Cloud mandate in hindsight: Sound policy or politics as usual?
To summarize a previous blog post, it’s clear public cloud computing is going to be absolutely revolutionary for small businesses and individuals, cutting costs and adding functionality for them rivaling the most developed and mature IT departments. That market segment is huge and will be profitable for cloud computing providers when you consider that some 95 to 97 percent of companies fall in this category. However, the allure of savings for large organizations that can already use economies of scale to deploy modern virtualized data centers (e.g., private clouds) is questionable at best.
With that said, we’re now a couple of years into the cloud-first mandate that pushed agencies to look at cloud solutions. The assumption was that this mandate was pushing agencies toward public clouds or software as a service (SaaS) so the government could grab part of the golden pot of promised savings. However, most agencies are not serving users in the hundreds, but thousands or tens of thousands, sometimes even many more. They fit into the group that is going to have a tough time finding savings in SaaS offerings.
In addition to not offering the promised savings, most SaaS services are still immature and introduce several problems, two of which are also mandates that put agencies in a bind if they try to follow the assumed “public” in the cloud mandate. The most notorious problem cloud services have is a lack of security compliance. Google is the main offender of this one with GSA, NOAA and now the Department of Interior unable to comply with security mandates without pulling out of expensive service contracts.
Another looming problem is information assurance. Google is an offender here too, but nearly all SaaS solutions currently have this issue in some form or fashion. This will be most telling when a Freedom of Information Act (FOIA) request ends up in court because some agencies either can’t comply at all, or can’t confirm that they have fully provided all information pertaining to the request. Most (including Google) cannot provide logs and tracking information, therefore opening these agencies up to accusations of hiding information and deleting records. Again, the only solution is to pull out of the expensive contracts some agencies have signed.
So why was the cloud push initiated? Who knows for sure. It wouldn’t be the first time that government officials didn’t do their homework before making a sweeping decision. It also wouldn’t be the first time that a government official pushed a mandate, law or project for some unknown reason.
Either way, a public cloud push is bad policy. The answer for agencies seems to be private clouds that can provide compliance to the cloud mandate, grabbing the modernization and virtualization savings, while still offering compliance with other government mandates. So how do agencies begin that private cloud process and show leadership the light? Leave a comment here, or let me know on Facebook or Twitter.
Image Courtesy of Flickr User supertin