7 Agencies Make Progress on 'Cloud First' Policy
By Stuart Lauchlan
- Meeting federal security requirements. Cloud vendors may not be familiar with security requirements that are unique to government agencies, such as continuous monitoring and maintaining an inventory of systems.
- Obtaining guidance. Existing guidance for using Cloud services may be insufficient or incomplete. Agencies cited a number of areas where additional guidance is needed, such as purchasing commodity IT.
- Acquiring knowledge and expertise. Government organizations simply may not have the necessary tools or resources, such as expertise among staff, to implement Cloud solutions.
- Certifying and accrediting vendors. Agencies may not have a mechanism for certifying that vendors meet standards for security.
- Ensuring data portability and interoperability. To preserve their ability to change vendors in the future, agencies may attempt to avoid platforms or technologies that "lock" customers into a particular product.
- Overcoming cultural barriers. A risk-averse government culture may act as an obstacle to implementing Cloud solutions.
- Procuring services on a consumption (on-demand) basis. The on-demand and scalable nature of Cloud services can make it difficult to define specific quantities and costs, which in turn can make contracting and budgeting difficult due to the fluctuating costs associated with scalable and incremental Cloud service procurements.
- Establish estimated costs, performance goals, and plans to retire associated legacy systems for each Cloud-based service discussed in the GAO report, as applicable.
- Develop, at a minimum, estimated costs, milestones, performance goals, and plans for retiring legacy systems, as applicable, for planned, additional Cloud-based services.
- News from the Cloud: Cloud Computing Is High on Obama Agenda 
- New CSC Survey of More than 3,500 Cloud Computing Users