September 5, 2012

Government's 7 Common Challenges to Embracing the Cloud

As any new technology begins to gain mainstream acceptance, discussions about it tend to shift away from “whether” to implement the technology and toward “how” to implement it best.

So it is with the cloud. 

CIOs are increasingly giving cloud technologies their blessing. The question now is how to wring the most value out of such deployments.

That's where early adopters come in -- including, in this case, the U.S. government. 

As part of the Office of Management and Budget’s “Cloud First” policy launched last year, in fact,  government agencies have been incorporating cloud computing requirements into their own policies and processes.

Now, they're ready to share some insights. In particular, the U.S. Government Accountability Office (GAO) recently published a report highlighting what government users have found to be the biggest challenges in implementing their cloud computing efforts.

Much of what it discusses can be instructive for any company or organization.

1. Meeting federal security requirements 

At the top of the GAO's list was finding cloud vendors that are familiar with and can meet government agencies' security requirements. “For example, State officials described their ability to monitor their systems in real time, which they said cloud service providers were unable to match,” the report explains.

2. Obtaining guidance 

Perhaps of more widespread applicability, the GAO report also noted that there were cases where the existing federal guidance for using cloud services was insufficient or incomplete, such as for purchasing commodity IT. The result was that the requirement to move to the cloud was in some cases handed down before the necessary guidance was in place.

3. Acquiring knowledge and expertise 

It's generally par for the course that virtually any staff will lack expertise in at least some areas of a new technology, and the government agencies included in the GAO's report were no exception. Accordingly, the report cites examples in which agency officials found it difficult both to deliver cloud services and to teach their staffs an entirely new set of processes and tools, such as for monitoring performance in a cloud environment.

4. Certifying and accrediting vendors 

Another result of federal security standards was that agencies had a hard time certifying the vendors they wanted to use, the report noted. For example, “it took GSA more than a year to certify more than 200 Google employees and the entire organization’s infrastructure (including hundreds of thousands of servers) before GSA could use Google’s service.”

5. Ensuring data portability and interoperability 

Echoing several vendors who recently offered tips for building a hybrid cloud, the GAO noted how difficult it can be to ensure interoperability and data portability. “For example, a Treasury official explained that it is challenging to separate from a vendor, in part due to a lack of visibility into the vendor’s infrastructure and data,” the report explains.

6. Overcoming cultural barriers 

Just as every company or organization has its own corporate culture, so, too, do government agencies. That, in turn, can work against the success of a cloud computing effort. Within the State department, for instance, “public leaks of sensitive information have put the agency on a more risk-averse footing, which makes it more reluctant to migrate to a cloud,” the report explains.

7. Procuring services on a consumption (on-demand) basis 

Last but not least, because of the on-demand, scalable nature of cloud services, contracting and budgeting can be more difficult, since costs typically fluctuate, the GAO noted. “For example, HHS officials explained that it is difficult to budget for a service that could consume several months of budget in a few days of heavy use,” it said. 

Finally, it's worth noting that the government's Federal Cloud Computing Strategy explicitly recognizes the importance of data portability and interoperability and encourages agencies to embrace standards and other means of avoiding vendor lock-in. That, of course, is where one of the open cloud's greatest strengths lies.