The Federal Government’s cloud journey is nearly 10 years old. It all began with the launch of
Recovery.gov on Amazon Web Services in 2009. It was the first government-wide cloud system to
receive an ATO (Authority-To Operate). Cloud computing has since rapidly progressed from IaaS to PaaS
and now finally, Serverless computing. Serverless computing provides computing services on a “per cal”
basis without the need to manage any kind of infrastructure or systems software. Bye, bye patching!
Serverless computing coupled with MicroServices provide the perfect Federal IT modernization
blueprint to move from a CloudFirst policy to Cloud Smart adoption.

Serverless computing and MicroServices

Industry market research indicates Serverless computing will be a $7.7 billion market by 2021. Serverless
computing is different from PaaS and focuses on providing discrete code, data or integration services
provided on a “per call” basis.

There is a dramatically reduced "ops" burden without the need to manage
application or data software. Developers can write code and deploy them as functions. Serverless
computing is the end state after 10 years of infrastructure automation that started with IaaS. While
commercial cloud services for IaaS and PaaS have helped organizations take advantage of the elasticity
of cloud computing, but the average IT department still struggles with cloud operations. Coming to grips
with cloud infrastructure automation and orchestration is still hard and most organizations struggle with
managing their monthly bill. Serverless computing truly changes that. There is no infrastructure to
maintain or pay for. You don’t have to remember to turn off cloud instances or manage their sizes to
optimize spending.

Serverless computing when coupled with MicroServices allows developers to quickly integrate code
functions, data services and API’s to deliver digital business services. The application consists of a mesh
of MicroServices that are reliably delivered using Serverless computing services ensuring consistent
SLA’s. The cost and complexity of managing such environments for the average IT department are
considerably lower than IaaS or PaaS. Most organizations struggle with governance, vulnerability
management, hardening of containers and instances, managing CI/CD pipelines, and orchestrating the
cloud computing platform. Serverless computing makes it simpler to deploy application and data
services without operations management headaches.

What lies beneath Serverless computing?

Infrastructure operations along with operating system, database and application systems software
management responsibilities squarely rest with the cloud service provider. There are no operating
systems to scan and patch. There is no access to the command prompt – only end-points or code as
functions! The CISO and IA community must rapidly start focusing on configuration management and
pay greater attention to the cloud service providers compliance with FedRAMP and FISMA
requirements. As operational risk shifts from the agency to the cloud service provider, continuous
monitoring, and management through SLA’s, FedRAMP collaboration groups and a strong governance
framework that monitors cloud service provider lifecycle from “birth to death” will be critical.

The Government CISO and IA community will need to ask for evidence to ensure that the cloud service
provider is operating in compliance – e.g. ensure that up to date patch levels are maintained and
ensuring that such configuration information is available through API's to allow for monitoring. The net
result is that more reliable digital services will be available to users with industry standard SLA’s at a
lower cost. The Federal IT community will have better tools to continue to exercise oversight,
governance, and compliance with relevant policies.

Who will reap the cloud dividend?

The last 10 years have been about infrastructure, automation, and removing bottlenecks associated with
managing IT hardware. Early movers like the Recovery Accountability & Transparency Board (RATB), US
Treasury, GSA, and NASA clearly have a first mover advantage with many years of experience in
managing commercial cloud services. But in many ways, the next 10 years will be a huge paradigm shift
away from IaaS and PaaS and will require "unlearning" some of the lessons of the past. Many
organizations are still architecting and focused on creating CD/CD pipelines, instance and container
automation – those are Cloud 1.x paradigms that will not be around for much longer. Cloud-native
Serverless computing services are available now and growing fast – the future has arrived! If the last 10
years were about cloud infrastructure and PaaS, then the next 10 years are going to be about Serverless
application registries, MicroServices gateways and Serverless application catalogs promoting extensive
inter-agency and intra-agency sharing of code ensuring faster delivery of services. Agencies that
recognize this trend and move quickly to adopt Serverless computing and MicroServices at scale will
reap the ultimate cloud dividend.

About Gaurav “GP” Pal

Gaurav "GP" Pal is a thought leader and established industry expert in the area of cloud adoption and
modernization. He is the CEO and founder of stackArmor and has successfully supported cloud adoption
and modernization efforts at the Recovery Accountability &Transparency Board (RATB), US Treasury, US
Food & Drug Administration (FDA) and more recently the GSA Cloud Adoption Center of Excellence
(CoE). GP has been recognized with the Fed 100 and GCN Rising Star awards for his contributions in
driving Federal cloud adoption. He is a guest contributor at ATARC providing expert commentary on
industry trends and cloud adoption patterns.