Agencies aren’t providing enough details about future cloud moves, GAO says

T. L. Furrer/Shutterstock.com

But they generally are meeting goals for the shift to Web-based computing.

Nineteen of 20 agency plans for future cloud computing projects are missing important elements, a watchdog said Wednesday.

For example, seven of the 20 blueprints submitted to the Office of Management and Budget do not include any cost estimates, according to the Government Accountability Office report. None of the 14 plans that involve migrating existing services to the cloud includes the cost of retiring or repurposing legacy systems, the watchdog said.

Without that information it’s not clear if the agencies will be able to wring all possible savings from the cloud projects, GAO said.

Technology officials have estimated the government can save $5 billion annually by moving 20 percent of its information technology infrastructure from agency-owned data centers to more nimble cloud computing.

All seven agencies that GAO surveyed had met OMB’s requirement for moving at least one service to the cloud by December 2011. They also planned to have at least three services functioning in the cloud by the end of 2012, though two agencies -- the Agriculture Department and the Small Business Administration -- said they missed OMB’s June deadline for that milestone.

The shift to cloud computing has been dogged by insufficient guidance on purchasing cloud technology and concerns about its security, GAO said.

The process of certifying cloud vendors also has been arduous, the report said, partly because the governing document -- the Federal Risk and Authorization Management Program, or FedRAMP -- is only in its early stages.

“For example, [General Services Administration] officials stated that the process to certify Google to meet government standards for their migration to cloud-based email was a challenge,” auditors said. “They explained that, contrary to traditional computing solutions, agencies must certify an entire cloud vendor’s infrastructure. In Google’s case, it took GSA more than a year to certify more than 200 Google employees and the entire organization’s infrastructure (including hundreds of thousands of servers) before GSA could use Google’s service.”

Cultural barriers also have been a challenge.

“For example, a State [Department] official explained that public leaks of sensitive information have put the agency on a more risk-averse footing, which makes it more reluctant to migrate to a cloud solution,” the report said.

GAO recommended the surveyed agencies “establish estimated costs, performance goals and plans to retire associated legacy systems” for cloud-based systems and “develop, at a minimum, estimated costs, milestones, performance goals and plans for retiring legacy systems.”

The agencies agreed with the recommendations with some qualifications.

The surveyed agencies were the Agriculture, Health and Human Services, Homeland Security, State and Treasury departments, and the Small Business Administration and General Services Administration.

(Image via T. L. Furrer/Shutterstock.com)