Enterprise Cloud Computing Strategy

November 1, 2014
 Enterprise Cloud Computing Strategy

APPROVAL

Executive Approval
As the Chief Information Officer, I approve the PBGC Cloud Computing Concept of Operations.

Barry C. West, Date

Chief Information Officer

Enterprise Architecture Division (EAD) Approval

As the Chief Enterprise Architect, I approve the PBGC Cloud Computing Concept of Operations.

John Larsen Date

Chief Enterprise Architect

Enterprise Cybersecurity Division (EAD) Approval

As the Chief Information Security Officer, I approve the PBGC Cloud Computing Concept of Operations.

Tim Hurr Date

Chief Information Security Officer

ii
 Enterprise Cloud Computing Strategy

Table of Contents
EXECUTIVE SUMMARY .......................................................................................................................1
1 OVERVIEW ..................................................................................................................................2
1.1 BACKGROUND ................................................................................................................................... 2
1.2 PURPOSE.......................................................................................................................................... 2
1.3 AUDIENCE ........................................................................................................................................ 2
1.4 WHAT IS CLOUD? - CLOUD COMPUTING DEFINED AT PBGC ..................................................................... 2
1.5 CLOUD DETERMINATION ..................................................................................................................... 4
1.6 MANAGED SERVICES – A NON-CLOUD SERVICE MODEL........................................................................... 5
1.7 BENEFITS OF CLOUD COMPUTING......................................................................................................... 5
1.8 ORGANIZATIONAL CHANGE MANAGEMENT............................................................................................ 6
1.9 CLOUD COMPUTING ALIGNMENT WITHIN PBGC .................................................................................... 7
1.10 PBGC CLOUD COMPUTING VISION AND GOALS ...................................................................................... 7
2 PBGC ENTERPRISE CLOUD COMPUTING STRATEGY .......................................................................9
2.1 GOAL 1: ADOPT A PBGC CORPORATE-WIDE APPROACH TO CLOUD COMPUTING .......................................... 9
2.2 GOAL 2: DEVELOP A PBGC SPECIFIC ENTERPRISE CLOUD COMPUTING CONCEPT OF OPERATIONS .................. 9
2.3 GOAL 3: INCREASE THE EFFICIENCY OF CURRENT AND FUTURE IT PROGRAM INVESTMENTS .......................... 10
2.4 GOAL 4: MANAGE TECHNICAL AND BUSINESS RISKS IN SUPPORT OF PBGC’S TRANSITION TO CLOUD SERVICES 10
2.5 GOAL 5: ENSURE THAT POTENTIAL BENEFITS ARE CAPTURED AND MEASURED ........................................... 11
2.6 STRATEGIC CLOUD TRANSITION ROADMAP .......................................................................................... 11
3 PBGC’S TARGET CLOUD ENVIRONMENT .....................................................................................13

List of Tables
TABLE 1: NIST ESSENTIAL CLOUD CHARACTERISTICS............................................................................................... 3
TABLE 2: NIST DEPLOYMENT MODELS ................................................................................................................. 4
TABLE 3: NIST SERVICE MODELS......................................................................................................................... 4
List of Figures
FIGURE 1: NIST CLOUD COMPUTING FRAMEWORK................................................................................................. 3
FIGURE 2: HIGH-LEVEL CLOUD TRANSITION ROADMAP .......................................................................................... 12

iii
 Enterprise Cloud Computing Strategy

Executive Summary
Cloud computing provides a new way of acquiring and delivering computing resources to the Pension Benefit
Guaranty Corporation (PBGC). Cloud computing presents a compelling opportunity to PBGC senior leadership to
address critical information technology (IT) issues including increased cost efficiency and business agility through
provisioning speed, flexibility and scalability. Cloud computing offers multiple benefits to PBGC by leveraging scale
economies, commoditizing IT infrastructure, and a paying per-use model. In addition, there are cloud computing
benefits that support and accelerate existing federal and PBGC IT initiatives including data center consolidation,
shared services, innovation, and sustainability.

