Getting IT Right? How State Governments are Approaching Cloud Computing

Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent of new spending on Internet and communications technology will be on cloud-based platforms. Apple, Google, Amazon, Microsoft, and hundreds of smaller companies are positioning themselves to dominate the estimated $5 trillion worldwide market. While few companies will provide numbers, it is estimated that Amazon and Google may run as many as 10 million servers while Microsoft runs close to one million. In short, it is an innovation that makes a mockery out of Moore’s law.

But, like all innovations, cloud computing has potential pitfalls. Public sector organizations in particular have had difficulty taking advantage of new technologies. The Heritage Foundation keeps a list over 50 examples of government ineptitude including $34 billion in fraudulent Homeland Security contracts, National Institutes of Health renting a lab that it neither needs nor can use for $1.3 million per month, and the Department of Agriculture wasting $2.5 billion in stimulus money on broadband internet. Technological ineptitude received special attention with the failed launch of the, the release of classified data from Edward Snowden, and the costly FBI virtual case file debacle.

Cloud computing is far more than just a simple technology change and requires a close examination of governance, sourcing, and security. We sought to understand how well state government is prepared to address the challenges of cloud computing.

The Approach

We have gathered and started to do a content analysis of the IT strategic plans for each state. For each plan, we performed a content analysis, which is looking for certain phrases or text within the IT strategic plan in order to have a structured way to understand the data. Details for our approach can be seen in our previous blog post.

How States Are Implementing the Cloud

We were not surprised to see a number of states preparing to study or embark on cloud computing.

While some states don’t mention it (e.g. Alabama), most states are eagerly exploring it. For example, North Dakota’s plan talks about cloud computing as an integral part of the future and seven of its thirteen major IT initiatives are centered on preparation for transitioning to the cloud “where and when it makes sense”.

Vermont puts itself squarely in the studying period. The plan describes that, “While the risks of enterprise-wide and cloud-based IT must be carefully managed, trends continue to just larger-scale operations.” Wisconsin also clearly lays out its view on cloud computing, writing that, “Flexibility and responsiveness (also) guide Wisconsin’s approach toward adoption of cloud services” and suggests that its version of a private cloud “…offers advanced security and service availability tailored for business needs.” West Virginia provides an equally balanced approach by requiring that only services with an acceptably low risk and cost-effective footprint will be moved to the cloud.

In short, all of the states that are considering cloud computing are taking a thoughtful and balanced approach.

The Good

One of the most critical aspects of cloud computing is security and, without question, states understand the importance of good security. A good example of this is Colorado who designates security as one of its four “wildly important goals” and sets the target of “10 percent reduction in information security risk for Colorado agencies by close of FY15”.

South Carolina echoed the same theme by asserting that security and confidentiality are “overriding priorities at every stage of development and deployment.” Connecticut’s plans explain the need to “continuously improve the security and safeguards over agency data and information technology assets”.

The Bad

Despite the interest in cloud computing, we were only able to find a single state (Georgia) that explicitly links governance to security and, to us, by extension to cloud computing. In Georgia’s plan, they start with the idea that “strong security programs start with strong governance” and then explicitly describe necessary changes in governance to improve security.

We were, however, impressed with the seriousness that New York, North Carolina and Massachusetts took governance but it was difficult to find many other states that did.

The Ugly

Unfortunately the results on sourcing were dismal. While a few states (e.g. Kansas, Ohio, and Massachusetts) specifically discuss partnerships, most states seemed to ignore the sourcing aspect of cloud computing. The most ominous note comes from Alabama where they make a statement that innovation in the state is being stifled by a lack of strong personnel.

While we have great enthusiasm for government to address cloud computing, some of the non-technical issues are lagging in the discussion. Good government requires that these items be addressed in order to realize the promise of cloud computing.