Cloud comes last under the US government's Cloud First policy regime

Stuart Lauchlan Profile picture for user slauchlan September 28, 2014
Cloud First came in as official policy 3 years ago, so why does 98% of US government IT spend still go on on premise, legacy solutions?

Earlier this year, diginomica flagged up our concerns about the progress of the G-Cloud government cloud initiative in the UK which we feared had stalled somewhat since moving under the umbrella of the Government Digital Service (GDS).

Since then, we’re pleased to say that there has been a notable uptick in terms of profile raising for the program, although significant concerns still remain, for example, within local government where uptake has been low and seemingly met with some resistance from CIOs at regional level.

But progress there is and G-Cloud related spend continues to rise. albeit with what is presumably a summer holiday related slow down in evidence. Total spend to date is now £270 million, up £20 million during August. (July’s increase was £30 million).

So at this point, we’ll do the traditional ‘still a drop in the ocean compared to overall government ICT spend yada yada yada’ comment before the G-Cloud haters can get there first, but overall, the direction of travel remains essentially positive.

All the more so perhaps when we look at what’s happening - or rather, not happening! - in the USA where the Federal Government’s long standing Cloud First policy is essentially being ignored by government departments.

Cloud First was an initiative that came out of the first Obama administration. Launched in 2011 by the then US CIO Vivek Kundra, it mandated that government agencies had to evaluate a cloud computing option first and then come up with a damn good reason why not to use it before they could carry on spending on traditional on-premises solutions.

Kundra reckoned at the time that you could knock $20 billion off the $80 billion overall annual US government IT spend this way and with the complete backing and authority of President Obama behind him, all seemed on track to put this to the test.

But as it so often the case, the political will has run head-on into the administrative won’t. Kundra himself is long gone, now part of the private sector at, but while the Cloud First policy remains in place, it’s not being pursued with the vigor that it needs to be.

That’s the downbeat conclusion of a new report from the US Government Accountability Office (GAO) - CLOUD COMPUTING : Additional Opportunities and Savings Need to Be Pursued - which makes for grim reading for anyone who thought that the cloud computing deal was done and dusted in the US public sector.


Local difficulties on a global scale for government clouds -

A G-Cloud open letter from the UK to the world -

G-Cloud and the need for tech marketing in government -

G-Cloud passes £200 million milestone as suppliers get to mark their own security homework -


At first sight, some of the top line figures look OK. For example, since the GAO last reported on progress, the total number of cloud computing services implemented by US government agencies has gone up from 21 to 101.

But when you look a bit closer, it’s really rather depressing:

Of those 101 services, only 22 have gone fully live and have delivered cost savings of around $96 million.

Meanwhile the total spend on cloud services went from $307 million to $529 million. But that equates to an overall increase of just one percent.

Most damning of all: government agencies collectively admitted that they had not considered cloud computing services for about 67% of IT projects and investments despite being mandated so to do!

As a result, three years on from the introduction of Cloud First, some 98% of US government IT spend goes on non-cloud solutions!


The GAO notes in its report:

Even though the agencies collectively and individually increased the percentage of their IT budgets allocated to cloud services, our analysis showed that the agencies are still devoting a large portion of their IT budgets to non-cloud computing expenditures. Specifically,the agencies in 2014 were collectively budgeting 2 percent of their IT budgets to cloud services, while the remaining 98 percent were dedicated to non-cloud expenditures.

Some departments and agencies do better than others with the most recalcitrant offender being the Department of Health and Human Services (HHS) which has allocated on 1% of its overall IT budget to cloud services.

© elkor 2009
So what’s the problem here? Is it just inherent conservatism among the CIOs and IT decision makers? Another case of you-don’t-get-sacked-for-buying-proprietary-on premises-stuff syndrome?

For their part the 7 main agencies evaluated by the GAO for its report pout forward the excuse that the 98% spend on non-cloud stuff was going into legacy investment in operations and maintenance and that they believed they only had to factor in Cloud First when these ageing systems had to be replaced.

This is utterly specious nonsense of course, a philosophy that would mean there’s never likely to be a reason to move forward. It’s also completely at odds with the Office of Management and Budget (OMB) directions around Cloud First which states that cloud solutions are to be considered first regardless of where the investment is in its life cycle.

The GAO observes despairingly:

Agency officials were aware of the OMB guidance and said they had plans to assess their unevaluated investments in the near future. Nevertheless, the agencies for the most part were not able to provide us with specific dates for when assessments of these investments were to be performed. Establishing such milestones is an important management tool to ensuring policy outcomes—including those envisioned by OMB’s cloud policy—are achieved in an efficient and effective manner.

Until the agencies assess their IT investments that have yet to be evaluated for suitability for migration to the cloud, they will not know which services are likely candidates for migration to cloud computing services, and therefore will not gain the operational efficiencies and cost savings associated with using such services.

Faced with this argument, the cloud luddites cite 5 other excuses for not making the move away from on premises.

Federal security requirements is the inevitable first one. According to agency officials, security requirements are a moving target and as such it’s too difficult for both the buy and sell sides to keep up to speed. Again this is a flimsy rationale that essentially equates to, ‘So let’s do nothing’.

Overcoming cultural barriers is also cited. This is the old ‘not the way we do things round here’ argument. The fear of change is almost certainly genuine but (a) that’s not a reason not to face up to it and (b) the same fears were expressed among private sector organizations and we seem to be doing OK there now!

Shortcomings in current network infrastructure, topology and bandwidth render it insufficient to meet new infrastructure needs when agencies transition to cloud computing services. OK, this one I have some sympathy with and it’s a problem that’s faced in the UK with the G-Cloud, particularly at local and regional level. But again, that means that spend and effort needs to be allocated to addressing this, not simply shrugging a collective shoulder and saying ‘can’t do that then’.

Lacking appropriate skills. Again, a familiar refrain; again, not a reason not to set about changing that situation.

It’s too expensive to pursue the cost savings of the cloud. This is the ultimate administrative excuse: it’s more expensive to do things cheaply, it takes longer to do things quickly, it’s more complicated to do things simply etc. This is only a valid excuse if the focus is entirely on start-up implementation costs and not the longer term ROI.

My take

There’s a certain cold comfort to be had from knowing that the US, the pioneer of Cloud First thinking in government, has run into the same uptake issues as other nations.

But there’s also a certain depressing realization that the blight of administrative lethargy and public sector CIO intransigence is seemingly universal.
The GAO ends its report with a call to action to make that that government CIOs:

  • Ensure all IT investments are assessed for suitability for migration to a cloud computing service
  • Set evaluation dates for investments that have not been assessed for migration to the cloud.

There shouldn’t really be a need for such recommendations at this point, but sadly there clearly is.

Until things change, Cloud First will remain a policy, not a practice.

A grey colored placeholder image