The cloud has been the default setting in federal government IT for long enough now that most agencies have migrated over some basic operations like email, but that still leaves the hard work undone.\nAfter some quick wins -- moving relatively lightweight applications over to a cloud environment -- many federal CIOs are now trying to figure out what comes next. That requires a more challenging calculus and a nuanced evaluation of the agency's IT portfolio to determine what applications and systems really belong in the cloud.\n"Agencies are struggling with that idea of how do they really in an affirmative sort of way adopt cloud technologies," Bill Zielinski, director of the Office of Strategic Programs at the General Services Administration, said during a recent panel discussion hosted by Federal News Radio. "It's one thing to find those kind of freestanding, low-hanging brand-new sorts of things to put in -- quote unquote -- the cloud, but when you really start talking about constituting your IT enterprise with a significant portion of it being cloud, they're struggling."\nAgencies 'all over the place' on cloud\nZielinski, whose agency is at the center of the efforts to promote cloud computing across the government, says that progress among the agencies is a mixed bag.\n"From that perspective, we see folks are kind of all over the place in what they're doing," he says. "They have a cloud adoption strategy of some sort, as they're required to, but in terms of where they begin, how they get started, and how they really make that meaningful switch, there's a lot of struggles out there."\n[ Related: 5 years into the 'cloud-first policy' CIOs still struggling ]\nAt the Food and Drug Administration, CIO Todd Simpson describes a "transformational journey" the agency embarked on about two years ago as it looked to formulate a coherent strategy for cloud computing. In the time since, the agency has set up multiple cloud deployments, established a cloud brokerage service and created a cloud advisory board that reviews new software and systems under development, evaluating each new product "against its cloud readiness," Simpson says.\n"We're very methodical about it because we don't want to get in some kind of a trend where we're just putting things in the cloud to be trendy," he says. "We want the things in the cloud to be in the cloud to get the biggest bang for the buck."\nZielinski echoes that point of caution, and notes that GSA has been developing resources like its cloud excellence center to help agencies further their modernization efforts. There is a trap to avoided there, he observes, warning agencies to keep a broader perspective and evaluate individual IT upgrades or replacements in the context of how those pieces fit in with the broader enterprise architecture.\n"This is not just swapping out the underlying technology and simply re-hosting or moving, but it really is fundamentally looking in a very different sort of way at how you architect, design, build and move forward with your IT enterprise," Zielinski says. "One of the things that we really have to look at is as we're making that move and that shift, we really are looking at the entire application stack and what the ramifications are, because if you're not making that change to your overall application stack, then you really are just buying a different version of the same problem."\n[ Related: Federal CIOs want SLA assurances from cloud vendors ]\nOf course, cloud computing projects can carry a host of other challenges for federal CIOs, including winning the buy-in from the agency leadership and the business lines of the organization. Cloud deployments, particularly those with a usage-based billing model, can also upend traditional procurement practices, though Simpson says those issues aren't the biggest impediment to cloud migrations at the FDA.\nInstead, he points to the security concerns that can accompany a cloud migration, and, in particular, the challenge of hammering out contracts with vendors that provide sufficient flexibility down the road if the service is not meeting the agency's needs.\n"It seems to me that we've had more issues with licensing than anything in the cloud," he says. "I didn't want to say 'bait-and-switch,' but you have to watch the wording of the contracts very, very carefully. You have to make sure that the contracts have the leverage that you need to be able to exit, should you choose to do that, or to maneuver basically without having to go back and revisit the procurement process later. That's the key."