I just published a Gartner research note with this title (subscription required), which took some time to get published. We did have quite some discussion within the analyst community to make sure that positions expressed in this note, while recognizing certain important peculiarities of government, would not contradict Gartner established positions on cloud computing, especially for what concerns the differences between private and public cloud computing. These are discussed in various Gartner research notes and summarized in a blog post by Tom Bittman about The Spectrum of Private to Public Cloud Services.
The concept of “private cloud” services is very important for government organizations, which – unless for the most “public” data and non-sensitive workloads – need to exercise a comparatively greater level of control on how services are delivered than other, less-regulated industries. Further, government agencies may be both on the user and the provider end, as they own IT infrastructure and are in the process of virtualizing, sharing, consolidating within and across agencies.
In our earlier definition of the spectrum of private to public cloud services we distinguished two dimensions: service access (i.e. who can access cloud services, ranging from a single organization to anybody) and service control/ownership (i.e. who owns and control the implementation, ranging from the actual user to a third party).
In a government context, we felt that it was important to make a distinction between ownership and control. The note says:
Ownership concerns the provider of cloud services that are used by government agencies. The owner can be either a single government organization, or a cluster of government organizations sharing resources, or a third party.
Regardless of ownership, government organizations need to exercise different levels of control on how those services are delivered. Some of this may be granted by the programmatic interface of those services, but some areas like data location, security, availability and e-discovery where control is needed for regulatory compliance purposes, may require peculiar contractual constraints.
The research note identifies eight different cloud computing models by combining service access (exclusive, limited membership, anyone) and ownership (agency, government-wide or third party).
While much of the attention today is focused on the more public cloud services (i.e. those provided by third parties to virtually any organization) or on IT utility services (where a single agency accesses services provided by a third party), the most interesting models going forward will be those where government agencies are both users and providers of services, as these constitute the evolution of what we currently call shared services.
Will the cloud attributes make the governance issues that challenge almost any government shared service initiative go away?