While cloud is increasingly becoming a familiar part of government IT infrastructure, misconceptions about the technology persist. Among the most common ones:
1. Cloud applications are turnkey solutions.
Cloud is often thought of as turnkey because of how it appears in our personal lives — think of email services such as Gmail or Apple’s iCloud. In reality, government technology leaders who implement cloud services share responsibility with their providers for a wide range of factors, from the applications and operating systems deployed in cloud and hybrid environments to security and on-premises and virtualized networking.
“IT staff provide provisioning of a secure computing environment with appropriate levels of security and access control,” says Center for Digital Government (CDG) Senior Fellow Bob Woolley, formerly chief technical architect for the state of Utah's Department of Technology Services. “Local staff also make deployment and provisioning decisions for network, data, and service resources and deployment in cloud, on-premises or hybrid environments.”
Beyond these shared responsibilities, government technology leaders must also play an active role in ensuring cloud migration is planned so they are “truly getting the benefits from being in the cloud that everyone loves to tout,” says CDG Senior Fellow Otto Doll, who previously served as Minneapolis CIO.
2. Cloud is always cheaper than the alternatives.
While cloud offers the potential for significant cost savings by moving away from on-premises hardware and data storage, government technology leaders shouldn’t expect efficiencies to be automatic — especially if they simply migrate existing systems to the cloud.
“I would not recommend anyone migrate solely for cost savings,” says CDG Senior Fellow William (Bill) Rials, Ph.D. “Pound for pound, apples for apples, if you put something in cloud, it will not be cheaper.” Instead, cost savings come when agencies streamline business processes and rearchitect applications to eliminate manual steps and take advantage of cloud environments.
3. Cloud is a one-size-fits-all proposition.
There’s no one cloud model for governments to adopt. There are a range of different methodologies, ranging from software-as-a-service (SaaS) for cloud-hosted applications; infrastructure as a service (IaaS) for cloud-based data storage, servers and networking; security as a service (SECaaS) for outsourced cybersecurity monitoring and response; and platform as a service (PaaS) for integrated cloud-based infrastructure and development tools. And different cloud services may be a better fit for specific applications or use cases, which means many governments will likely manage multiple cloud providers.
“Multi-cloud ecosystems are diverse,” observes CDG Senior Fellow Deborah Snyder, who previously served as the chief information security officer for the state of New York. “That’s a good thing — you reduce the risk of vendor dependencies and get some assurance of availability and resiliency. All these things are good.”
4. Cloud is less secure than on-premises systems.
Because of their scope and scale, cloud service providers bring cybersecurity resources and expertise that few enterprises can match. However, a closely related misperception can contribute to security breaches.
That’s the idea that cloud providers take on all responsibility for the full spectrum of cybersecurity. In reality, governments and other enterprises must manage security controls and ensure they are properly configuring applications and user accounts.
“As you merge with the public cloud, you have to take more ownership,” says Snyder. “It’s important to think about a model where the responsibility is shared between the provider and the owner of the resources.”
Research by Gartner suggests that issues such as resource misconfigurations and incorrectly applied policy settings and security controls will continue to be responsible for as many as 95 percent of cloud security breaches through 2022. Understanding these controls remains a challenge for governments.
5. Cloud access is as simple as connecting to the internet.
“Every cloud service provider is on the internet, so the assumption is that it just works,” Rials says. But poor connectivity can create issues with latency and responsiveness that negate the benefits of cloud migration. And connecting to cloud providers through the public internet is just one of several options for governments. Others include direct connections through wide-area networks (WANs) or through an interconnect exchange broker which offers direct connections to multiple cloud service providers.
6. Managing cloud is fully automated.
A major benefit of cloud is the ability to scale capacity and workloads in response to shifts in demand, but that doesn’t translate into a completely hands-off approach. IT staff must track and model usage on an ongoing basis, including identifying idle or inactive systems and assessing that they are assigning the right workloads to the right cloud resources at the right scale. Artificial intelligence and machine learning (AI/ML) can help governments automate and optimize cloud usage.
7. Cloud adoption means fewer staff.
Cloud projects can raise fears about layoffs and resistance to learning new skills, but the reality is that many skillsets are directly transferable to managing cloud environments. “The way you do it is different in the cloud, but [the skills] are still there,” says Rials. “The essential skill gap is expertise in different cloud platforms.”
The change management strategies involving employees and staff are familiar to veteran technology leaders, according to CDG Vice President Teri Takai. “It’s a very delicate dance a CIO plays whenever they move to newer technologies,” she says.
Sponsor Content
7 Cloud Myths for Government
