Among federal CIOs, there is no shortage of interest in the cloud, but many agency IT leaders say they worry about security, what kind of support they’ll get from their vendor, and the restrictions that come with long-term contracts, among other issues, government IT insiders say.
Mark Day is the deputy assistant commissioner at the General Services Administration’s Office of Integrated Technology Services, where he says he caters primarily to three categories of federal workers: CIOs, CFOs and chief acquisition officers or senior procurement officials.
“I’m very focused on the question of how do we actually acquire cloud,” Day said in an online presentation yesterday.
Day says that security remains a primary concern among government officials considering the cloud, but by no means the only one.
Cloud concerns go beyond security
MeriTalk, a government IT consortium, recently polled federal tech workers about their views on the cloud, finding that 75 percent of those who have already moved some applications to the cloud would like to transition more, but are leery of doing so for a variety of reasons. In that poll, 69 percent of respondents said security was a primary concern in selecting a cloud provider, topping the list, but just barely.
“People then talk not only about support following implementation, but what they really talk about is support during any kind of problem,” Day says. “I think most of our customers are fairly comfortable that cloud providers are able and quite good at running the day-to-day things. They do wonder what will happen when something serious goes wrong, and how will that relationship work at that point. And I think that is the unspoken question that lurks in the minds of many customers as we talk to them.”
As a class, cloud vendors looking to do business with the public sector could do a much better job of providing those kinds of assurances, and also spelling out a simple and transparent process for an agency to migrate out of a cloud deployment and moving their applications either to a different service provider or bringing them back in-house, argues Mike Younkers, director of systems engineering at Cisco’s federal division.
“I don’t think that there’s enough discussion going on about what happens if the contract needs to end,” Younkers says.
For all the concerns about vendor support and service-level agreements (SLA), security does still loom large in the minds of federal CIOs, though David Egts, chief technologist at Red Hat Public Sector, suggests that some of those fears might be mislaid.
“Whenever I talk to a lot of CIOs, security tends to be one of the No. 1 concerns that they have,” Egts says. “And a lot of times when they look to the cloud they think that the security model is radically different, and one of the things that I try to encourage them to do is to take a lot of the best practices that they’re doing on-premises and extend that to their public cloud.”
Additionally, Egts stresses that security is a shared burden, and that agencies should shake off the mindset that once they move workloads to the cloud, they are outsourcing security.
“The other part of it is making sure that once you move to the cloud, it’s not just the cloud provider’s problem. It’s a joint responsibility between the cloud provider and the cloud customer to make sure that the deployments are secure,” he says.
Despite angst, government continues broad shift to cloud
But for all the angst within the government about shifting to the cloud, particularly in an austere budget environment, there is no denying the momentum for the transition, broadly.
[ Related: Government Cloud Use Requires a Culture Shift ]
Of course down in the weeds, at the level of SLAs and specific workload migrations, the picture muddies considerably. Simpler applications like email tend to be the first to go to the cloud, while bulkier, frequently legacy systems like, say, an ERP program, might lag behind. And, indeed, there are some applications that might never be good candidates for the cloud. CIOs and their teams are working through that process now.
“People as they think about those more complex workloads, often with some legacy integration touch points, customers are having to do a lot of planning to figure this out,” says Day, who over the course of his career has worked in CIO and CTO roles, as well as serving in state government, where things tend to move faster than at the federal level.
“Someone reminded me when I first came to federal … that you’re not in a speed boat anymore. You’re in an oil tanker. It takes little bit longer to turn an oil tanker, but once you turn it, no one comes along and turns it back, and I think that’s what we’re seeing here in the cloud adoption,” he says. “It’s a little slow to turn, particularly on these complex pieces that need some very careful thought, but as the agencies gain that confidence and they do build some successful, complex moves to the cloud, I think you’ll see an acceleration.”