While many public sector institutions had adopted aspects of cloud computing prior to 2019, the pandemic forced those whose adoption lagged to quickly reshuffle their IT priorities.

The need for flexible, scalable and accessible services was acutely felt by both mission and IT leaders, who hurriedly sought ways to enable remote or hybrid work solutions. This explains why, seemingly overnight, the maturity of an organization's cloud capabilities became the de facto indicator of its ability to keep operations and services running.

How mature are your cloud capabilities? Learn more

Common barriers to public sector technology adoption

The public sector generally adopts new technology at a slower pace compared to the private sector. Reasons can include:

  • Budgetary constraints: A lack of funding and resources to invest in emerging solutions; plus, requirements to justify the ROI and social impact of technology investments to taxpayers and other stakeholders.
  • Public scrutiny: Stricter accountability and transparency requirements stemming from laws, regulations and policies, often accompanied by an elevated duty to properly handle privacy, security and equity issues.
  • Procurement complexities: Technology acquisition and contracting processes can be lengthy, rigid or overly procedural due to a reliance on third-party technology vendors who must be vetted, onboarded, negotiated with and monitored for ongoing quality and performance.
  • IT talent scarcity: A dearth of qualified IT staff to adopt and implement new technologies, including challenges related to attracting and retaining talent in the face of private sector competition.
  • Organizational silos: The many different agencies, departments, units and levels of government that comprise the public sector generally have different missions, goals, cultures and processes; these differences can create friction, inefficiency and a lack of coordination that hinder technology adoption.

Cloud computing has faced its own public sector adoption challenges over the years, ranging from technical and organizational hurdles to regulatory and cultural impasses. While some obstacles have been overcome through the development of industry-specific governance standards and best practices that help align mission and technology objectives, public sector organizations are still struggling to realize the full value of their investment in cloud as an operating model.

This article outlines a high-level framework to help such organizations identify where to focus their cloud maturity efforts to overcome these barriers and deliver the types of digital experiences their employees and consumers have come to expect.

Step 1: Cloud strategy and planning

Given the many barriers to cloud adoption, it's critical that public sector entities understand there is a right and wrong way to mature cloud capabilities. Entities that skip key steps in the name of expediency or cost savings are more likely to encounter a "cloud stall" — a program delay that forces everyone to drop what they're working on and backtrack and remedy a prior misstep. 

For public sector entities operating on tight budgets, cloud stall can feel like a dire predicament to overcome. Which is why they should strive to avoid cloud stall from the start.

The easiest way to avoid cloud stall is through comprehensive strategy and planning development. Given the overwhelming number of cloud tools, services and operating models available today, it's no surprise that public sector entities may balk at investing the time needed to fully develop a cloud strategy tailored to their organizational needs.

Topics to consider in building a cloud strategy that will stand the test of time include:

  • Choosing the right cloud operating model and hyperscalers (e.g., AWS, Google Cloud, Azure) to meet your mission needs.
  • Leveraging a cloud partner with expertise in multicloud strategy, migration and management of hybrid operations.
  • Defining and aligning mission and technology goals to achieve objectives and minimize disruptions.
  • Identifying the expected benefits, risks and costs of cloud migration and ongoing management.
  • Establishing a way to measure the relative costs, benefits and financial returns of investing in the cloud.
  • Gaining visibility in all workloads across your multicloud environment.
  • Addressing charge-back, variable consumption, cost optimization and FinOps issues and opportunities.
  • Assessing the status of every application that might be migrated to the cloud (i.e., app rationalization).
  • Establishing cloud governance best practices through a Cloud Program Management Office (CPMO) (i.e., a Cloud Center of Excellence (CCoE) as it's known in the private sector).
  • Identifying IT infrastructure modernization and retirement opportunities.
  • Determining if your internal IT team has the right skills to migrate and maintain your chosen cloud operating model.
  • Creating a cloud migration roadmap as a deliverable for stakeholders across the organization to follow.

You can jumpstart this process by reading our Cloud Maturity Model report.

Step 2: Cloud migration and execution

Public sector entities must prepare for new ways of working once applications and workloads have been successfully migrated to the cloud. While focusing on the specifics of migration, we recommend taking the time to understand why cloud governance, cloud compliance, cloud security, and cloud automation and orchestration are so important to long-term cloud success.

