10 Lessons Learned from Government Cloud Implementations

1. Forget cloud first or cloud smart — focus on value.

The COVID-19 pandemic has demonstrated the benefits of rapidly standing up mission-critical applications. Now, the lens has shifted again to projects that can reap long-term benefits.

“Governments did a lot, and they did it quickly,” says Center for Digital Government (CDG) Vice President Phil Bertolini. “The question is, did it add value, and can you make it stick? Can you nurture and grow over the longer term?”

Too often, so-called “lift and shift” strategies that move existing applications to the cloud without rearchitecting them or changing the underlying business practices fail to deliver the full benefits of cloud. With the luxury of more time, governments can increase the odds of long-term success by focusing first on process.

“Try to lead with business process reengineering types of questions,” advises CDG Senior Fellow Sergio Paneque, who has held senior procurement positions for the city and state of New York.

2. Plan for hybrid, multi-cloud environments.

Few enterprises are likely to migrate all their applications and data to the cloud anytime soon. Nearly nine out of 10 (89 percent) of all organizations expect to have a meaningful on-premises footprint three years from now, according to one study. Government leaders may also find some applications are better suited to different cloud environments based on their operating requirements or the vendor’s pricing structures. Maintaining all applications and data in a single cloud environment “is too restrictive for any jurisdiction,” says CDG Senior Fellow Otto Doll, who previously served as CIO for the city of Minneapolis.

Managing the resulting hybrid, multi-cloud environments will require connecting technologies such as application programming interfaces (APIs) for data interchange between applications, different cloud providers and on-premises data stores, and cloud orchestration platforms to allow administrators to manage different clouds through a common interface.

3. Develop an enterprise strategy.

Many governments have shifted to an enterprise approach to manage on-premises systems and infrastructure, a practice that should also guide cloud migration. “Just as a unified strategy is needed to manage enterprise architecture, you need a cohesive strategy to manage cloud resources,” says CDG Senior Fellow Deborah Snyder, who previously served as chief information security officer (CISO) for New York state.

Enterprise-wide operating frameworks and data governance policies help identify when cloud environments are the best fit for specific data sets and use cases — as well as more granular decisions about which cloud environment makes the most sense for specific projects. They can also ensure that multi-cloud environments — in which systems and data are spread across multiple applications and providers — are managed by common policies. An enterprise approach to cloud can help organizations take a “risk-based approach” to determine what should and shouldn’t be migrated to the cloud in the first place, Snyder adds.

4. Focus on quick wins.

Rapidly standing up modular solutions works well as a roadmap for both short-term implementation and overall development. Small initial use cases can help identify connectivity and security issues while demonstrating the benefits of cloud to staff and leadership to “push your team to go forward,” Bertolini says.

More broadly, cloud platforms are an ideal fit for iterative development methodologies, given their ability to connect to existing systems and allow developers to build applications using common tools and processes. This enables governments to think about developing modular, incremental solutions instead of focusing on large-scale, multi-year projects which may not be agile enough to respond to changing priorities during development. “The risk of spending 18 months getting something built out and not getting it to do what you need it to do is much lower,” says Dugan Petty, CDG senior fellow and former CIO for the state of Oregon.

5. Strike a balance between custom and standard solutions.

One longstanding challenge of legacy systems has been the layers of custom code and processes that governments have applied over years or decades. As a result, it may be challenging to consider solutions that aren’t purpose-built for government — or customized for a specific government.

However, many governments have shifted mail and productivity to universally available tools such as Google’s Gmail and Microsoft’s Office 365 — an approach called “consumerization” in which technologies originally built for consumers have since scaled to the enterprise. More sophisticated business process applications, including enterprise resource planning systems (ERP), have considerable overlap between private and public sector needs. And where specific use cases and customization are needed, the proliferation of low- and no-code cloud platforms can make the process of developing purpose-built tools and systems much less complex than in the legacy system days.

6. Put data as the focus of security and governance.

Hybrid multi-cloud models require careful coordination to ensure the data they share is secured appropriately, according to Snyder. “It becomes about data — how it’s stored, how it’s accessed and how that becomes the top priority,” she says.

Central to this work is understanding and classifying different kinds of data to inform policies and cybersecurity strategies. Governments must ensure cloud solutions are certified to comply with laws and regulations governing the security and privacy of certain types of data. Hybrid IT environments also benefit from role-based access control (RBAC), which focuses on securing different data stores by the users who are allowed to access them instead of their physical location in on-premises data centers or the cloud.

7. Don’t neglect networking infrastructure.

Government IT leaders must manage connections between their enterprise networks and cloud providers as well as ensure their own internal infrastructure supports hybrid connectivity.

“Networks need to be reimagined in favor of continuity and resilience, says CDG Senior Fellow Bob Woolley, former chief technical architect for the state of Utah's Department of Technology Services. “Classic hub and spoke designs and inflexible static routes need to be eliminated in terms of optimal routing technologies for user access to resources irrespective of whether the resources are cloud, premise-based or a hybrid.”

8. Procurement must evolve beyond purchasing practices.

While the shift from capital to operating expenditures involved in cloud and as-a-service models has been at least partially addressed by most governments, the full benefits of this transition come when governments modernize other practices driving procurement. For example, performance requirements and service level agreements (SLAs) replace the requirements from older system integrator or traditional goods and services contracts — which as Petty points out, often have roots in much older construction contracts that were not designed for cloud service models.

Governments are also creating cohorts of prequalified contractors, including refresh cycles in contracts and developing new models for chargebacks for federated environments to accommodate the shift to cloud. However, applying these models to cloud services will require closer coordination with business unit leadership and key policy owners, according to Petty. “All of the policy owners that have a stake in this really need to have a shared understanding of how the particular cloud model works in order to develop the best selection process and contract vehicle,” he says.

It’s also important for procurement to include provisions to ensure cloud agreements don’t lead to vendor lock-in or excessive egress costs. This allows governments to remain agile and shift work across multiple providers and their own on-premises systems as their needs evolve.

9. Focus on staff capacity — and selling the vision.

Technology leaders “should view getting employees ready for the cloud as a critical part of the solution,” Snyder says. They must assess whether their in-house staff has the skillsets required to manage cloud environments and then determine whether they need training or third-party support, or both, to fill the gaps. But beyond that, they must focus on empowering IT staff to take on broader roles, given the convergence of once siloed application development, networking and security responsibilities in cloud environments.

CIOs also need to look beyond their own staffs, particularly as their role has evolved to that of service broker, business partner, and advisor to business units and government as a whole. Different decision-makers and audiences — including legislators, executive leaders, agencies, departments or business units, and employees — have distinct priorities and need to understand the enterprise vision for cloud in different ways.

“We as technologists want to get into the weeds,” says CDG Senior Fellow Brenda Decker, who previously served as Nebraska’s state CIO. “We actually need to talk about the bigger enterprise issues.”

10. Leverage the shift in momentum.

Government has historically been resistant to change, but the pandemic has provided an impetus for broader transformation, says Decker. “It was difficult for people to let go of the server mindset, but all of the sudden, they had to,” she says.