I spent a good part of yesterday at Gartner Symposium in Orlando talking to government clients, moderating a vendor panel and finally running an analyst-user roundtable, all on the topic of cloud computing.
Two main take-aways for me:
- Government clients are confused as to (1) whether vendor offerings really meet their security requirements, (2) which workloads could be easily moved to a public cloud and (3) what’s the roadmap from public to private/community clouds.
- Some vendors have great confidence that their existing solutions already meet most of the security requirements and claim that there is already a lot of government stuff in the cloud.
Therefore, either vendors are not effectively or convincingly marketing their success stories, or government clients use “security” as a blanket topic not to move to the cloud.
My current reading though – and I know this won’t be welcome by some – is that most of these conversations really are about alternative service delivery models.
Except one or two cases, all conversations focused on “cloud computing can make me save money” rather than “I need scalability or elasticity”.
But even just looking at cost savings, most compare their current costs with numbers that come from “public cloud” vendor offerings. On the other hand it is clear that certification and accreditation to comply with a variety of security requirements, as well as additional constraints about service levels (such as finer-grained control of data location) will increase costs. Last but not least, I’ve heard two clients mention the “geopolitics” angle that I recently covered in a blog post as well as in a research note (Gartner clients only).
All this led me to tweet this simple line: In most cases government organizations that mention cloud are just looking for better sourcing, and don’t really need a cloud.