While the adoption of cloud computing offers multiple potential benefits to PBGC, it also presents critical
challenges and risks that must be considered when evaluating and deciding to use cloud computing services. PBGC
must balance the business needs and characteristics of individual information systems against potential cloud
computing risks to ensure the continued performance, security, and reliability of PBGC information systems.

To accelerate the adoption of cloud computing across the Federal Government, the Office of Management and
Budget (OMB) has made cloud computing an integral part of the IT management reform and instituted a “Cloud
First” policy. This policy requires agencies to consider and evaluate a safe and secure cloud computing option
before making investments. If such an option exists, then OMB is expecting that agencies consider this as a
potentially viable option.

The purpose of the PBGC Enterprise Cloud Computing Strategy is to define an actionable set of goals that when
implemented capture cloud computing benefits across PBGC while continuing to maintain a safe, secure and
reliable environment for information systems that enable and support PBGC’s mission.

PBGC’s Cloud Computing Vision:

Identify and migrate suitable IT services to a cloud computing environment to reduce costs and
increase IT provisioning speed, while ensuring that PBGC information systems maintain their
current high levels of safety, security, reliability, and performance.

To achieve this vision, PBGC has identified the following goals:

Goal 1: Adopt a PBGC corporate-wide approach to cloud computing.

Goal 2: Develop a PBGC specific Enterprise Cloud Computing Concept of Operations (ConOps).
Goal 3: Increase the efficiency of current and future IT Program investments.
Goal 4: Manage technical and business risks in support of PBGC’s transition to cloud services.
Goal 5: Ensure that potential cloud benefits are captured and measured.

PBGC’s Enterprise Cloud Computing Strategy will advance and accelerate the current adoption of cloud computing
across the Corporation to capture benefits and provide tangible business value, while ensuring that PBGC’s
information systems are safe, secure and reliable in support of its mission. To achieve this, PBGC will use a
structured approach to balance requirements, schedule, cost and risk when migrating business systems to the
most appropriate cloud environment. The scope, timing and goal implementation of this strategy will be impacted
by the readiness, priorities and funding commitment of PBGC.

1
 Enterprise Cloud Computing Strategy

1 Overview
1.1 Background
In 2010, OMB published the 25 Point Implementation Plan to Reform Federal Information Technology
1
Management to guide the Federal Government to become a more cost efficient and effective provider of public
2
services. The Federal Cloud Computing Strategy published in 2011, articulates the benefits, considerations, and
trade-offs of cloud computing, and provides a decision framework to support agencies in migrating toward cloud
computing. OMB has also instituted a “Cloud First” policy that requires agencies to consider and evaluate a safe
and secure cloud computing option before making investments. If such an option exists, then agencies must
consider the viability of the cloud solution in their environment. PBGC needs an overarching strategy to set the
vision for and guide the adoption of cloud computing across PBGC and capture its potential benefits while ensuring
that systems remain safe, secure and reliable to fulfill PBGC’s mission.

1.2 Purpose
The purpose of this document is to define and communicate a unified PBGC direction and strategy on cloud
computing. It is also intended to serve as a communication vehicle within the PBGC and with external
organizations as required. It is not intended to define, prescribe or constraint any particular technical approach,
plan or solution, service type, or deployment model.

The Enterprise Cloud Computing Strategy, when successfully executed, enables PBGC to realize positive strategic,
financial and operational outcomes. It facilitates a common understanding of the significance of cloud computing
for all PBGC stakeholders and how cloud can dramatically improve PBGC’s ability to serve its customers.

1.3 Audience
The intended audience of this document is PBGC’s senior leaders, business sponsors, system owners, business and
IT program and project managers, and PBGC staff who are stakeholders responsible for information systems, IT
services and cloud computing adoption.

1.4 What is Cloud? - Cloud Computing Defined at PBGC

The National Institute for Standards and Technology (NIST) defines cloud computing as “a model for enabling
ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can
3
be rapidly provisioned and released with minimal management effort or service provider interaction.”

