Federal CIOs want SLA assurances from cloud vendors

By some measurements, the federal government’s adoption of cloud computing has been on a steep rise, but there remain significant obstacles that have stood in the way of modernizing legacy systems and applications.

A pair of industry officials cautioned in an online presentation this week that cloud vendors looking to do business with federal agencies will help their cause if they can address some of those sticking points, including favorable service-level agreements (SLAs), security and compliance considerations, and, of course, costs.

“Cloud is basically a business decision,” says Alan Boissy, product manager of VMware’s vCloud Government Service offering. “It’s a business enabler to allow government agencies to save money.”

Federal CIOs have been working under a series of White House technology directives, including the mandate to prioritize cloud computing ahead of traditional services and applications. But that transition has been slow in coming, and by the government’s own estimates, the percentage of the federal IT budget attributed to cloud services lingers in the low single digits.

Still, the trend lines seem clear enough, with overall public-sector spending on the cloud up 72 percent since 2012, and poised to reach $6.5 billion by 2017.

“There’s no argument that this business is driving a significant amount of revenue for the commercial world,” says Stu Fleagle, vice president of government solutions at the cloud vendor Carpathia.

“There’s been a lot of talk about the different steps in moving to the cloud,” Fleagle says. “I think that most organizations by this time have done some level of assessment of their business goals and their IT goals. I think they’ve also done a really good job of collecting an inventory of their assets and they’ve identified what can be moved to the cloud.”

However, many CIOs have been reluctant to pull the trigger on moving certain workloads to the cloud, in part because of persistent concerns about the security of the data in a hosted environment, as well as the geographic question of where the data will be stored.

[ Related: Is the Federal Government Ready to Embrace the Cloud? ]

Security still a challenge to overcome in winning over wary government cloud buyers

The feds have taken steps to address the security challenges with the FedRAMP program, which provides a path for companies to achieve a single security designation that is recognized across the government. Companies that obtain an authorization to operate from the Joint Authorization Board — comprised of the departments of Defense and Homeland Security and the General Services Administration — enjoy what Fleagle calls the “gold standard” of government security credentials.

[ Related: Government IT’s Move to Cloud Slowed by Security Concerns, Misconceptions ]

On balance, however, Fleagle argues that vendors could do a better job of assuaging the concerns of government IT buyers, both involving security and other issues. That means being willing to meet federal CIOs on their own terms, and tailoring a cloud configuration to the contours of the agency’s data needs.

“When you’re evaluating security and compliance requirements, you need to be able to match those requirements to the appropriate cloud and move those workloads where they make sense to the cloud that makes the most sense for that customer,” he says.

Adds Boissy: “There are those applications, those mission-critical applications, that will probably always be on-premise.”

Fleagle notes additional challenges of winning over wary government buyers, citing what might be described as an institutional resistance to major technology changes within the government, as well as the challenge of a fielding a workforce with the requisite skills to manage the migration to the cloud.

“If you look at stakeholder buy-in,” Fleagle says, “it becomes cultural. There’s also a lot of technical expertise that needs to happen in order for workloads to move over.”

Data ownership and SLAs top concerns for government cloud buyers

He also advises that cloud providers can do a better job of writing their SLAs to provide government customers with the assurance that they will be able to terminate the agreement in the event they are dissatisfied with the service or otherwise determine to go in a different direction.

That question of vendor lock-in keys into another concern that some government buyers have expressed — the question of data ownership, which vendors can address through unequivocal language in their SLAs.

“It’s very important that agencies understand that in putting their data in the cloud they are always still the owner of that data,” Boissy says.

On the government side, Boissy stresses the importance of securing support for cloud computing projects throughout the organization, warning against what he refers to as “fiefdoms within agency” and urging closer collaboration between the IT department and the business units.

“I think it’s imperative that the decision isn’t just handed to the IT team,” he says. “It can’t just be an IT decision.”