Last week I was at a large government agency with a large IT shop, running its own data center, and currently piloting an internal private cloud for infrastructure as a service (network, virtual machines and storage bundled together). They wanted to discuss whether they had made the right architectural choices and how to move from pilot to actual deployment.
I asked them what was the business case behind developing their own cloud, and they answered that they needed to better utilize their resources, given the significant workload variations in their business. Since they have already almost completely virtualized their data center, I asked what was the additional value of moving toward a full-blown cloud solution and whether they were contemplating some form of cloudbursting, i.e. the use of external cloud services, in order not to size their infrastructure on the peak requirements. They answered that they have very stringent security requirements, and therefore they cannot contemplate any external services.
Since this particular organization publishes lots of public open data, I asked whether they were considering public cloud services for that at least, but they seemed to be unwilling to go that way, even if they admitted that they could not see any regulatory impediment to do so.
It is no uncommon to find government IT organizations that are not looking at cloud as an opportunity to revamp their sourcing strategy, but more as a means to brush up their internal services. Doing so, however, they risk making their services much easier to compare with externally-provided services, and unless they are really good or draw clear boundaries around what cannot be externalized for security and data sovereignty reasons, they may find themselves in an uncomfortable position relatively soon.
Category: cloud Tags: