Nearly four out of 10 survey respondents have embraced some form of cloud architecture
Cloud computing is a novelty no more in government IT departments. It has quickly matured to the point where it is on the threshold of becoming a mainstream source of technology for military and civilian agencies and state and local governments.
And as government agencies and departments have learned more about cloud computing, they have gained a more mature perspective on the benefits and risks associated with cloud computing.
The myriad benefits, as well as various mandates, have increased cloud computing deployments to the point that nearly four out of 10 respondents has either adopted cloud computing or are in the process of adopting the architectures for at least some applications or processes, according to a January 2012 survey of almost 300 respondents by the 1105 Government Information Group. A year earlier, only a quarter of the respondents were using or implementing cloud computing.
The federal government’s cloud-first policy, first discussed in the 2010 Federal Cloud Computing Strategy, is among the many mandates driving agency consideration and adoption of the architecture. Cloud first requires federal agencies to consider a cloud option first with every technology project. It stipulates trying to use commercial cloud technologies where feasible and only subsequently considering private government clouds.
However, federal, state and local agency respondents to the survey indicated quite strongly that such mandates are in conflict with security concerns. Indeed, more than half indicated that cloud solutions aren't secure enough for their agencies — a proportion that hasn't changed despite a year of intense examination, testing and deployment of cloud computing.
That tug-of-war — the need to comply with various mandates or the expected cost savings while dealing with security worries — is what may be driving agencies to turn to software as a service (SaaS) as a way to get comfortable with the cloud model without incurring too many security risks, said Renell Dixon, a managing director of the public-sector practice at global professional services firm PricewaterhouseCoopers.
“Moving from managing a traditional software package in their own environment to accessing it in the cloud is a relatively low risk way of gaining the benefits of cloud — reducing an agency’s carbon footprint and reducing costs associated with operation and maintenance,” Dixon said. "These lower risk options are a popular way for government agencies to dip their toe in the water and learn as they go.”
While SaaS is the most popular form of cloud computing in federal government, the survey found that agencies also are using infrastructure as a service (IaaS) and platform as a service (PaaS) as cloud delivery mechanisms. The survey also found that backup, storage, compute services and collaboration are the most popular IT functions currently being delivered by some type of cloud service.
The survey also found that while cost savings have been significant, most respondents report that the savings have been somewhat less than anticipated. Of the four basic types of clouds — public, private, community and hybrid — respondents found private clouds to be the most cost-effective.
While two-thirds of the respondents had expected cost savings from a switch to cloud computing, half said they had saved less. A third achieved the savings they expected and 15 percent achieved more savings than expected. Specifically, the expected savings were about 30 percent, but a significant number of organizations had actual savings of only 20 percent. A few agencies had pleasant surprises, though — their actual savings were 40 percent.
The biggest unpleasant surprise in the cost reduction initiative was the need for other technology when shifting to the cloud. A host of unanticipated hardware, software and data bills are among the potential culprits, say consultants.
“Federal agencies are faced with transitioning away from antiquated legacy systems to the cloud, which for some requires an overhaul of servers, storage, network and other types of technology to provide the right foundation for cloud,” explained Deniece Peterson, senior manager of industry analysis at Deltek, a Herndon, Va.-based consultancy and market research group.
Another example of the learning curve about cloud is the decline in use of the public cloud by government agencies. In one year, the use of the public cloud decreased as a source of infrastructure services to 10 percent, from 23 percent of respondents. Use of the public cloud for platform services also declined, to 8 percent from 17 percent. However, use of the public cloud for software delivery increased to 25 percent from 23 percent.
Decline in public cloud deployments
The public cloud has taken some hits in the press in the form of security breaches and denial-of-service attacks, which may have shaken agencies’ confidence and accounted for the downturn in public cloud use in the government. That may be why the survey found that the use of private clouds increased to 68 percent from 43 percent for IaaS while increasing to 63 percent from 55 percent for PaaS.
Other viable cloud architectures offer security and cost saving possibilities. One is the hybrid cloud — a combination of public and private clouds that puts more sensitive data out of reach to the public while putting less sensitive data in a public cloud. This type of scenario not only helps satisfy various mandates but also can increase cost savings rather than putting the entire infrastructure or platform into a private cloud.
“When the cloud initiative was first announced, there was a lot of interest in the public cloud because the mantra was to save money. Now what’s happened is that people have found that the public cloud does save money, and they are looking to extend it but with an eye on security,” explained Kevin Jackson, general manager for cloud services at NJVC, a Vienna, Va., technology services provider for government, and CIO of GovCloud.com. “That brought them to the idea of the hybrid cloud — a model that is driven by more awareness and understanding of the cloud economic and operational model.”
Another cloud model generating growing interest is the community model, where a cloud infrastructure is shared by several organizations or agencies and supports a specific community, application or platform. For example, several agencies could rely on one billing, HR or email application or platform in the cloud, with all agencies paying the agency that hosted the offering for the privilege. It’s a great way to eliminate duplicate investment and implement best practices such as the requisite level of security.
One of the major drivers for adoption of the community cloud model is Federal CIO Steven VanRoekel's shared-first initiative, which aims to eliminate duplication and leverage technology, procurement and best practices across government. The first target is consolidating data centers, but VanRoekel has made it clear that cloud computing will be a main driver in the shared-first model.
Dixon insists that the combination of education, experience and the advent of the Federal Risk and Authorization Management Program standards — regulations intended to standardize cloud security — will increase cloud adoption in government significantly over the next few years. But even after FedRAMP becomes operational, cloud providers have two years to become certified as fully compliant, which means that it may take that long for agencies to become fully comfortable with the security aspects of the cloud.
Jackson’s advice to agencies is to be patient — security and cost savings will improve with time. And as those benefits and security continue to mature, agencies become more comfortable with the culture changes involved in reliance on the cloud for computing resources.
“I like to compare cloud computing to the idea of opening up a bank in the 1800s in a Western town. People were used to keeping their money under their mattresses, and they don’t trust the concept of a bank,” Jackson explained. “But over time, a few people use it and others see that it seems to be safe. People begin to trust the concept and get more comfortable with it. Cloud is like that. Cloud providers have to build trust with their customers, and the currency is information.”