Federal Cloud Adoption, Part 1: Lots of Baby Steps
Eighty-five percent of respondents to a recent Meritalk survey of 108 federal IT professionals mentioned the issue of data security as an impediment to cloud adoption. "The security issue still baffles me," said Meritalk founder Steve O'Keeffe. "I have yet to see what I consider sufficient documentation that the cloud carries any more risk than most existing federal IT operations."
The U.S. government is learning quickly that achieving the next big thing in information technology depends upon implementing a huge number of little things. For federal IT managers, that big thing is the cloud.
Federal agencies have busily pursued cloud solutions since December 2010, when the government adopted its "Cloud First" policy, requiring agencies to give priority consideration to cloud technologies, including a mandate to implement a first round of deployments by mid-2012.
At first glance, some of the cloud contracts that have been awarded since the 'Cloud First' policy was launched signal a smooth and significant transition of federal IT to the cloud. Several big name firms, including Google, Microsoft, Salesforce, Northrup Grumman, HP and IBM have participated in early federal cloud adoptions.
However, the initial round of upgrading has shown that successful cloud deployments require patient and painstaking efforts. Some of the impediments to adoption that surfaced in the first few months of the conversion initiative have not been completely resolved. These range from broad "cultural" attitude changes to detailed aspects of implementation including security, software and programming.
Spending Will Top $3 Billion
"While the 'Cloud First' policy encourages agencies to transition services to the cloud, ambitious timelines and policy pressure may not give adequate time for agencies to develop solid, long-term strategic plans," said Deniece Peterson, senior manager with Deltek.
Based on the pace of deployment, the U.S. government will be spending about US$3.2 billion annually for cloud systems by 2017, Deltek predicted in a just-released report based on a survey of federal agency cloud activities.
The Office of Management and Budget (OMB), the General Services Administration (GSA), and the National Institute of Standards and Technology (NIST) have been issuing numerous directives, providing vendor contracting assistance, as well as security and operational guidance to agencies to facilitate cloud adoption. Ironically, this flurry of support services has only proven that adopting innovative systems is a time-consuming and complex task.
"I think that all of these initiatives definitely help, because they provide agencies with direction and parameters. The good thing about the initiatives is that they have been developed specifically for cloud computing rather than directing agencies to force-fit cloud into existing processes and models, which are simply not designed for cloud," Peterson told the E-Commerce Times.
"That said, OMB required the adoption of cloud migrations well before agencies had time to develop strategies, migration plans, training for IT and acquisition personnel, security standards, and policies to address the myriad of other issues," she pointed out. "As a result, we found some situations where agencies are inclined to do just what these cloud initiatives are meant to avoid -- force-fitting the technology."
Eighty-five percent of respondents to a recent Meritalk survey of 108 federal IT professionals mentioned the issue of data security as an impediment to cloud adoption. Thirty-eight percent listed agency "culture" and 32 percent listed "service levels" as barriers to cloud deployment. Respondents cited "IT management" as one of the biggest internal sources of resistance to the cloud.
Data Security Still a Big Issue
"The security issue still baffles me. I have yet to see what I consider sufficient documentation that the cloud carries any more risk than most existing federal IT operations," Meritalk founder Steve O'Keeffe told the E-Commerce Times.
The security bottleneck may be alleviated with the release of the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program for cloud security. The final rollout of the FedRAMP program, which has taken more than a year to develop, is expected early this summer. The program has been managed by GSA, with significant input from NIST, as well as from other federal agencies and industry.
"I think FedRAMP will help us tremendously. The program will provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services," Michael Wash, the chief information officer for the National Archives and Records Administration (NARA), told the E-Commerce Times.
"Some of the processes that agencies today need to develop on their own will become standardized, which will lead to improved efficiencies and improved operational performance of our cloud instances," he added.
The standardization element should also help vendors to ensure that their products are in conformity with federal security requirements.
Caution Prevails in Cloud Commitments
While security concerns may be alleviated with FedRAMP, other factors will have a continuing impact on federal cloud deployment. One is the uneven level of capability among federal agencies. To estimate the "Cloud Readiness Level" for 12 major departments, for example, Deltek analyzed the current state of infrastructure consolidation, planned cloud initiatives, and the contract vehicles most often used to procure cloud services.
Agency preparedness varied, even as government-wide policies and mandates pushed for broader near-term cloud adoption, Deltek found.
Agency preferences for where cloud computing made sense also differed, according to Meritalk. Among several possible cloud applications, 48 percent of respondents mentioned collaboration tools, while 47 percent listed email. Administration applications came in at 43 percent, and conferencing at 28 percent. Using the cloud for an agency's central mission ranked fourth at 25 percent.
Among other remaining cloud impediments that showed up in the Deltek assessment were concerns about portability, vendor lock-in, and the need for interoperability at several levels of deployment. Insufficient capabilities regarding service level agreements with vendors were evident in both the Deltek and Meritalk surveys.
The caution exhibited by U.S. government agencies in implementing cloud technologies does not reflect a substantive lack of interest. Rather, it appears to demonstrate a certain amount of prudence in making longstanding commitments to the technology.
In that sense, U.S. agencies are similar to their government counterparts elsewhere. Governments around the world were in the same boat on cloud technology, KPMG International reported earlier this year. Only 12 percent of government executives worldwide said that more than 10 percent of their agencies' overall IT expenditures were allocated to the cloud in 2011. That level was expected to more than double in 2012.
In fact, the U.S., Australia, Italy, Denmark and Singapore were listed as cloud pioneers in the KPMG study, with around 30 percent of respondents in these countries indicating that they had already undertaken either a partial or full cloud implementation.
U.S. agencies, far from being aloof about IT innovations, were devoting resources to early stage preparation for later adoption of the cloud and social media, the immixGroup recently reported.
"In fiscal 2012, we're seeing a lot of planning and talking about cloud and mobile, but not a lot of action just yet," said Tim Larkins, a market intelligence consultant at immixGroup.
An examination of strategy and budget documents throughout federal civilian and defense agencies showed that these technology segments remain high priorities.
"For the time being," said Larkins, "agencies will focus on managing their data and building the supporting infrastructure to sustain cloud and mobile technologies."