NIST defines five essential characteristics of cloud computing, four deployment models, and three service models,
that help organizations establish requirements for transitioning to the cloud as well as determining the appropriate
cloud offering. The NIST definitions detailed in the following three sections establish the foundation for how PBGC
identifies cloud solutions and serves as the basis to determine whether a cloud offering is the most appropriate
solution to meet PBGC requirements.

1
25 Point Implementation Plan to Reform Federal Information Technology Management
http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/25-point-implementation-plan-to-reform-federal-it.pdf
2
Federal Cloud Computing Strategy http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-
strategy.pdf
3
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

2
 Enterprise Cloud Computing Strategy

Figure 1: NIST Cloud Computing Framework

When consuming cloud computing, PBGC will utilize NIST definitions and commonly recognized terminology to
ensure all implemented solutions follow a commonly understood and used vocabulary. This will leverage previous
cloud computing analyses, promote consistency in implementing cloud solutions and also enable PBGC to measure
progress in comparison to other organizations that have implemented similar solutions.

1.4.1 Essential Cloud Characteristics

4
NIST has identified five essential characteristics which define cloud computing.

Essential
NIST Definition
Characteristics
On-Demand A consumer can unilaterally provision computing capabilities as needed automatically without
Service requiring human interaction with each service provider.
Broad Network Capabilities are available over the network and accessed through standard mechanisms that
Access promote use by heterogeneous thin or thick client platforms.
Computing resources are pooled to serve multiple consumers using a multi-tenant model, with
Resource Pooling different physical and virtual resources dynamically assigned and reassigned according to
consumer demand.
Capabilities can be elastically provisioned and released to scale rapidly outward and inward
Rapid Elasticity
commensurate with demand.
Cloud systems automatically control and optimize resource use by leveraging a metering
capability at some level of abstraction appropriate to the type of service (e.g., storage,
Measured Service processing, bandwidth, and active user accounts). Resource usage can be monitored,
controlled, and reported, providing transparency for both the provider and consumer of the
utilized service.
Table 1: NIST Essential Cloud Characteristics

1.4.2 Cloud Computing Deployment Models

A cloud deployment model defines where the computer and network resources are deployed and who manages
5
them. NIST recognizes four deployment models.

4
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
5
The NIST Definition of Cloud Computing, pg. 3. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

3
 Enterprise Cloud Computing Strategy

Deployment NIST Definition

Model
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and
operated by a business, academic, or government organization, or some combination of them. The
Public Cloud
infrastructure exists on the premises of the cloud provider.

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple
consumers. It may be owned, managed, and operated by the organization, a third party, or some
Private Cloud
combination of them, and it may exist on or off premises.

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from
organizations that have shared concerns. It may be owned, managed, and operated by one or more of the
Community organizations in the community, a third party, or some combination of them, and it may exist on or off
Cloud premises. For government organizations, this deployment model represents intra-agency sharing of cloud
capabilities and resources.

The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community,
or public) that remain unique entities, but are bound together by standardized or proprietary technology that
Hybrid Cloud
enables compute, network, data, and application portability.

Table 2: NIST Deployment Models

1.4.3 Cloud Computing Service Models

A cloud service model defines how cloud computing services are offered to customers. NIST recognizes three
6
service models.

Service Models NIST Definition

The capability provided to the consumer is to use the provider’s applications running on a cloud
infrastructure. The applications are accessible from various client devices through either a thin client
Software as a interface, such as a web browser, or a program interface. The applications may be configured by the
Service (SaaS) consumer but programmability is typically limited in scope.

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or
Platform as a acquired applications created using programming languages, libraries, services, and tools supported by
Service (PaaS) the provider.

The capability provided to the consumer is to provision processing, storage, networks, and other
Infrastructure as a fundamental computing resources where the consumer is able to deploy and run arbitrary software,
Service (IaaS) which can include operating systems and applications.

