Problem solve Get help with specific problems with your technologies, process and projects.

Top seven challenges to Cloud First reveal lessons for providers

A recent investigation of the U.S. government's Cloud First policy offers insight into cloud adoption barriers even where adoption is mandatory.

The U.S. government's "Cloud First" policy seemed like it should have been a boon for cloud providers. Set by the...

Office of Management and Budget in 2010, the policy required federal agencies to give first preference to the cloud service model for all new IT spending. But based on a recent investigation by the Government Accountability Office (GAO), compliance with the program has been tepid.

These findings are particularly interesting to cloud providers, as they provide a glimpse into the adoption barriers even where cloud adoption is mandatory. These potential customers don't need to be sold on the benefits of using the cloud, and yet its traction still lags. 

The report's findings, which analyzed seven federal agencies' plans and progress toward the mandate's deadlines, question the basis of the Cloud First policy. The agencies reportedly made some progress, but overall, they lacked precise cost estimates and solid plans for retiring legacy systems meant to be replaced with more cost-effective, cloud-based delivery models. Addressing these two shortcomings is critical to realizing the benefits of the Cloud First policy, according to the GAO.

Even organizations mandated to adopt the cloud need help demonstrating the business case for cloud.

Several hurdles stand in the way to full, successful implementations of Cloud First. Although each of the seven agencies examined had a unique experience, the GAO study identified seven common challenges they all faced:

  1. Meeting federal security requirements
  2. Obtaining guidance
  3. Acquiring knowledge and expertise
  4. Certifying and accrediting vendors
  5. Ensuring data portability and interoperability
  6. Overcoming cultural barriers
  7. Procuring services on a consumption, or on-demand, basis

Most of these challenges are rather common in enterprise cloud adoption, and cloud providers have worked to address them. Federal agencies, however, face other mandates, such as IPv6 adoption. Cloud providers must help these customers develop clear roadmaps and testing environments to meet the requirements of all these initiatives.

Even with Cloud First, business case must be defined

Meanwhile, the Department of Defense (DoD) released its cloud strategy the same time that the GAO released its report in July. Although the strategy reiterates the DoD's commitment to cloud, it identified a phased roadmap for adoption: foster adoption of cloud computing, optimize data centers, establish DoD enterprise cloud infrastructures, deliver cloud services. The roadmap adopts a cautious perspective on adoption and focuses on realistic, yet optimal execution. The strategy document appoints the Defense Information Systems Agency as the cloud broker for the DoD.

Both reports -- the GAO's Cloud First investigation and the DoD's strategy document -- indicate that even organizations mandated to adopt the cloud need help demonstrating the business case for cloud. While the benefits of cloud are understood at a high level, they become nebulous if customers adopt it without a clear business case defined up front. The fallout: Organizations perceive cloud services as a paragon of unmet promises.

More on Cloud First and government cloud computing

Survey: Federal IT pros dissatisfied with Cloud First policy creates cloud network for governments

Cloud computing will become the U.K. government's 'common infrastructure,' says cabinet official

To avoid this backlash, cloud providers should help government agencies define practical, realistic goals and guide them toward effective execution of the Cloud First policy. The success of these customers is important to the continued pursuit and adoption of cloud-based service delivery across the enterprise market as well.

The GAO study and the DoD cloud strategy document both indicate that cloud providers cannot rely exclusively on federal mandates to drive adoption within agencies. The value of cloud still has to be demonstrated, which again underscores the need to clearly define goals, key performance indicators and what constitutes a successful execution. The GAO's recommendations are very clear here: To ensure the success of agencies' Cloud First implementations, they should direct their respective chief information officers to "establish estimated costs, performance goals and plans to retire associated legacy systems" for cloud services.

Cloud providers must also understand the full context of IT transformation within federal agencies, which face more initiatives than just Cloud First. The OMB has also mandated IPv6 adoption, and even if support for IPv6 is not explicitly required during cloud planning discussions, providers should advise agencies about the importance of aligning their cloud and IPv6 roadmaps. The federal agencies that are most advanced in their cloud and/or IPv6 plans have failed to find many IPv6-ready cloud providers in whose environments they can run pilots or tests. It is to a cloud provider's benefit to help these agencies develop, prepare and execute comprehensive strategies that address other mandates beyond -- but correlated with -- cloud adoption.

About the author: Ciprian Popoviciu, Ph.D., is the president and CEO of Nephos6, a cloud and IPv6 consulting services company with experience in developing strategy, planning and implementation of cloud deployments and IPv6 transitions. An industry-recognized expert in IPv6, Popoviciu has co-authored two books, Deploying IPv6 Networks and Global IPv6 Strategies, in addition to writing multiple RFCs and patents. Visit for more information, or follow him on Twitter @zamolxesv6.

This was last published in August 2012

Dig Deeper on Managed cloud services

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

That's the fun difference between the private and public sector - Companies only implement security that meets the ROI calculations to maximize profit. The government actually ensures it can technically & financially IMPLEMENT the appropriate security, before fielding a system.

The fact that a cloud provider, having to meet any sort of security guidelines, drives up it's cost substantially - Making it an unattractive option - should surprise no one.
The representation for the Internet and Intranet was the cloud, had been for many years.. What is the cloud? I have taken many courses, talked to many, many people and here is what I have found out.. Utter confusion as to what cloud means for them!
A number of businesses have virtualized their servers, storage, and networking adn they have their Intranet which for the most part is protected. Information that they want to share with the world is presented outsider their firewall on another virtual server. Suppliers or other individuals who which to purchase or provide invoices etc are directed to secure servers and allowed in to the business. This has all been done prior to this rediculous terminology called, "the cloud".

Here is what I think is happening. Manufacturers and ISP's revenue streams are shrinking so they needed to invent something that the unwashed masses could gleam onto. Yep, you guessed it, "THE CLOUD". Still in that vein of thought, keep the terminology vague, and confusing and we can charge a fortune to businesses and governments who are early adopters of this old technology. We'll just rename the internet and Intranet and call them the cloud or hybrid cloud etc, and guess what they'll buy into it.

Don't worry, when this stuff gets stale, there will be yet another red balloon on the horizon which everyone with chase.