Cloud First Comes Second for Federal IT Managers

By David Courbanou

Federal IT managers who are under the gun to meet Cloud First initiative goals are finding compliance challenging. According to a survey by SafeGov.org, the issue isn’t the lack of cloud services. Federal IT managers are concerned about security and the all-important bottom line.

If you need a refresher, the Office of Management and Budget called for all federal agencies to migrate “at least one existing application,” into the cloud before 2011 was up. Now, for 2012, the very same agencies are to have another two additional applications hosted in the cloud. According to the 432 respondents surveyed by SafeGov.org (a mix of executives, IT workers and non-IT workers), 83 percent of respondents have figured out which three applications will live in the cloud, but only a quarter of all Federal IT respondents have successfully pushed at least one application into the cloud. Nearly half of all respondents said that they’re still working on their first cloud migration.

So what’s the hold up? It’s a cocktail of issues, but a main problem appears to be that cloud services aren’t as cost effective as initially perceived. A third of those surveyed said switching over to cloud services would see no change on costs, while another 25 percent see it as a more expensive alternative. Although a subscription-based service might be initially cheaper, the long-term costs may be wash.

That hesitation on price leads to deeper hesitation when it comes to security. More than half of the IT managers surveyed think cloud security could be exploited inside a 12-month timeframe, with a whopping 61 percent of IT mangers seeing at least one federal agency other than their own dealing with a cloud breach inside a year.

Most IT managers see value in keeping applications and data on premise because there’s “a low level of trust in cloud provider personnel” to keep information and access secure. Sixty-two percent of all those surveyed said that there will always be data and applications that are “too sensitive” to be placed in the cloud, and 30 percent of IT managers saw something as basic as e-mail too much of a security risk for migration to the cloud.

The prevailing sentiment seems to be that existing cloud providers need to prove themselves in a variety of ways, but mainly, on trust. Only 34 percent of respondents were confident that their cloud provider would disclose a breach of security. And more than 70 percent of respondents would want their cloud severs hosted in the U.S. and physically separated from other ‘public’ or non-governmental servers. Federal agencies would also prefer to leverage private or federally controlled “community clouds” instead of cloud providers that also serve the private sector or local government needs.

What’s the bottom line when it comes to cloud and the OMB initiative? Time. Many federal IT managers are looking for a migration timeframe that offers a careful extended move to the cloud or the option to leverage hybrid deployments with on-premise infrastructure. But the most telling figure is that 69 percent of IT managers said the rush to cloud migration is politically driven.

There’s also clearly a disconnect between what federal agencies want and need, and what cloud vendors can provide. SafeGov.org believes there should be “more pragmatic” approach to cloud migration mandates. Given an extended time frame, cloud services are bound to mature, and subsequently, the OMB’s initial mandate can be met, but likely at a later date.