WASHINGTON – Cloud companies looking to do business with the federal government can help their cause if they address a punch list of concerns that weigh on the minds of many agency CIOs and executives, senior government leaders say.
Certainly, there are some challenges with government contracting that are beyond the capability of outside vendors to address, such as a daunting procurement process and a culture that at times can be stubborn in its resistance to change.
On a number of other fronts, would-be government cloud suppliers can offer assurances in their pitch that might give federal buyers more confidence in making the jump to the cloud.
Barry West, CIO of the Pension Guaranty Benefits Corporation, sees two principal obstacles that cloud vendors routinely encounter: Security and privacy issues and data location. "The business units and the [inspector general] are still having some uncertainty about having data located somewhere else where they can't go and look at it."
On the security front, vendors can work toward certifications. As that process becomes standardized, wearing the badge of approval from the government's Joint Authorization Board figures to carry more weight among skeptical agency leaders. Then, too, one of the most heavily classified operations in the federal government – the CIA – is undertaking a major transition to Amazon's cloud.
Transparency, Data Portability Concerns Limit Government Cloud Adoption
The reluctance of many agency leaders to permit their systems to migrate away from a proprietary data center and into the hands of a private cloud vendor springs in part from concerns about transparency and data portability. The data portability issue is sometimes boiled down to vendor lock-in – the fear that, once the data and applications move to a service provider, that's where they'll stay.
Vendors can speak to those concerns in the procurement process by adding to contracts a "transition-out plan" that the government must approve, says Jim Porter, acting branch director of enforcement and removal operations at Immigrations and Customs Enforcement.
"I've seen some bad habits creep in where people really can slow-roll a transition," Porter adds.
On the positive side of the ledger, West cites cost savings and trust in an established vendor as leading factors tilting federal decision makers toward the cloud.
At ICE, when officials were looking to set up an electronic health record system, they weighed their options of going with a traditional application housed in an owned and operated data center, or the cloud. When they found that the cloud solution was roughly four times cheaper than the alternative, the decision was all but made, Porter says.
"We put the cost out in front of the CFO. It's pretty much a no-brainer decision," Porter says.
Government Cloud Use Defined by Small Steps
By technology standards, the term cloud computing is hardly new, but it's important to remember that it is still early days in the federal government's transition. The National Institute of Standards and Technology offers a helpful definition of cloud computing, but in practice, the cloud continues to mean different things to different people.
"The real problem has been identifying through acquisition what is cloud," says Maynard Crum, acting director of the Office of Strategic Programs at the Federal Acquisition Service.
Particularly in smaller agencies, the government's move to the cloud might mean simply farming out a commodity application such as email to a service provider such as Google. While large and small agencies alike have made more substantial progress in the cloud, with the Department of Homeland Security and West's PBGC among them, many other agencies lack have the in-house "expertise" to make similar moves, according to Crum.
"What's being purchased isn't large integrations of networks, it's email as a service, it's some kind of infrastructure as a service, it's some products, and they call it 'cloud,'" he says. "It's because that's easy. That's small, but it's in their ability to do that."
According to Crum, the feds have spent some $800 million in acquisitions of technologies identified as "cloud" solutions over the past two years. That's real money, to be sure, but a drop in the bucket when compared to the roughly $80 billion the federal government spends on IT each year.
Federal IT managers note that a significant portion of those expenditures fall to maintaining legacy systems. A Government Accountability Office has estimated legacy maintenance costs at 70 percent of the overall tech budget.
In light of those scarce resources, cloud providers that can demonstrate a full complement of service and support for their deployment – and include those provisions in bold-face in the SLA – might have more success in the contracting arena, according to Lawrence Gross, deputy CIO at the Department of Interior.
"We want the cloud vendors to provide the software," Gross says. "We want them to provide the end-to-end solution, so that all we're paying for is the service."