Page 86 - Cyber Defense eMagazine September 2023
P. 86
Cloud First: A Flawed Approach to Cloud Migration
The intent behind Cloud First was to modernize and secure government systems and applications, which
were years behind the private sector. However, Cloud First did not include detailed guidelines on how to
adopt cloud technology, leaving many agencies to forge their own migration path and creating myriad
complex and stop-gap solutions.
As more agencies started the migration process, they began to realize the flaws of the wholesale cloud
migration strategy called for in Cloud First.
• Cloud is expensive. Agencies assumed that they would gain cost savings by migrating to the
cloud because they would no longer need to maintain on-premises data centers. In many cases,
they found that cloud was more expensive, especially if they didn’t have a cloud data management
plan. It is cheap to move data into the cloud, but expensive to get it out, and access or egress
fees are an unpredictable cost that many agencies could not plan for effectively. Automatic and
self-service provisioning quickly added cloud resources when needed, but didn’t always reduce
capacity when it wasn’t needed, leaving agencies paying for cloud they weren’t using. Cloud
pricing was also confusing, further complicating the issue. Currently, the government pays billions
in taxpayer money for cloud.
• Security is a concern. Moving from on-premises data centers to the cloud takes some control
over data and application security away from government technology leaders. This can be
especially concerning when looking at national security, trade secrets, or personal identifiable
information.
• Legacy applications don’t work in the cloud. Getting existing applications cloud ready was
more complicated than expected. Many could not migrate to the cloud – or were prone to bugs or
cost overruns if they were placed in the cloud anyway.
• Cloud migration led to vendor lock-in. Agencies using the more advanced tools and services
of hyperscalers found that they were proprietary, leading to the vendor lock-in they sought to
avoid.
Cloud Smart was designed to overcome many of these issues, but agencies still operating with a Cloud
First mindset continue to experience many of these problems.
Cloud Is Not a Destination
One of the key lessons learned from Cloud First is that cloud isn’t a destination. Not everything should
be moved to the cloud, and many things that are moved shouldn’t be left there. Agencies should view
cloud as an operating model centered around utility and self-service – use and pay for cloud services
when, where, and if they are needed. Cloud spending should be balanced with existing infrastructure
investments to optimize agency technology budgets – and taxpayer money.
Cyber Defense eMagazine – September 2023 Edition 86
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.