise, the arduous process is identical. Further, agencies looking to deploy in the cloud face the additional challenges posed by lack of know-how and staff well-versed in cloud-based application development. Cloud.gov’s mission is to remove the complexities associated with cloud-based software development by building operations know-how and compliance work into the platform.

“Typically, government agencies have limited staff and brain trust when it comes to cloud application development. We are centralizing as much of the compliance work as possible in the cloud.gov platform, so that the burden of deploying applications can still be taken on by a small team,” said Mogilefsky. “Hosting applications in the cloud does not by itself solve all of the infrastructure problems that agencies face and exposes the need for a cloud operations skillset that is not yet widely available in government. 18F and the cloud.gov platform deliver technology and the skills of operations experts as a distinct, uniquely valuable package for government.”

As cloud.gov was developed, 18F kept openness and transparency top of mind. 18F knew that it wanted to take advantage of the simplicity, control, and application time-to-market of a PaaS as the foundation for cloud.gov. The organization also knew that choosing anything but an open source platform would conflict with their organizational values.

“Everything we do at 18F is radically open. We chose to work with open source technologies to deliver cloud.gov specifically to prevent any interference with the transparency principles of U.S. open government initiatives,” said Mogilefsky. “When you boil it down, everything produced by the U.S. government is paid for by taxpayers. If we were to deliver something that relied on technology that was not freely available to everyone, then we’d be placing additional cost burden on the government and, ultimately, the American people. By choosing Cloud Foundry as the basis for cloud.gov, we’ve not only eliminated the risk of vendor lock-in but are also creating opportunities for everyone that uses the platform to improve it through the community.”

Cloud.gov also includes an open source product called Compliance Masonry, which helps users assemble the documentation necessary for federal services to comply with FISMA standards and agency-specific ATO requirements. Further, cloud.gov provides support for deploying applications written in Go, Java, Node, PHP, Python and Ruby, as well as custom binaries and static websites. In general, any open source or custom-developed software is suitable for deployment on cloud.gov.

https://www.everykidinapark.gov/ delivers parks information for free

https://www.everykidinapark.gov/ delivers parks information for free

Innovation in action
Cloud.gov is more than just a phenomenal vision—its implementation helps agencies better serve their constituents. For example, 18F used cloud.gov to implement a new website for Every Kid in a Park. Building the site presented unique challenges associated with how to best communicate information to a fourth-grade demographic, but using cloud.gov enabled 18F to focus on how to overcome those challenges instead of worrying about back-end development hurdles. Today, the Every Kid in a Park website gives U.S. fourth graders free access to all federal lands and water — including national parks, forests, wildlife refuges, and marine sanctuaries — for a full year.

https://collegescorecard.ed.gov/ provides everything a family needs to know about going to college

https://collegescorecard.ed.gov/ provides everything a family needs to know about going to college

18F also used cloud.gov to implement a new website for College Scorecard. Again, by leveraging built-in platform capabilities, the organization was able to focus on what really mattered related to the site redesign—collecting requirements from students, families and their advisers to provide the clearest, most accessible and reliable national data on college cost, graduation, debt, and post-college earnings.

Looking ahead
Cloud.gov is already a force-multiplier that bridges that gap between small service teams and advanced infrastructure skillsets. Looking ahead, there is still much work to do. “18F is going to be a model Cloud Service Provider (CSP) in the federal space,” said Mogilefsky. “Cloud.gov is only part of the equation. 18F is developing best practices, putting all of our documentation out on GitHub and sharing everything we know with the community.”

18F is also working through the process of making cloud.gov FedRAMP Compliant. Soon, the platform hopes to reach the FedRAMP-Ready status, which will enable the organization to go through the full assessment and authorization process to become FedRAMP Compliant.

“The future is wide open in terms of the value we can provide to government agencies using cloud.gov, built on Cloud Foundry,” said Mogilefsky. “We are constructing from the ground up for government to deliver cloud-ready applications for any kind of federal agency, no matter how big or small. Over time, what we can deliver will get better and better—the possibilities are enormous.”