The United States Government Accountability Office (GAO) has found that, while the US ‘Cloud First’ enterprise project is making tangible progress, there are seven cloud lessons for the public sector.
The report, subtitled “progress made but future cloud computing efforts should be better planned”, charts the progress of Cloud First – a federal policy which exhorts agencies to find a cloud-based IT solution whenever logistically possible.
Things appear to have moved forward since 2010, when the GAO previously warned about the difficulties associated with federal cloud management.
Back in May 2010, the accountability office found that the Office of Management and Budget (OMB) in the White House hadn’t even developed a cloud strategy.
But it appears there is still work to be done.
Research as recently as October 2011 found that 22 out of 24 major federal agencies were either “concerned or very concerned” about security risks in the cloud.
“While investments in IT have the potential to improve lives and organisations, some federally funded IT projects can – and have – become risky, costly, unproductive mistakes”, the report warns.
As a result, the GAO has set about attempting to find the core problems – targeting primarily the US system, but also citing the UK government with worldwide relevance.
There were seven “common challenges to cloud computing” the GAO found with implementing Cloud First:
1) Meeting federal security requirements: the GAO, in their report, appeared worried that cloud vendors were unaware of particular security guidelines unique to government departments.
2) Obtaining guidance: existing federal guidance was either insufficient or incomplete, according to the GAO.
3) Acquiring knowledge and expertise: a potential worry that agencies implementing cloud-based software didn’t have the necessary expertise to carry the work out – “delivering cloud services without direct knowledge of the technologies has been difficult”.
4) Certifying and accrediting vendors: the GAO iterated that agencies may not have had a specific certification system for vendor security.
5) Ensuring data portability and interoperability: warning against platforms or technologies that ‘lock’ customers into a certain product.
6) Overcoming cultural barriers: the GAO warned that “agency culture may act as an obstacle to implementing cloud solutions”, citing a state example that sensitive information leaks has resulted in a more apprehensive outlook on cloud migration.
7) Procuring services on a consumption basis: the continual cloud problem of not knowing quantities and costs, due to the cloud’s on demand nature and scalability.
In conclusion, the GAO notices one particular solution to tackling these challenges: going further to establish estimated costs and specific timelines to retire previous legacy systems.
Can all cloud vendors and government departments learn from these pointers? Will we get more cloud value for taxpayers’ money worldwide?