Table 3: NIST Service Models

1.5 Cloud Determination

When determining whether an IT service is a cloud solution, it must meet all five essential NIST characteristics.
Once a service meets all five characteristics, then the deployment and service model may be determined. Service
and deployment models do not factor into the determination of whether an IT service is cloud computing.

6
The NIST Definition of Cloud Computing, pg. 2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

4
 Enterprise Cloud Computing Strategy

When determining whether an IT service defined as cloud computing, it must meet all five essential MIST
characteristics to be considered c loud. Once a service meets all five characteristics, the service and deployment
model may be determined.

1.6 Managed Services – A Non-Cloud Service Model

PBGC employs an additional service model called “Managed Service”. PBGC defines a Managed Service as “Any IT
solution hosted by an outside vendor or external government organization that interfaces with PBGC’s
7
infrastructure.”

A managed service provides application functionality and hosting in a single service offering. A managed service
does not provide the five essential cloud characteristics such as resource pooling and rapid elasticity. If a managed
service does provide the five essential cloud characteristics, it would be a cloud service offering, not a managed
service.

Managed services, in the PBGC IT environment are typically those services provided by Federal shared service
providers (see Uncle Sam’s List on https://unclesamslist.max.gov/). When assessing PBGC applications and IT
services for cloud environment, specifically SaaS, IPgTs and Integrated Project Teams (IPTs) should consider
managed services as an additional service model to be considered.

1.7 Benefits of Cloud Computing

The cloud computing business model to deliver IT services (software, platform and infrastructure) presents a
compelling opportunity to PBGC leadership to address critical IT issues including increased cost efficiency,
provisioning speed, flexibility and scalability. Further, there are additional potential benefits from cloud computing
that support and accelerate existing Federal and PBGC IT initiatives including data center consolidation, and
information sharing, shared services, innovation and sustainability. Given the potential benefits from cloud
computing, as part of the execution of this strategy, PBGC will analyze and identify opportunities to take advantage
and capture cloud computing benefits across PBGC. Potential benefits from cloud computing are described below.

1.7.1 Business Agility - Rapid Elasticity and On Demand Service

A typical pain point for the business is the IT provisioning speed. Providing new hardware environments for
applications, setting up development, test, production, back-up and recovery environments, and developing and
supporting new software may take a long time and it is usually not aligned with being responsive to changing
business needs and customer expectations. A key characteristic of cloud computing is the automated provisioning
of computing resources and it has the potential to dramatically decrease the provisioning time.

For instance, think of a potential scenario where the need for a data and financial analysis tool is presented. The
required functionality is already provided in the form of Software as a Service (SaaS) by an authorized cloud service
provider (CSP). Authorized users in the business may get near immediate access to the SaaS capability on a pay-
per-use model. There would be no need to procure and buy a server, software, connect it to the network, and
provide access, before users can use the functionality. Cloud can also be implemented for development and test
environments. With cloud, development and test environments may be established in minutes and hours rather
than days, weeks or months.

1.7.2 Improved Cost Efficiency – Measured Service and Resource Pooling

A major potential benefit of cloud computing is IT cost savings. Under the cloud computing model, the costs of
acquiring, maintaining and refreshing software, tools, development platforms, hardware, storage, etc. are shifted
to the CSPs. CSPs serve a high number of customers and they are able to offer lower individual pay-per-use rates
by leveraging economies of scale, commoditizing infrastructure, and automating data center processes. In a typical

7 As defined in the PBGC IT Program Plan Template. http://intranet/it/portfolio/documents/IT-Program-Plan-BY2016-Blank-Template.pdf

5
 Enterprise Cloud Computing Strategy

IT organization, operation costs represent a significant percentage of the IT budget, and the opportunity to
optimize and reduce operation costs by using cloud services represent a very attractive option to IT organizations
and PBGC. For instance, many organizations across PBGC maintain multiple servers (hardware and software) with
similar characteristics and possibly low utilization rates. Costs that are associated with the servers include the
initial acquisition of hardware and software, annual license fees, periodic technology refreshes, and the associated
administration and maintenance of the environment. Depending on the criticality and sensitivity of the data and
systems that they support, the next time that a group of servers requires a technology refresh, the need for these
servers may be provisioned by a CSP, either a Platform or Infrastructure as a Service (PaaS or IaaS) platform
provider rather than PBGC acquiring, installing and configuring a new set of infrastructure. PBGC will then replace
typical costs associated with the operations and maintenance of the servers with a lower pay-per-use rate for the
servers.

