Federal Shift to Cloud Raises Tough Issues for CIOs

The federal gold rush to cloud computing raises new opportunities and issues for state and local government.

by / October 7, 2009

Photo: Andrea DiMaio, vice president and distinguished analyst, Gartner Inc.

With the new administration, the U.S. federal government has set the pace for a "cloud gold rush" that is already reverberating in other parts of the world and is creating expectations for suppliers.

The value proposition of cloud computing is certainly attractive. The cloud gives public CIOs the ability to better relate costs to actual use of infrastructure and applications, and to shift limited human resources from managing assets and processes that can be easily made commercial, to focusing on activities that are core to the missions of departments and agencies.

Besides that, cloud computing is closely related to another important phenomenon taking place within government agencies: socialization. The business of government is being challenged and transformed by the emergence of social networks, with government data mashed up with external data to support service delivery.

This implies that information assets and human resources that contribute to government operations will be more and more outside the government's span of control. Cloud computing shows the IT side of this same phenomenon: Technology assets and processes that government agencies rely on will be outside their traditional span of control.

Loss of control is indeed a primary obstacle to the large-scale use of cloud computing in government. Security, reliability, availability and data location are all very legitimate concerns, but they are also the manifestation of a fundamental discomfort with releasing control. Again, this is similar to what's being experienced by government managers, who are losing control of how employees perform their job through the use of social media.

The Office of Management and Budget and the General Services Administration are drawing a sensible road map to encourage agencies to adopt cloud computing. The current focus is on so-called "public cloud" infrastructure and applications, and for federal agencies to gradually move data and applications that are of a nonconfidential nature.

The establishment of the cloud storefront Apps.gov is a first step, and further evolutions to make procurement of cloud-based services easier through the establishment of blanket purchase agreements go in the right direction.

The next battlefield will be the development and certification of private or community clouds. This would be cloud-based infrastructures that are targeted at government users and comply with both federal security regulations and the desire for greater control.

In response to the launch of Apps.gov, Google has already announced Federal Information Security Management Act (FISMA) compliance by the end of 2009, and it is quite likely that other "public cloud" vendors, such as Amazon.com and Microsoft, will follow suit. On the other hand, vendors like IBM, HP or CSC, which traditionally run government infrastructures or workloads (coming more from an infrastructure utility model), are positioning themselves as partners for private cloud services. As a result, many offerings of infrastructure as a service as well as software as a service will emerge that meet most federal requirements.

Two important questions remain though.

The first one is about portability and interoperability. There are real issues regarding an organization's ability to easily retrieve its data (and business processes performed in embedded software services) should it decide to terminate services with a cloud provider. While these risks also exist when data and applications are sourced internally, the cloud exacerbates them. Interoperability between cloud service providers is just in its infancy, will not reach maturity in the short term, and there is a clear and present danger of vendor lock-in.

The second one concerns the use of cloud computing in state and local government, as well as in countries and

provinces in other parts of the worlds, where budgetary constraints and lack of adequate resources may make a cloud computing proposition even more palatable.

There will be issues about cloud impact on local economic development and employment. During the current recession and at the dawn of recovery, government organizations are expected to play an important role in stimulating local economies. Decommissioning infrastructure and moving workloads and processes into the cloud implies that government spending may have no positive impact on local suppliers nor use local resources.

While this would probably be good for environmental sustainability, it may be hard to justify at times and in jurisdictions where the economy and the tech industry in particular struggle. This is similar to the past calls for the adoption of open source software in government that were not solely driven by cost and vendor-independence considerations, but were often motivated by local development issues.

Federal, state and local government agencies need to look at cloud computing as an additional technology and process sourcing opportunity to be evaluated alongside many others in terms of how to realize public value, which is a combination of operational efficiency, constituent service level and alignment with political priorities.


Andrea DiMaio Contributing Writer
Andrea DiMaio is vice president and distinguished analyst for Gartner Inc.