Cloud governance

You will want to establish a Cloud Program Management Office (CPMO) for your agency or institution. A CPMO is a unit within a public sector organization responsible for overseeing the development, implementation and operation of all cloud services. It typically provides guidance, support and coordination resources for all active cloud projects and programs. It also manages internal cloud business functions and solution architectures, helping ensure compliance with security, governance and best practices while facilitating risk management, communication and quality assurance in the process. Your CPMO can partner with other service providers to enable them to deliver cloud-based solutions to end-users.

Cloud compliance and authority to operate

Authority to Operate (ATO) is a rigorous process that many public sector agencies must go through before deploying new software in the cloud. While it ensures agencies meet federal compliance standards, a traditional approach to ATO can slow cloud adoption as every new software deployment must receive authorization.

Fortunately, agencies can move to Continuous Authorization to Operate (cATO), a modernized authorization process designed to work with agency programs that want to move faster and are willing to embrace DevSecOps.

Agencies start by establishing a software factory inside of a DevSecOps platform boundary that already has ATO. Once in place, software can be pushed to production inside the factory, greatly reducing the initial application ATO requirements, when leveraging the platform, and accelerating release management.

Although cATO raises the security standard over traditional ATO, agencies should move to the model so they can deploy updated software more rapidly to the field while improving security and continuously managing risk. 

Cloud security

Cloud security is a critical aspect of cloud computing that involves protecting an organization's valuable data, applications and infrastructure from cyber threats, unauthorized access and data breaches. Cloud security is especially important for the public sector, which handles the sensitive and confidential information of citizens, businesses and government entities. 

Some of the top cloud security concerns to be aware of in the public sector include:

  • Cyberattacks: Cyber criminals are able to target any layer of the cloud stack, including IT infrastructure, cloud management platforms, cloud software and cloud networks. Attacks can also exploit vulnerabilities in an organization's cloud services or applications (e.g., DoS attacks, ransomware, malware, injection attacks, etc.).
  • Misconfiguration: Misconfiguration — incorrect or incomplete settings related to cloud resources like storage, databases, networks or access policies — can cause irreparable data loss or corruption and expose data to unauthorized users or bad actors.
  • Unauthorized access: The illegitimate use of cloud resources by internal or external parties can compromise data confidentiality, integrity and availability. It may also put an organization in jeopardy of legal or regulatory violations. Unauthorized access can result from weak authentication standards, phishing attempts, credential theft, insider threats or third-party breaches.
  • Insecure APIs: Vulnerabilities or flaws in the application programming interfaces (APIs) that enable communication and interaction between cloud hyperscalers and public sector entities can allow bad actors to exploit or manipulate cloud resources, data or functionality. 
  • Extra-territorial laws and data access: The location of your cloud hyperscaler or its servers can potentially make agency data subject to foreign laws or regulations, not to mention the risk of backdoor access by foreign governments or entities. This can pose questions of data sovereignty, privacy and compliance for public sector organizations. The concept of "cloud sovereignty" — the practice of having a cloud computing environment that's owned, deployed, governed and managed locally or regionally within a single nation or jurisdiction — is one way to address these challenges.

Public sector entities should take the time to invest in a cloud-centric security model that comprehensively addresses the specific infrastructure, use cases and risk factors of its work.

Cloud automation and orchestration

The related concepts of cloud automation and orchestration can help public sector entities enhance their cloud capabilities related to efficiency, agility and innovation. Cloud automation leverages software tools or scripts to perform tasks or execute workflows that would otherwise require manual or human intervention. Cloud orchestration is the process of coordinating and managing multiple automated tasks or workflows across different cloud platforms or IT environments.

Together, cloud automation and orchestration can help public sector organizations:

  • Rein in costs and complexity: Reduce the time, effort and resources needed to provision, configure, monitor and manage cloud resources and services.
  • Increase service delivery speed and quality: Accelerate the app development lifecycle, speed service delivery capabilities and improve the overall quality of the end-user service experience through self-service catalogs, auto-provisioning and cloud spend analysis.
  • Harden security and drive compliance: Automating the enforcement of security policies and standards (e.g., encryption, authentication, authorization, auditing, reporting, etc.) can simplify compliance.