1.7.3 Scalability – On-Demand Service and Resource Pooling

To take advantage of economies of scale, CSP data centers have massive amounts of computing resources
available to cloud service consumers. Individual program needs for computing resources may vary for several
reasons. An unexpected event, new policies or regulations may trigger increased demand for computing resources
that was not forecasted in advance. Cloud computing offers the benefit to scale up and down in computing
resources as needed. Depending on demand, a traditional IT system will be overwhelmed and may eventually fail,
where a cloud service will allow resources to rapidly scale up to meet the unpredictable demand.

1.7.4 Additional Cloud Benefits

Typical benefits from cloud computing have been centered on IT cost savings, increased provisioning speed, and
scalability. There are additional potential benefits that are important to existing Federal and PBGC initiatives
including data center consolidation, information sharing, shared services, innovation and sustainability. Cloud
computing can accelerate data center consolidation efforts by reducing and simplifying the existing PBGC data
centers, which will decrease data center consolidation and integration costs in the future. This includes being able
to create new development environment and ensure that existing application’s production environment is
synchronized with its development and test environments. The elimination of redundancies and optimal
utilization levels in PBGC IT environment will reduce energy consumption and support a more sustainable
environment.

1.8 Organizational Change Management

A critical success factor for the adoption of new approaches and technologies such as cloud computing is to
sufficiently address the organizational aspects of the transition. PBGC will ensure that stakeholders are involved in
cloud planning, well informed, and their concerns and expectations are properly addressed. Objectives include:

 Develop and implement a cloud computing communication, outreach and training plan. PBGC will
identify stakeholders and their communication, outreach and training needs. It will develop appropriate
material to satisfy those needs.

 PBGC will establish the appropriate planning, migration and post-migration mechanisms to enable,
monitor and control cloud migrations. Integration with the existing IT Solutions Life Cycle Management
(ITSLCM), portfolio management processes and IT Tactical Planning will help to minimize the amount of
change the organization will need to adapt and to absorb.

The Enterprise Cloud Computing ConOps document will expand and detail the organizational change management
approach and activities.

6
 Enterprise Cloud Computing Strategy

1.9 Cloud Computing Alignment within PBGC

1.9.1 PBGC Strategic Alignment

8
Cloud computing directly supports and aligns with PBGC’s Strategic Goal 3.5 and Performance Goal 3.5.A.
Strategic Objective 3.5 is “Maintain secure, flexible and scalable technology”. Cloud computing is defined as
provisioning a secure, flexible infrastructure that can rapidly accommodate changing business requirements,
including increases and decreases in workload. Performance Goal 3.5.A is “Develop and Implement a coherent
strategy to upgrade Information technology”. Cloud computing will also assist in performance goal 3.5B of “Meet
Security Requirements” as cloud environment may be more secure than existing legacy environments.

1.9.2 IT Strategic Alignment

9
The IT Strategic Plan expands on the PBGC business goal and specifically identifies Cloud Computing to
“Modernize and innovate PBGC’s IT solutions through the use of cloud computing and shared services to enable a
flexible, reliable, secure, and cost-effective environment”. Business and IT Strategic alignment to cloud computing
ensures there is senior leadership awareness and focus on the relative importance cloud computing has to the
PBGC.

