Cloud adoption on the rise, but new report highlights trouble spots
A new survey of federal leaders paints an early picture of which applications are migrating to cloud computing. But limited awareness and trust remain big hurdles for agencies.
The issues that have impeded the federal government‘s early efforts to adopt cloud computing -- a general lack of awareness and concerns about trust and security -- appear to be more perceived than prohibitive, according to a new survey of government officials.
As a result, although those concerns remain high, the use of cloud computing services by agencies is poised for rapid gains as managers become more aware of the potential of Internet-based cloud computing.
The new study, released this week by the Lockheed Martin Cyber Security Alliance, found that 70 percent of government technology decision-makers in federal, defense/military and intelligence agencies report they were most concerned about data security, privacy and integrity when it comes to migrating to cloud computing.
Federal cloud computing just got easier
Don’t look down: Cloud computing is still missing a few steps
It also found limited awareness about cloud computing, which in turn shaped the degree of confidence federal managers have toward adopting cloud services.
Of 198 government technology decision-makers in federal, defense/military and intelligence agencies, 38 percent said they are unfamiliar with cloud computing and another 23 percent are unsure whether their agency uses cloud computing services.
Only 14 percent said their agencies are currently using one or more cloud applications; an additional 16 percent are discussing migrating to cloud computing or are in the process of doing so.
At the same time, an early picture is emerging of how and where on-demand, Internet-based computing software, development and infrastructure services are likely to deployed in government agencies.
Among respondents familiar with cloud services,applications for communications, databases and document management work were ranked highest among those being used or considered for cloud computing environments. But a variety of other applications are also being considered by at least some agencies. The list of applications in order of their use or consideration by respondents:
|
Communications applications |
63% |
|
Database applications |
59% |
|
Document management |
57% |
|
Mission-critical data management |
52% |
|
Document creation & editing |
51% |
|
Virtualized server environments |
47% |
|
Human resources management |
46% |
|
Financial management |
45% |
|
Customer relationship management |
43% |
|
Procurement |
41% |
|
Enterprise resource planning |
40% |
Although respondents could be willing to put essential applications in the cloud, an overwhelming majority favored using privately-controlled clouds, and to a lesser extent shared-community clouds, rather than publicly-managed clouds for hosting and running their applications.
Similarly, although about half of respondents expressed a likelihood that they might outsource certain applications, such as customer relationship management and human resources management applications, only one in three said they were likely to outsource mission-critical and enterprise resource planning systems.
Still, the larger issue confronting agencies over the proposed adoption of cloud computing services hinges on trust and network security.
Although 40 percent of respondents say they trust cloud computing as a reliable method for managing agency information services, 60 percent do not.
The study also pointed to important awareness gaps between those familiar with cloud computing and those focused on cybersecurity. Approximately a fifth (21 percent) of respondents who are involved in cybersecurity at their agencies are not familiar with cloud computing, while nearly half (47 percent) of respondents who are familiar with cloud computing are not involved in cybersecurity. As familiarity with cloud computing increased, however, so did the level of trust in it. Among respondents responsible for cybersecurity, 53 percent said they trusted cloud computing as a means for handling agency information.
Those awareness gaps, however, pose a challenge for agencies and their efforts to coordinate the work of different professionals who will need to investigate, implement, use, secure and manage cloud computing services, the study suggested.
In addition, the study found that that significant questions remain about who should govern cloud computing. Nearly a third of respondents (30 percent) said cloud computing should be governed at the agency level; 21 percent felt congressional legislation was needed; another 21 percent favored joint public/private coalitions; and 18 percent thought the White House cyber ecurity coordinator would be the best choice for resolving governance issues.
The survey also detailed types of risks that concern government officials most about cloud computing. At the top of the list were concerns relating to network security, general threats such as spyware, data loss, communications security and disaster recover.
A summary of the findings of the survey can be found at: “Awareness, Trust, and Security to Shape Cloud Adoption.”
The Lockheed Martin Cyber Security Alliance was established in 2009 as a consortium of companies working on cyber security challenges, including APC by Schneider Electric, CA, Cisco, Dell, EMC Corporation and its RSA Security Division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.