Establishing the right policies and procedures around cloud governance, security, automation and orchestration are key aspects of cloud migration that must be executed with care to enable organizations to get the most out of their investment in cloud computing.

Step 3: Day 2 operations and ongoing cloud management

Once public sector entities have successfully completed migration, their work is far from done. Extracting the maximum value from cloud requires an ongoing commitment to FinOps and cost management principles, adopting a cloud-native mindset across the organization, the continued modernization of IT infrastructure, and upskilling internal talent. 

Cloud FinOps and cost management

Cloud FinOps is an evolving financial management discipline and cultural practice that enables organizations to maximize cloud spend and value by helping engineering, finance, technology and business teams collaborate on data-driven spending decisions. Benefits of adopting a cloud FinOps approach post-migration include:

  • Reduce waste and inefficiency: Identify and eliminate idle or underutilized cloud resources across the organization (e.g., virtual machines, storage, databases, etc.) to save money and improve performance by freeing up capacity and avoiding unnecessary charges.
  • Increase visibility and accountability: Leverage tools and processes to monitor, analyze and report on cloud spend and user consumption. This can help public sector entities track budgets, forecast demand, allocate costs, enforce governance policies, and comply with regulatory and audit requirements.
  • Enhance agility and innovation: Cloud FinOps enables public sector agencies to leverage the flexibility and scalability of the cloud to respond to changing needs and opportunities. It allows them to experiment with new services and features, adjust their capacity and configuration, and optimize performance and reliability. It also empowers them to deliver better outcomes for internal stakeholders and citizens by improving service quality and user experience.

Cloud-native mindset

A cloud-native mindset is a way of thinking and working that embraces the full potential of cloud computing. It involves designing, developing and deploying apps and services in a way that is scalable, resilient, secure and adaptable to changing mission needs and market environments. It is a mindset that sets the stage for public sector organizations to leverage advances in AI, automation and continuous delivery to drive performance and efficiency gains.

Fostering this mindset requires public sector entities to learn about and implement cloud-based solutions and approaches such as microservices, containers, serverless computing and DevOps.

IT modernization

After successful cloud migration, public sector entities should focus on ensuring their infrastructure is sufficiently modernized to take advantage of the most recent advances in technology. The three areas of infrastructure modernization to focus on include applications, data delivery capabilities, and networking.

  • Application modernization: Involves transforming legacy applications into cloud-native apps that can leverage the full potential of the cloud.
  • Data delivery modernization: Involves migrating data from legacy systems to cloud data platforms that enable faster, better and more personalized data analysis and insights. Without the right data delivery systems in place, public sector entities will struggle to use advanced analytics and emerging AI/ML solutions to generate actionable insights. Data delivery modernization can also help public sector orgs expand and innovate on how they use and share data, make policy decisions, and drive security and compliance.
  • Network modernization: Involves upgrading an organization's network infrastructure to support the increased demand and complexity of cloud-based services and applications. Solutions include software-defined networking (SDN)network function virtualization (NFV)edge computing, 5G and other emerging network technologies — all of which can improve network performance, flexibility and security.

Cloud talent upskilling

Finally, due to the historical challenge of hiring and retaining skilled IT talent, it's crucial that public sector organizations identify ways to upskill internal IT teams on the skills needed to operate and optimize cloud environments. Not only will targeted upskilling allow IT to take full advantage of the potential of its cloud products and services, but it can prepare them for the future of work and enhance their future competitiveness in the job market. A win-win for both public sector IT teams and the greater organization.

Why WWT for cloud in the public sector?

This article has outlined a framework for state agencies and higher-education institutions to overcome the most common barriers to cloud adoption.

As an industry-leading VAR and global solutions provider, WWT operates in a unique space between our clients, long-standing partners like AWS, Google Cloud and Azure, and the thousands of OEMs and ISVs that build the hardware and software that make up modern cloud environments. Unlike traditional consulting organizations, boutique firms and hyperscalers, WWT offers independent expertise and services across all areas of cloud computing — from strategy development through migration to ongoing optimization. Public sector clients can learn about and test the latest cloud technologies and integrated architectural solutions in our Advanced Technology Center (ATC).

For more information on how to accelerate your journey to the cloud, reach out to a WWT expert today.

Explore our Cloud Maturity Model today.
Login to access