Industry Research Publication Date: 20 May 2010 ID Number: G00200519 Government in the Clouds Andrea Di Maio, Massimiliano Claps Over the last year or so, "cloud computing" has become one of the most hyped terms in government IT worldwide. This analysis aims at helping government IT executives acquaint themselves with the complexity of determining whether and how cloud computing is fit for their purposes. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.
ANALYSIS In 2009, cloud computing moved from being an overhyped phenomenon to something that governments took seriously from an enterprisewide perspective. While some agencies and departments had already adopted cloud-based solutions to meet selected infrastructure and software requirements, the Obama administration and the new U.S. federal CIO have made this a governmentwide issue, challenging a status quo where almost every department runs its own IT shop and the largest departments have multiple shops and CIOs. Over the past several months, the U.S. federal government has created the first cloud application store for government, launched a request for quotation to determine the viability of infrastructure-as-a-service offerings, embedded references to cloud computing in the budget, and progressed its agenda on security and portability. At the same time, some agencies have taken the lead in both providing cloud services (the Defense Information Systems Agency, NASA and the National Business Center) and using them (the General Services Administration and Department of Labor), and some states (Utah, Michigan and Colorado) and local governments (the county and city of Los Angeles) have developed plans and started deployments for some specific cloud services. In other parts of the world (the U.K., Netherlands, Denmark, Singapore and Japan), governments are looking into the potential of cloud computing for consolidation and rationalization of IT assets and spending. In spite of all these efforts, many governments struggle with fully articulating the value and risk of cloud computing for different workloads, applications and process requirements. Multiple definitions of what cloud computing is, different levels of maturity in managing external service providers, and different attitudes about the problem of owning and controlling the infrastructure create multiple viewpoints inside and across government organizations, as well as somewhat conflicting positions between central organizations tasked with overseeing enterprisewide IT and individual agencies and departments. This collection of research aims at clarifying some of the terminology used by government and by vendors, and at putting cloud computing in the broader context of alternative delivery models and sourcing strategies, in order for government CIOs to reflect on whether and where to leverage cloud computing. As this market is still in flux and so are most of the governmentwide strategies Gartner advice will evolve over time. However, the notes in this Spotlight provide the basis for decisions to be taken in the next six to 12 months. First of all, we addressed the basic question about what cloud computing is for government. "Helping Governments Cut Through the Definitional Cloud" This report helps clients orient themselves regarding different aspects of cloud computing, such as what is delivered with respect to more traditional models, and what the deployment models are. Cloud services exist in a continuum of delivery models and may not be necessarily the most appropriate for what government user organizations are trying to accomplish. In order to make the right decisions about cloud computing, users need to articulate which attributes of cloud computing are needed for what they are trying to accomplish, and explore how cloud computing rates against alternative options (such as traditional hosting or infrastructure utility) that support a subset of the cloud attributes. Governments cannot just "implement cloud," but will implement or acquire one or more cloud technologies or services that provide the right fit between requirements and offering maturity. Publication Date: 20 May 2010/ID Number: G00200519 Page 2 of 5
"When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud" This note analyzes the impact of cloud computing delivery models, such as software as a service, on software acquisition models that government agencies can use, such as open-source, custom and proprietary off-the-shelf software. Government IT executives that need to replace or acquire new software must consider two axes of analysis: acquisition models and delivery models. Acquisition models are not limited to the traditional build-versus-buy paradigm, but include custom-built, transfer, community source, open source and proprietary off-the-shelf. Delivery models such as infrastructure utilities and cloud services create a range of new options for software acquisition, but not all acquisition models fit with the cloud. Starting from the definition of cloud computing that Gartner provides, we have analyzed and compared it with the definition of cloud computing provided by the National Institute of Standards and Technology (NIST), which has become very popular among U.S. government agencies. "NIST and Gartner Cloud Approaches Are More Similar Than Different" Gartner and NIST have both developed layered approaches to describing cloud computing that are more similar than different. This research outlines those similarities and differences. The NIST model is a good foundation. It identifies three key layers: an infrastructure layer that provides an alternative to traditional data centers, a platform layer that provides an alternative to current application development and deployment environments, and a layer that provides an alternative to existing application environments. Gartner has defined more layers than NIST. These additional layers are still useful in fully describing all of cloud computing. The Gartner model adds granularity and is fully complementary to NIST. "U.S. Federal Definition of Cloud Computing: Handle With Care" This research analyzes the definition of cloud computing developed by the NIST to highlight where it is usable and where improvements could lead to greater clarity and higher adoption and use. Key Lesson The NIST definition does not help articulate the difference between "private" and "public" cloud, especially from a sourcing perspective. "Cloud Computing in Government: Private, Public, Both or None?" This research explores some of these options across the continuum from private- to public-cloud computing services for government. Cloud-computing services used by government can be managed by government, by external providers or by a combination of both. Publication Date: 20 May 2010/ID Number: G00200519 Page 3 of 5
Cloud-computing services for government pose similar challenges to any other kind of shared government services, so that reasons for success or failure will depend on the appropriateness of the shared-service governance more than on the technical adequacy of the solution. "The Geopolitics of Cloud Computing" As cloud computing becomes more popular in government and extends beyond the U.S. federal government, the global nature of cloud-based offerings presents new challenges. Government agencies that are considering cloud-computing deployments should look at all dimensions of public value, including impact on employment and economic recovery policies. Finally, we provide the basic elements of an evaluation framework for government IT executives to assess whether cloud-computing offerings meet their needs. "Criteria for Government to Evaluate Cloud Computing" Cloud services are more complex to evaluate that traditional software and hardware provisioning models. This study provides a framework that government IT executives can use to select more thoroughly the offerings they receive from public and private cloud providers. Attributes of a cloud offering that need to be considered are performance, scalability, maturity, portability and compliance. Attributes of the user organizations that need to be considered are genericity of requirements, organization maturity, desire to retain control and geopolitical considerations. RECOMMENDED READING "U.S. Federal Government Budget's Not-So-Consistent Plans for Centralization, Consolidation and Cloud Computing" "Case Study: The National Business Center Reduced Costs and Improved Services in Multitower Shared Services" Publication Date: 20 May 2010/ID Number: G00200519 Page 4 of 5
REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 U.S.A. +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo 153-0042 JAPAN +81 3 3481 3670 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9 andar World Trade Center 04578-903 São Paulo SP BRAZIL +55 11 3443 1509 Publication Date: 20 May 2010/ID Number: G00200519 Page 5 of 5