Cloud services are the No. 2 priority for state CIOs in 2019, according to the National Association of State CIOs’ recently released list.
Specifically, the priority includes “cloud strategy; proper selection of service and deployment models; scalable and elastic IT-enabled capabilities provided ‘as a service’ using internet technologies.”
Cloud adoption is likely going to continue to grow at the state and local level. Gartner expects double-digit growth in government use of public cloud services, with spending forecast to grow 17.1 percent on average per year through 2021. Across all industries, companies spend an average of 20.4 percent of their IT budgets on the cloud, according to the research firm, compared with 20.6 percent for local governments.
North Carolina Chief Deputy CIO Tracy Doaks recently told StateTech that cloud use has advanced significantly in the Tar Heel State over the last couple of years. The state went from not using the cloud (unless that use was unauthorized), to the introduction of a cloud service broker that supports multiple cloud vendors that any agency can use.
“And not only can they use those clouds, it’s self-provisioning, so they have self-service in a way that they never used to have,” she says. “So, for an on-prem provisioning solution, it took maybe 30 days to get what they we were looking for. And now they can get that in 15 minutes.”
Some states are further along in their cloud journey than others. What are the best practices states should follow to successfully migrate to the cloud, and, once they make that decision, to ensure that their deployments will yield benefits?
1. Determine Cost of Existing Operating Models and Cloud Migrations
Karthik Viswanathan, Massachusetts’ assistant secretary of technology services, says that before any agency moves to the cloud, it should examine the total cost of running its entire enterprise in an on-premises environment.
California CIO Amy Tong says that migrating to the cloud is a journey and “not an overnight thing.”
Many state governments have a number of legacy systems and applications that they want to migrate to the cloud. “For those, I would say do an assessment, a cloud readiness assessment, which we did for every single one of our major systems,” she says.
Tong says state governments need to properly budget for cloud migrations, whether it is a simple lift and shift or a complete rearchitecturing. “And if it is, budget ahead of time and level set expectations on the timing required to do that so you can have a more realistic plan,” she says.
Agencies also need to rethink their IT costs once they start using cloud platforms. “The big difference in the mental shift between on-premise vs. cloud is certain things where we take for granted where it’s a fixed cost over a period of time,” Viswanathan says. “In a cloud environment, it’s a constant iteration. You look at what the usage looks like, make tweaks, it’s almost like checking your utility bills every month.”
2. Determine Governance Models for Cloud Apps
Once agencies have decided to move apps to the cloud, they need to consider the governance model they will use for their cloud environments, says Viswanathan. That includes how the cloud environments will be managed, patched and upgraded.
“So, I would say the three areas one should focus on are the right-sizing of the application, the utilization of the different assets within the infrastructure, and to upgrade the software to the right versions so everything is comfortable and supportable,” Viswanathan says.
Agencies also need to determine which apps to move to the cloud. Four years ago, California adopted a cloud first policy, under which new apps are built in the cloud as a first choice, and whenever possible, apps are migrated to the cloud, Tong says. However, since then, California has learned that moving apps to the cloud is not as easy as one might think, especially for large legacy systems that are not cloud ready.
“So, we really have switched to a cloud adoption focus rather than just simply cloud first,” Tong says.
She advises agencies to “be smart, be strategic, be thoughtful on what it would take to actually move a solution into a cloud environment when it was not designed to be that way.”
3. Ensure Employees Have Cloud Training
Doaks says that if other state governments are looking to go on a cloud journey like North Carolina’s, she would “strongly suggest that they don’t look at the end game first. There are steps to getting there.”
Some state agencies might be more tech savvy than others, and their employees may want to use self-provisioning and other cloud options. While Doaks says that is “great,” state CIOs cannot forget about other state agencies that are not as technologically advanced. Those employees will need training to be able to maximize their use of cloud tools.
“We also have to meet all those other agencies that are not as tech savvy and have programs and solutions for them,” she says.
4. Do Not Forget About Cloud Security
Doaks says she works very closely with the state’s enterprise risk and security officer to help define where apps belong. “But most of them are going to be driven by the types of cloud vendors that we have, and the requirements that we have in order for them to store data,” she says. Some clouds are able to store sensitive data like Health Insurance Portability and Accountability Act data, and others are not.
North Carolina is planning to ensure cloud data security by introducing a cloud access security broker. CASBs serve as a unified control point to give organizations visibility and control for all their apps, usage and data in the cloud.
“That allows us to understand where a workload sits, and if it moves from one cloud to another cloud and it’s not the right cloud for that data classification, we will know that and then we can stop that movement,” Doaks says. “That’s going to be a significant way for us to understand where data sits and whether it’s sitting in the right place.”