Budget, Cybersecurity Are Barriers to State Cloud Adoption – Government Technology

Cloud services made their first appearance on the National Association of State Chief Information Officers (NASCIO) list of state CIOs top 10 priorities in 2010, and the way governments approach cloud has come a long way in that time. In the past several years, there was a shift away from a gung-ho cloud first strategy to what many CIOs called cloud smart, and while IT leaders still see cloud as the way forward, theyre taking a measured approach.

At the NASCIO Annual Conference in Seattle last week, former Texas CIO Todd Kimbriel presented the results of a new study from NASCIO and Accenture that examined where states are in cloud adoption 89 percent of survey respondents reported that a hybrid cloud is their ultimate goal and what challenges theyre encountering on the way.

One major barrier Kimbriel brought up was budgeting, which Pennsylvania CIO John MacMillan said comes from the difference between consumption of cloud services, which is elastic, and budget, which is not; state budget cycles complicate that further.

Plus, MacMillan noted, moving to the cloud doesnt necessarily save money, since CIOs have to think of the transition costs in addition to longer-term financial impacts.

Another sticking point the study found in cloud adoption was inconsistency in terms of how states define what the cloud actually is. Forty percent of respondents reported that they use the NIST definition of cloud computing, while 20 percent said they use the term to refer to any off-premise computing.

Language matters, especially when it comes to cybersecurity, Sloan said. If we dont agree on what a cloud is when data is sitting out there, we now have shared risk.

Interestingly, the survey showed that while CIOs feel the cyber workforce is suitably trained to move a substantial portion of government services into the cloud, cybersecurity is still cited as a barrier to cloud adoption. This issue came up at another session at the NASCIO conference, where former Colorado CISO Deb Blyth said that whether cloud increases or reduces security risk depends on how its configured.

She cited faulty configuration as a factor in the 2017 cyber attack on the Colorado Department of Transportation, when an on-premise service was connected to the cloud as a test, opening an external line for bad actors to exploit. If state IT had been able to detect what was in the cloud, Blyth said, they could have more easily prevented the attack.

Washington CISO Vinod Brahmapuram predicted that, along with adaptive automation and trust in identity and access management, one major area where state CIOs will see a shift in the coming years is around well-architected cloud options that dont compromise security.

Lauren Harrison is the managing editor for Government Technology magazine. She has a degree in English from the University of California, Berkeley, and more than 10 years experience in book and magazine publishing.

See more here:

Budget, Cybersecurity Are Barriers to State Cloud Adoption - Government Technology