Photo: Andrea DiMaio, vice president and distinguished analyst, Gartner Inc.
With the new administration, the U.S. federal government has set the pace for a "cloud gold rush" that is already reverberating in other parts of the world and is creating expectations for suppliers.
The value proposition of cloud computing is certainly attractive. The cloud gives public CIOs the ability to better relate costs to actual use of infrastructure and applications, and to shift limited human resources from managing assets and processes that can be easily made commercial, to focusing on activities that are core to the missions of departments and agencies.
Besides that, cloud computing is closely related to another important phenomenon taking place within government agencies: socialization. The business of government is being challenged and transformed by the emergence of social networks, with government data mashed up with external data to support service delivery.
This implies that information assets and human resources that contribute to government operations will be more and more outside the government's span of control. Cloud computing shows the IT side of this same phenomenon: Technology assets and processes that government agencies rely on will be outside their traditional span of control.
Loss of control is indeed a primary obstacle to the large-scale use of cloud computing in government. Security, reliability, availability and data location are all very legitimate concerns, but they are also the manifestation of a fundamental discomfort with releasing control. Again, this is similar to what's being experienced by government managers, who are losing control of how employees perform their job through the use of social media.
The Office of Management and Budget and the General Services Administration are drawing a sensible road map to encourage agencies to adopt cloud computing. The current focus is on so-called "public cloud" infrastructure and applications, and for federal agencies to gradually move data and applications that are of a nonconfidential nature.
The establishment of the cloud storefront Apps.gov is a first step, and further evolutions to make procurement of cloud-based services easier through the establishment of blanket purchase agreements go in the right direction.
The next battlefield will be the development and certification of private or community clouds. This would be cloud-based infrastructures that are targeted at government users and comply with both federal security regulations and the desire for greater control.
In response to the launch of Apps.gov, Google has already announced Federal Information Security Management Act (FISMA) compliance by the end of 2009, and it is quite likely that other "public cloud" vendors, such as Amazon.com and Microsoft, will follow suit. On the other hand, vendors like IBM, HP or CSC, which traditionally run government infrastructures or workloads (coming more from an infrastructure utility model), are positioning themselves as partners for private cloud services. As a result, many offerings of infrastructure as a service as well as software as a service will emerge that meet most federal requirements.
Two important questions remain though.
The first one is about portability and interoperability. There are real issues regarding an organization's ability to easily retrieve its data (and business processes performed in embedded software services) should it decide to terminate services with a cloud provider. While these risks also exist when data and applications are sourced internally, the cloud exacerbates them. Interoperability between cloud service providers is just in its infancy, will not reach maturity in the short term, and there is a clear and present danger of vendor lock-in.
The second one concerns the use of cloud computing in state and local government, as well as in countries and