After several decades of trying to maintain a byzantine maze of on-premises applications and systems, government IT officials around the world are turning to the cloud to get a fresh IT start. All around the globe, governments have issued “cloud first” messages directing government agencies to move application workloads on to cloud infrastructure. Much of those initial efforts simply involve lifting and shifting existing applications into the cloud.
“A lot of government IT teams are just throwing up their hands,” says Judith Hurwitz, president of Hurwitz & Associates, an IT consulting firm. “They just don’t want to deal with it anymore.”
But the rate at which that transition is occurring appears to be stalling in the face of a variety of challenges. According to IDC, the amount of dollars the U.S. federal government is investing in the cloud dropped from $2.6 billion in 2016 to $2.2 billion in 2017. That's a decrease of 17.2 percent, however, it is expected to be an anomaly. As government IT organizations begin to develop applications in the cloud, IDC forecasts spending levels should reach $3.3 billion in 2021.
IT security also winds up being a major hindrance of cloud adoption for government IT teams making the transition to the cloud. A survey of 60 government IT professionals conducted by Netwrix, a provider of cybersecurity and compliance software, finds over half (53 percent) are ready to broaden their cloud adoption today, but only 40 percent of government IT professionals will move their entire infrastructure to the cloud within the next five years.
A full 94 percent of respondents say their agency is hosting sensitive data in the cloud, but just over a third say they have visibility into the activity of IT staff (34 percent) on public clouds. Even fewer know what business users (29 percent) are doing when accessing public clouds. But only just over two-fifths (43 percent) say they plan to update their security policies soon, with another 55 percent adding that they plan to focus on increasing employee training as well.
Overall, the Netwrix survey finds only 13 percent of respondents think that their security has improved since adopting cloud services, which is the lowest result across all vertical industries tracked in the study by Netwrix. Another a third (32 percent) say their security situation has not changed, while 27 percent say it has gotten worse.
A big part of that issue is that organizations still find it challenging to determine where their responsibilities for cybersecurity begin and end, says Matt Middleton-Leal, general manager for EMEA at Netwrix. Cloud service providers typically secure their infrastructure better than any internal IT organization can secure on-premises infrastructure. But IT organizations are left to their own devices when it comes to securing cloud applications, notes Middleton-Leal.
Most of the initial focus of government IT organizations has been on lifting and shifting existing applications into the cloud, so many of them are just now starting to address cybersecurity issues associated with developing new applications, adds Middleton-Leal.
“Just having access to a cloud service is not enough,” says Middleton-Leal.
In general, as government IT professionals become more familiar with public cloud services, reluctance to embrace them tends dissipates quickly, says Lance Shaw, director of solutions marketing for Commvault, a provider of data management and protection software. The challenge is getting to the point where government IT professionals start to have confidence in their own processes, says Shaw.
“They are pretty reticent at first,” says Shaw.
Most of the initial usage of cloud computing starts with data protection applications, notes Shaw. But now government agencies are starting to embrace multi-cloud computing strategies in much the same way their commercial counterparts do, says Shaw. The challenge now is implementing an approach to data management that can span multiple clouds, adds Shaw.
A good example of one government entity successfully leveraging the cloud to transform business processes is the British Army, which has embraced DevOps processes to reduce total costs by millions of pounds. At the recent Red Hat Summit 2018 conference, Lt. Colonel Chopsey Cornell told attendees that embracing DevOps running on multiple external clouds has enabled the British Army to abandon waterfall-based application development processes that resulted in applications being built that almost never lived up to expectations.
“We were consistently delivering the wrong thing, too late, at too much cost,” says Cornell.
Thanks to that transition, the British Army, for example, was able to consolidate 64 different financial systems within a public institution known to be risk adverse, notes Cornell.
In addition, the British Army is now starting to make investments in cutting-edge robotic process automation (RPA) platforms to reduce the amount of time it takes to perform a wide range of tasks.
Once the fundamental concepts of cloud management are mastered, it will only be a matter of time before more agile government processes wind up being adopted, which in turn will accelerate the number of government business processes being driven via a cloud application.
In fact, government contracts involving cloud computing are hotly disputed because of the large number of workloads expected to move to cloud platforms once an agency awards a contract. Oracle, IBM, Dell Technologies and Hewlett-Packard Enterprise (HPE) are all involved in varying degrees in a protest lodged against the awarding of a cloud contract to the Amazon Web Services (AWS) by the Central Intelligence Agency (CIA). The Defense Department is expected to ask for a bid on a similar winner-take-all cloud contract next month that is valued as high as $10 billion. Other government agencies are expected to follow a similar path to choosing a cloud platform.
It’s still early days when it comes to transforming government processes. But it’s clear that most of that effort is going to be focused around cloud computing platforms. Once contracts to cloud service providers are more broadly awarded, the rate at which that transformation occurs will accelerate. But for now, many government IT organizations are clearly struggling with not whether they should go to the cloud, but more precisely how they should go about it.