Feb 10 2020

State and Local Agencies Learn Cloud Strategies from the Feds

Government agencies turn to the federal government for guidance on accelerating cloud adoption.

When state and local agencies see federal government cloud strategies, it may appear moving everything to the cloud — infrastructure, applications, desktops, data and more — is too daunting, too confusing and too expensive. That has the potential to be true if there’s no structure applied to the process. But that begs the questions, how can we apply that structure? Where do we even start?

Federal agencies have already started. You just need to learn from their concepts to make them your own and absorb the lessons they’ve learned the hard way about what it means to work with the cloud.

The Birth of the Cloud-First Approach

For the past several years, federal agencies have gotten pretty good at understanding what to do (and not to do) when it comes to the cloud. That means they’ve got a wealth of knowledge you can easily adopt for your own benefit.

For instance, in early 2011 the Obama administration formulated the Federal Cloud Computing Strategy, commonly known as “Cloud First.” That strategy gave federal agencies the green light to go all in on the cloud by requiring them to “evaluate safe, secure cloud computing options before making any new investments.” It was a visionary, necessary stake in the ground that successfully jump-started cloud adoption at the federal level.

Since then, federal agencies learned a few things. 

First, they discovered the practical reality that not every workload is appropriate for the cloud. For example, applications that relied on sensitive data — as well as applications that would be too costly to move, or legacy apps that were never designed for the cloud or were going to be retired soon — were often better kept in on-premises data centers.

Then, agencies realized the costs of exiting the cloud could be quite high, as were the costs to store data. They didn’t discover those costs until they had already taken that on-ramp to the cloud. 

The feds learned there’s no need to take a wholesale approach and migrate every application to the cloud. A hybrid cloud model, in which some applications are stored in the public cloud while others remain on-premises, is a valid approach that allows for better security while still leveraging the cost and flexibility benefits of the cloud. 

Eschewing an all-or-nothing approach can save you from, as my company’s CEO once put it, “the mother of all lock-ins,” where all of your data and applications are designed for a single cloud vendor. In the early days, federal IT professionals were unprepared for the potentially high egress costs associated with extracting data from the cloud. You can learn from their experiences and create an exit strategy that includes an appropriate budget.

MORE FROM STATETECH: Find out how CASBs provide visibility and security for enforcing rules in the cloud.

The Evolution to a Cloud Smart Model

The tough lessons federal agencies learned led to an evolution in the way the government approached the cloud. Instead of thinking Cloud First, the Trump administration encouraged agencies to become “Cloud Smart” with a revised strategy introduced in 2019. 

Cloud Smart focuses on three pillars: security, procurement and workforce. The idea is to use the cloud to modernize and improve data security, use repeatable practices and knowledge sharing to streamline procurement processes and upskill, retrain, and recruit key talent. 

Each of these pillars is based on the need for open infrastructure components (such as operating systems and application servers), automation and knowledge sharing, respectively. By standardizing systems across all platforms and programs, your security will remain strong. 

Cloud Smart policy suggests expediting procurement as a centralized process in a common portal. Repeatable processes can be avoided by automating everyday tasks, such as installing upgrades and patches. Knowledge sharing stems from an open organization built upon the willingness of managers and employees to adopt philosophies emphasizing transparency, cross-departmental and cross-agency collaboration and continuous updates. 

All of these strategies are viable across levels of government. In fact, it’s possible they’re more applicable at the state and local levels, where agencies tend to be smaller and have limited budgets to devote to security and training, yet need to make processes more efficient.

MORE FROM STATETECH: Find out about the cloud certifications state and local government employees need. 

Other Cloud Strategies State Agencies Can Use

Cloud Smart isn’t the only federal resource states should check out. The CIO Council’s Application Rationalization Playbook is a great resource for learning about rationalizing the many applications in your organization and determining which are appropriate for the cloud. The National Institute of Standards and Technology also has a number of best-practice documents downloadable for free.

There’s no reason why you shouldn’t cherry pick for your own benefit what the federal government has already put in place. You can do so now and be ready to fully realize the promise and benefits of the cloud and steer clear of the well-known drawbacks, thanks to the trail the feds have already blazed. 

Every dollar you don’t spend on reinventing the wheel can go into innovation and improved service delivery, and you’ll be on the same level as those federal organizations — all without having to go through the cloud-first learning curve.

Drzen_/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.