Cloud services: A cloudy forecast for state and local governments

Cloud services continue to grow exponentially making it flourish into a multi-billion-dollar industry. According to a survey by Synergy Research Group, the global cloud infrastructure services market grew by 35 percent in 2020, with the top five cloud providers (Amazon Web Services, Microsoft, Google, Alibaba and IBM) capturing more than 70 percent of the market share. In a soon-to-be-published “2023 CompTIA Public Technology Institute (PTI) State of City and County IT National Survey,” 69 percent moved to on-premises infrastructure (storage, virtual machines, etc.) to a private cloud. Similarly, 71 percent shifted from using a local version of an application to a cloud application (SaaS). About 30 percent stated they are using a managed services provider, and another 25 percent are considering doing so this year. Outside of the survey, many local government IT leaders have expressed frustration toward many leading vendors who are no longer offering on-premises solutions thus forcing them into the cloud.

Cloud services was not always on IT managers agendas and some 15 years ago, many strongly opposed even the concept. They feared loss of control, added cyber risk and data loss responsibility, to name just a few concerns. Adding to some of the fog, here appears to be some confusion in labeling a cloud service vs. a managed service provider. There are differences but the common denominator is that they all rely upon a third-party providing remote or cloud-based services.

The federal government got its first cloud strategy jolt with the presidential Federal Cloud Computing Strategy in 2011, commonly referred to as “Cloud First.” This was the first big push to consolidate services and move data processing to the cloud. In 2017, the “Cloud Smart” Initiative was born. Building upon the former initiative, Cloud Smart’s strategy was founded on three key pillars of successful cloud adoption: security, procurement and workforce. States and localities benefited from the earlier experiences of their federal counterparts and soon cloud became the offering of choice. More recently, the pandemic relied on cloud services, thus providing superior access, security and speed at getting to the communications and or data needed in real-time.

While there is little doubt as to the advantages of cloud services, there is growing concern about the accountability of cloud service providers, including a lack of best practices and many one-sided contracts. One IT leader who had recently moved to a new and larger government jurisdiction was shocked to find a previous cloud contract that did little to protect them from moving to a new service provider. In fact, they were told that while the data could be returned, it would be in an unreadable format and if they were to take the time to make it readable and easy to migrate to another service provider, it would cost nearly $2 million.

Adding to the growing list of concerns are rapidly growing cybersecurity incidents to both cloud service providers and their customers. In May 2022, the federal government took the extraordinary step of issuing an advisory with the headline, CISA, NSA, FBI and International Cyber Authorities Issue Cybersecurity Advisory to Protect Managed Service Providers (MSP) and Customers. The advisory focused on what they see as an increasing collective vulnerability threat regarding cyber-attacks to managed service providers and their customers. The advisory went on to list five suggested best practices but, being advisory, there were no requirements to do so—at least for now.

Despite the many benefits of cloud services, security remains a major concern for state and local governments. Cloud security effects both the public and private sectors and according to a survey by the Cloud Security Alliance, the top security concerns for companies include data privacy, data sovereignty, and the security of the cloud service provider.

The list of concerns is nothing new, but some find it surprising that after a decade they remain fresh.

To read the complete article, visit American City & County.