1.9.3 Alignment with Operational Outcomes

Alignment to PBGC’s Governance, Planning and Management Processes
PBGC’s Enterprise Cloud Computing Strategy is integrated with PBGC’s IT governance, planning and management
processes to maximize stakeholder buy-in from all stakeholders prior to selecting a solution. In most cases, cloud
solutions are evaluated during the Need/Concept and Planning Phases through the completion of a Business Needs
(BNA) or Alternatives Analysis (AA). This cloud strategy and ConOps will ensure that any BNA or AA adequately
assesses whether or not cloud solutions are feasible when addressing current and future PBGC business needs.

Organizational Transparency
PBGC IT governance processes provide the opportunity for all relevant stakeholders to contribute in the
assessment of cloud solutions, ensuring decision are not being made in a vacuum. This collaborative approach will
support budget and funding decisions and ensure they are made in a transparent atmosphere and maximize buy-in
from all stakeholders.

1.10 PBGC Cloud Computing Vision and Goals

PBGC’s Cloud Computing vision is to:

Identify and migrate suitable IT services to appropriate cloud computing environments to increase business
agility and reduce costs, while ensuring that PBGC information systems maintain their current high levels of
safety, security, reliability, and performance.

PBGC envisions a future state IT environment that takes advantage of available commercially available and public
sector cloud services (such as infrastructure, platform, and software) and deployment models (such as public,
private, community, and hybrid). PBGC is planning to leverage the PBGC ITSLCM to enable the acquisition,
migration and consumption of cloud services across the Corporation. With cloud computing, most IT initiatives
should not require a significant upfront investment, making it easier for the agency to launch strategic Business
initiatives that are technology enabled. PBGC IT programs will be able to provision services to customers that
satisfy PBGC’s operational demands for flexibility, scalability and timeliness. PBGC IT Programs will be able to
deploy development and test environments quickly and with minimal upfront investments. PBGC IT users will be
able to access authorized data and services from virtually anywhere, anytime they can establish a secure network

8
PBGC Strategic Plan. http://intranet/strategicplanning/PBGC-Strategic-Plan-2014-2018.pdf
9
PBGC IT Strategic Plan. http://intranet/it/PBGC-IT-Strategic-Plan-FY14-FY18.pdf

7
 Enterprise Cloud Computing Strategy

connection. IT complexity will be significantly reduced and the IT environment will be adequately protected from
growing and evolving cyber security threats. PBGC IT environment will be scalable and flexible to take advantage of
newer and emerging technologies as required including mobile computing, data analytics, and social collaboration.

8
 Enterprise Cloud Computing Strategy

2 PBGC Enterprise Cloud Computing Strategy

To achieve the Cloud Computing Vision, PBGC has identified five (5) goals the goals that are required to enable
PBGC’s Cloud Computing Vision. The goals to enable PBGC’s Cloud Computing Vision are described below.

Goal 1: Adopt a PBGC corporate-wide approach to cloud computing.

Goal 2: Develop a PBGC specific Enterprise Cloud Computing Concept of Operations.
Goal 3: Increase the efficiency of current and future IT Program investments.
Goal 4: Manage technical and business risks in support of PBGC’s transition to cloud services.
Goal 5: Ensure that potential cloud benefits are captured and measured.

2.1 Goal 1: Adopt a PBGC corporate-wide approach to cloud computing

PBGC will define and adopt an enterprise-wide and unified strategy to migrate IT services to the cloud. The
assessment and selection of PBGC IT services that may be migrated to cloud services is the first step. It will be
followed by a decision process to determine the cloud service type and the cloud deployment model that best
balance cost, value and risk to PBGC’s mission.

Objectives include:
 Provide a comprehensive and holistic analysis framework of PBGC IT services to identify candidates for
cloud adoption based on benefits and risks to PBGC. This will be an enterprise-level PBGC analysis where
all relevant PBGC programs, business units, and service providers are analyzed for consolidation and
optimization opportunities from cloud adoption. The enterprise-level and holistic analysis is key. This
analysis will be shared with the individual Integrated Program Management Teams (IPgT) for
consideration and analysis.

