It must have seemed like Christmas for cloud providers when Vivek Kundra, former White House chief information officer, estimated that federal government cloud spending would reach $20 billion, according to his 2011 report on the U.S. government's cloud strategy. But even with the strategy's "Cloud First" policy, which requires federal agencies to give first preference to the cloud service model for all IT investments, cloud adoption in the public sector has hit several barriers.
CloudCast Weekly Archives
Catch up on other episodes of CloudCast Weekly
- What's holding back government cloud adoption -- particularly among small, local government agencies -- and how Federal Risk and Authorization Management Program (FedRAMP) certification can help cloud providers counter those adoption barriers;
- A recent report that identifies seven reasons why cloud adoption has stalled in the public sector and what cloud providers -- even those not competing for government cloud customers -- can learn from it.
- What the top 5 hottest news stories were this summer on SearchCloudProvider.com.
The following is a transcript of the podcast.
Jessica Scarpati: You're listening to CloudCast Weekly, a podcast by SearchCloudProvider.com. I'm Jessica Scarpati, site editor of SearchCloudProvider.com, and with me to do our weekend review is news writer Gina Narcisi. Hey, Gina. Thanks for joining us.
Gina Narcisi: Thanks for having me, Jessica.
Scarpati: Gina, why don't you start off by telling us about your new story this week?
Narcisi: This week, I wrote about recent IDC research that found that not only are government agencies resisting the cloud, but specifically smaller agencies. Local governments are even more so just really skittish about the cloud and unsure, so adoption is not really strong in those categories.
I wrote about FedRAMP certification and how it can ease government customers more so into the cloud because this FedRAMP certification, which cloud providers are currently going through now. Nobody is certified just yet but there are a few that should be by the end of this year. It's really going to be almost like a Good Housekeeping seal of approval for the cloud. This accreditation will basically tell government agencies that this cloud is a safe environment for you. It's been tested. It's gone through the steps. It's been assessed by a third party.
I talked to Tom Andrew, who works for Coal Fire, one of the groups that is a third-party assessor. I also talked to David Svec from Veris Group, who's also another third-party assessor. They were just telling me the various ways that they evaluate the cloud providers. Right now, it looks like CenturyLink, Microsoft and Terremark are the ones that are going to be up for certification by the end of the year, among others, of course.
They were just basically talking about this accreditation. Once certain cloud providers have it, not only will it be good enough for larger federal governments, it's going to trickle on down once they have that in place. It's something that smaller governments should be looking at more. Also, it could definitely provide them cost savings as well.
Scarpati: It's interesting because when I was reading this I guess I was a little surprised by the fact that the smaller local governments are the ones that are hesitant to do it, because I assume that at the federal level, that the stakes are higher. They're dealing with obviously more data and a lot of times way more sensitive data. They obviously have far more resources than the smaller governments. It just kind of surprised me. I thought they would be a little more eager, but at the same time, the federal government is looking at this because the Cloud First Policy that the Obama administration put in. I don't know. When you spoke to the 3PAOs, the third-party assessment organizations, did this surprise them at all?
Narcisi: It kind of sounded about right just because resources do really play into this for smaller governments. They look at this as, "It's going to cost us money. We already have the hardware in place." Honestly their resources, they're more influx than a larger federal government agency. That's definitely part of the lack of cloud adoption on their part.
Scarpati: What are they advising cloud providers who are interested in FedRAMP to do to go about this process?
Narcisi: It really seems to start in the data center and actually their architecture, how that's built, security measures they have in place. They need data encryption of course. A multitenant environment is possible. It is going to take some work to ensure that they can secure that. The third-party assessors actually visit the data centers to make sure they have all these measures in place.
Scarpati: Great. Well, Gina, thank you as always for your time.
Narcisi: Thank you, Jessica.
Scarpati: Another contributor of ours, Chip Popoviciu, also took a look this week about how cloud providers compete for customers in the public sector. Earlier we mentioned something called the Cloud First Policy. The White House laid out this mandate in 2010 basically stating that federal agencies should give first preference to a cloud service when considering new technology purchases. They are also encouraged to migrate any legacy applications to the cloud. Of course, this is all when and where it's appropriate to do so.
You'd think that it would be a gold mine for cloud providers, right? After all, these agencies are now required to give preference to the cloud, but a recent investigation by the Government Accountability Office confirmed that a mandate doesn't exactly guarantee a successful implementation.
The investigation looked at seven agencies' plans and progress toward Cloud First objectives and deadlines. It discovered that the agencies made some progress, but frankly not enough to satisfy the GAO. The projects were often held up by not having detailed costs estimates and their plans for retiring legacy systems were reportedly kind of fuzzy. Although each agency has its own unique challenges, the GAO identified seven common roadblocks that they all face when it comes to cloud adoption, ranging from security concerns to cultural barriers.
You might be thinking, "If I'm not going to the public sector, who cares?" We wondered that, too, but interestingly Chip points out that cloud providers in any market have a lot to learn from this report, because if customers that are required to adopt the cloud are running into this many barriers, what does it mean for the rest of the market? Check out Chip's piece, "Top Seven Challenges to Cloud First Reveal Lessons for Providers," to find out how cloud providers can make sense of all of this.
Even though we know autumn doesn't begin for a few weeks, the last week of August always feels like the end of summer even if it's unofficial. As we enter September, we thought we'd take a look back at what turned out the be our top five most read news stories this summer. It came as no surprise to anyone that Amazon's big outage topped the list, but there were also a few surprises in there. If we learned one thing, though, it's that there's no summer slump in the cloud provider market.
That is all that we have for this week. As always be sure to check out all of the articles we talked about and more at SearchCloudProvider.com. Thanks again for tuning in, and we will see you next week.