Cloud First: A Flawed Approach to Cloud Migration

            The intent behind Cloud First was to modernize and secure government systems and applications, which
            were years behind the private sector. However, Cloud First did not include detailed guidelines on how to
            adopt cloud technology, leaving many agencies to forge their own migration path and creating myriad
            complex and stop-gap solutions.

            As more agencies started the migration process, they began to realize the flaws of the wholesale cloud
            migration strategy called for in Cloud First.


               •  Cloud is expensive. Agencies assumed that they would gain cost savings by migrating to the
                   cloud because they would no longer need to maintain on-premises data centers. In many cases,
                   they found that cloud was more expensive, especially if they didn’t have a cloud data management
                   plan. It is cheap to move data into the cloud, but expensive to get it out, and access or egress
                   fees are an unpredictable cost that many agencies could not plan for effectively. Automatic and
                   self-service provisioning quickly added cloud resources when needed, but didn’t always reduce
                   capacity when it wasn’t needed, leaving agencies paying for cloud they weren’t using. Cloud
                   pricing was also confusing, further complicating the issue. Currently, the government pays billions
                   in taxpayer money for cloud.
               •  Security is a concern. Moving from on-premises data centers to the cloud takes some control
                   over  data  and  application  security  away  from  government  technology  leaders.    This  can  be
                   especially concerning when looking at national security, trade secrets, or personal identifiable
                   information.
               •  Legacy applications don’t work in the cloud. Getting existing applications cloud ready was
                   more complicated than expected. Many could not migrate to the cloud – or were prone to bugs or
                   cost overruns if they were placed in the cloud anyway.
               •  Cloud migration led to vendor lock-in. Agencies using the more advanced tools and services
                   of hyperscalers found that they were proprietary, leading to the vendor lock-in they sought to
                   avoid.

            Cloud Smart was designed to overcome many of these issues, but agencies still operating with a Cloud
            First mindset continue to experience many of these problems.



            Cloud Is Not a Destination

            One of the key lessons learned from Cloud First is that cloud isn’t a destination. Not everything should
            be moved to the cloud, and many things that are moved shouldn’t be left there. Agencies should view
            cloud as an operating model centered around utility and self-service – use and pay for cloud services
            when, where, and if they are needed. Cloud spending should be balanced with existing infrastructure
            investments to optimize agency technology budgets – and taxpayer money.










            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          86
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.