By Stuart Lauchlan
According to a new study by the Government Accountability Office (GAO), progress is being made in implementing the "Cloud first" policy.
The Office of Management and Budget set out its Cloud first policy in December 2010, with top-level backing from President Obama.
The Cloud policy has met with some resistance at the federal CIO level. In October 2011, the GAO reported that a depressing twenty-two out of twenty-four major federal agencies said they were "concerned" or "very concerned" about the security implications of the strategy.
Line that up against the requirement that agencies were expected to migrate three of their technology services to the Cloud by June 2012, the outlook for Cloud first was looking stormy.
But in fact, the GAO has found that the departments of Agriculture, Health and Human Services, Homeland Security, State, and Treasury, and the General Services and Small Business administrations have all met the requirements - and have learned valuable lessons to pass on to other government agencies, both at home and abroad.
The Seven Challenges
Specifically, the GAO has isolated seven common challenges that government agencies faced in meeting the Cloud first requirements:
- Meeting federal security requirements. Cloud vendors may not be familiar with security requirements that are unique to government agencies, such as continuous monitoring and maintaining an inventory of systems.
- Obtaining guidance. Existing guidance for using Cloud services may be insufficient or incomplete. Agencies cited a number of areas where additional guidance is needed, such as purchasing commodity IT.
- Acquiring knowledge and expertise. Government organizations simply may not have the necessary tools or resources, such as expertise among staff, to implement Cloud solutions.
- Certifying and accrediting vendors. Agencies may not have a mechanism for certifying that vendors meet standards for security.
- Ensuring data portability and interoperability. To preserve their ability to change vendors in the future, agencies may attempt to avoid platforms or technologies that "lock" customers into a particular product.
- Overcoming cultural barriers. A risk-averse government culture may act as an obstacle to implementing Cloud solutions.
- Procuring services on a consumption (on-demand) basis. The on-demand and scalable nature of Cloud services can make it difficult to define specific quantities and costs, which in turn can make contracting and budgeting difficult due to the fluctuating costs associated with scalable and incremental Cloud service procurements.
To attempt to tackle some of these issues, the GAO has told the political and administrative executives that they should direct their respective CIOs to take two specific actions:
- Establish estimated costs, performance goals, and plans to retire associated legacy systems for each Cloud-based service discussed in the GAO report, as applicable.
- Develop, at a minimum, estimated costs, milestones, performance goals, and plans for retiring legacy systems, as applicable, for planned, additional Cloud-based services.