 Develop a business case framework to be used by the IPgT and IPTs to measure value and benefits from
cloud candidates. Factors that need to be considered for cloud computing include opportunities for
consolidation and optimization, elimination of redundancies, economies of scale, and a pay-per-use cost
model. IT operation costs to buy, maintain and refresh required software, tools and infrastructure may be
significantly reduced or eliminated. In a cloud computing service model, the CSP (internal or external) is
responsible for buying, maintaining and refreshing the required IT components.

 PBGC IT Programs as cloud service consumers can use a flexible utility-type, pay-per-use model to pay
only for IT services that they need and consume without the expenses required for IT components
purchase, maintenance and refresh. The structure and management of these pay per use models must be
addressed to ensure there is no violation of the Anti-Deficiency Act.

 Provide guidance as to what types of cloud deployment and service model to use based on the type of
workload. Based on benefits and risks to PBGC, IPgT and IPTs will provide recommendations for
deployment to cloud environments. Their analysis will be based on value and risks to the agency.

2.2 Goal 2: Develop a PBGC specific Enterprise Cloud Computing Concept of

Operations
To ensure an enterprise-wide and unified approach to adopting cloud computing services, an enterprise game plan
or playbook is necessary to ensure PBGC achieves the desired cloud computing benefits. A PBGC Enterprise Cloud
Computing ConOps will be developed to provide the next level of detailed planning and make the Enterprise Cloud
Computing Strategy actionable. The ConOps will adopt an incremental, risk based approach that leverages the
established IT governance structures such as:

 Existing recommendations from BNA’s and Segment architectures

 Leverage the existing PBGC IT Governance model in portfolio and project management
 Leverage the use of the ITSLCM to facilitate the adoption of cloud environments

9
 Enterprise Cloud Computing Strategy

The objective of the ConOps is to provide specific recommendations and actions that enable PBGC to plan, migrate
and manage PBGC IT services in cloud environments. To that end, the ConOps will take a phased approach to an
enterprise acceptance of moving to the cloud. These phases include:

Phase 1: Current State Baseline Assessment;

Phase 2: Organizational Change Management;
Phase 3: Migrate using established IT governance, portfolio and project management processes; and
Phase 4: Post-Migration Management and Optimization.

The ConOps will also include the following:

 Processes necessary to plan and migrate PBGC business applications to cloud environments.

 Governance will be addressed in the ConOps and is two-fold – business and investment related
governance and technical governance. For business and investment related governance, the Information
Technology Portfolio Review Board (ITPRB) will be used. Technical governance relates to the post-
migration management of cloud environments. It will be necessary to identify and implement the skills,
roles and responsibilities necessary for the successful management of the Post Migration Cloud
environment. During the Planning Phase, the Office of Information Technology must develop and gain
consensus on the responsibility assignment (RACI) matrix and identify necessary training requirements to
support cloud service level management.

 Revise relevant EA standards and processes across PBGC’s ITSLCM to ensure that they support and enable
the adoption and migration to cloud services.

2.3 Goal 3: Increase the efficiency of current and future IT Program

investments
A key benefit of cloud computing is the increased efficiency of IT including the reduction of costs and the rapid
provisioning of services, and PBGC must ensure that it is able to capture this key benefit. The ConOps will:

 Ensure cloud computing assessments follow the established IT governance structure and processes; and
 Integrate the portfolio and project management processes in which individual program assessments will
be validated during the investment cycle and ITSLCM.

Cloud adoption and migration outside of the existing IT governance structures exposes PBGC to additional and
unnecessary operational, financial, and technology risks. Adopting cloud or managed services requires a cross-
organizational, structured approach that is not supported by one-off efforts.

2.4 Goal 4: Manage technical and business risks in support of PBGC’s

transition to cloud services
PBGC must apply its IT Risk Management processes to the technical and business risks of cloud adoption and
migration. Only through a methodical approach to risk management can significant and potentially systemic risks
be mitigated to ensure internal and external customer satisfaction with cloud services.

Technical and Business Risks

Cyber security is a key risk and potential obstacle to cloud adoption. Cloud computing is complex and still evolving
as a service offering and cyber-security remains a key risk and obstacle to cloud adoption. PBGC will generally only
consider cloud solutions that are certified by FedRAMP and have a proven track record of success in the industry.

Additional risks and challenges from cloud computing include the capacity and readiness of existing network
infrastructure, interoperability, integration with existing systems, and technology maturity. Cloud services are

10
 Enterprise Cloud Computing Strategy

delivered over a network and PBGC must ensure that cloud solution’s response-time and bandwidth requirements
will not impact negatively the performance and normal operations of PBGC business information systems.

The adoption and migration to cloud services in PBGC will be an incremental process and it requires co-existence,
interoperability and integration with existing systems to avoid disruption of PBGC operations. PBGC will also
evaluate the need for and identify cloud migration pilots to manage and minimize risks and challenges from the
adoption of cloud services.

Objectives to manage technical and business risks include:

 Integrate the Enterprise Cyber-Security Division (ECD) into cloud computing decision-making to
adequately protect PBGC IT environment from growing and evolving cyber-security threats
 Develop an enterprise cloud computing risk assessment as part of an overall cloud decision framework to
identify potential risks introduced to PBGC IT environment,
 Ensure the network and telecommunication decisions will not represent a bottleneck to network services,
and
 Conduct technology pilots to manage and minimize cyber-security and network risks to PBGC IT
environment.

2.5 Goal 5: Ensure that potential benefits are captured and measured
PBGC will ensure that the value proposition and cost benefits from cloud service investments are realistic and
measurable. PBGC will identify, develop, and monitor performance metrics for cloud service solutions. There are
numerous financial and customer centric benefits that can be made possible.

Cloud computing promises to deliver financial value by reducing long-term IT hosting costs and IT asset ownership.
Measuring the financial performance of cloud migrations may be difficult without a more defined cost per unit
measurement of the existing legacy environment. Cost attribution is key in determining current and comparison to
proposed cloud costs.

Financial value performance of cloud migrations may be measured in a number of ways including:

 Reduction in the number of servers, cores, and GBs of storage in use

 Increase in the CPU utilization of remaining internally hosted servers
 Reduction in the number and cost of contractors supporting infrastructure and hosting
 Reduction in the hardware and software maintenance costs

Customer satisfaction is both internal and external. Internal customer satisfaction of cloud migrations can be done
through existing IT internal surveys to business customers. External satisfaction is only measured when externally
facing business information is migrated to the cloud. The cost and time to implement these changes to existing
surveys should be minimal to the survey owners.

2.6 Strategic Cloud Transition Roadmap

PBGC’s Cloud Transition Roadmap is prepared with a five-year view due to the uncertainty surrounding when the
first cloud implementation will begin. This high-level roadmap of PBGC’s transition to cloud computing provides
rough estimates for how long it will take to conduct analyses and begin implementation of cloud solutions.

11
 Enterprise Cloud Computing Strategy

Figure 2: High-Level Cloud Transition Roadmap

12
 Enterprise Cloud Computing Strategy

3 PBGC’s Target Cloud Environment

Upon implementation of the Enterprise Cloud Computing Strategy and the incremental risk-based approach to
cloud adoption, PBGC will ultimately have an IT environment that leverages cloud computing solutions when
practice from a business and technical perspective. This target state will be realized through a collection of
analyses that include taking IT services through the ITSLCM and related governance processes to ultimately
determine the best solution for that particular IT service. Solutions that are not able or ready to move will have a
detailed analysis supporting why it was not able to be transitioned to a cloud model. Similarly, all cloud
implementations will maintain organizational alignment and integration with the current PBGC technology
environment and governance processes.

All of these factors will ultimately result in a strategic enterprise-wide cloud environment that delivers the agreed
upon benefits to PBGC:

 An established and repeatable methodology to identify and assess actionable opportunities and readiness
to migrate to the best suited cloud computing services.
 A cloud-oriented IT environment that enables a continued success of the PBGC mission.

13