The U.S. federal government spends billions of dollars each year implementing cloud technology for its daily work – and this spending is only increasing as time goes on. From the Air Force to the Department of the Treasury to the Department of Defense and beyond, public sector agencies are eschewing onsite IT systems and contracting cloud vendors in their efforts to reduce costs and boost efficiencies.

But why are government agencies so interested in this technology? And what does it offer for regulators, specifically? To understand this, we must first understand a bit more about how the cloud works and how it provides value to individuals and organizations in both the private and public sectors.

What is the cloud?

Put simply, cloud computing describes programs and infrastructure that are provided as a service via the internet, rather than being implemented and maintained on-site by an organization. The software itself is hosted and maintained in physical data centers by the vendor, who delivers the service (often at a pay-as-you-go rate) to the end user.

Think about most Google services utilized by the average web user – Google Calendar, Google Docs, Gmail, etc. When we use these services, we are not running software that has been installed on our hard drive (though sometimes a client application is used to make interfacing easier). We are using the internet to interact with software that is hosted and maintained elsewhere – usually, in this case, at a Google-owned data center. The same goes for software like Microsoft Teams and Slack.

Such an arrangement offers a unique way for individuals and organizations to handle their digital services. By using cloud computing, regulatory agencies can essentially outsource the storage, maintenance, and upkeep of their IT systems to dedicated service providers, paying only for the services they need as they need them. This can free up valuable resources that can go more directly toward the day-to-day work of regulation.

End users – whether they are licensees, regulatory staff, or members of the public – can interact with a fast and secure online service that has been configured by a dedicated vendor to provide the functionality they need. Constituents can search databases for up-to-date, publicly available information on licensees, license applicants can submit their credentials to secure servers, and agency staff can advance license applications upon receiving the necessary documents, all with a few clicks and keystrokes.

Though cloud service providers must still be vetted to ensure an adequate level of cybersecurity and data protection, working with a trusted vendor usually represents a step up, security-wise, from an onsite IT system arrangement. Because regulators handle highly sensitive personal data on a day-to-day basis, many may choose to consolidate their server footprints and entrust the backup and storage of information to dedicated service providers who are compliant with high-level security protocols.

Cloud software is also scalable, which means that when an agency’s workload increases, officials can contact their service providers and instantly procure access to more computing power. By simply increasing their subscription payments, organizations can avoid the burdens of time and cost that go into expanding hardware and software capabilities onsite.

Agencies everywhere have been drawn to the substantial savings in time, money, and other resources offered by a cloud solution. But how, exactly, are these organizations supposed to transition over to the cloud? What can they expect in terms of service interruption and financial cost? And what should their priorities be when they make the daring leap into the virtual world?

Making the switch to the cloud: Considerations and priorities

According to a 2022 report from the U.S. Government Accountability Office (GAO), there are four basic areas in which agencies face challenges in their efforts to move to the cloud:

• Addressing cybersecurity issues
• Securing favorable contracts with vendors
• Workforce planning and development
• Recording financial impacts

Cybersecurity and procuring vendors

Cybersecurity, of course, is among the most high-level concerns for government agencies looking to make the switch to the cloud. This has been known for quite some time. The Federal Risk and Authorization Management Program (FedRAMP), established in 2011, seeks to provide a cost-effective and secure approach to the adoption of cloud-based technologies for government agencies at the federal level.

For regulators at the state and local levels, it is important to choose vendors who are compliant with trusted security frameworks, such as the ISO/IEC 27000 Series, NIST SP 800-53, and the SOC suite of services. Though these frameworks have been designed by different organizations for different purposes, they often overlap quite a bit in terms of the actual security controls they require. To learn more, check out our 2022 article which explores several cybersecurity frameworks and their utility for regulators.

In terms of procuring cloud services, the GAO found in 2016 that some agencies struggled to properly implement service level agreements with their vendors when signing contracts. Perhaps first and foremost, government organizations should always make sure their arrangements with cloud service providers contain specific language regarding what a security breach looks like and when agencies should be notified of one. They should also specify how an agency’s data will be managed and what recourse can be taken if the vendor is found to have violated the agreement.

Workforce planning and development

As is the case when adopting any new technology, ensuring employees are adequately educated and trained is key in ensuring a smooth transition to the next system. In its report, the GAO found that agencies without an updated workforce development strategy faced challenges after adopting cloud tech, as evidenced in the case of the Coast Guard, which did not include cloud-related skills in its strategy and had no plans to analyze skill gaps among its personnel.

Employees at regulatory organizations should be informed of how their day-to-day work will change when the agency has moved to the cloud and which personnel they can go to if they have questions or concerns. Leaders in these agencies would do well to establish performance targets and measurement strategies to ensure their staff are informed about their responsibilities and expectations when operating their new systems.

The U.S. Census Bureau offers an example of cloud training done right. Having moved to the cloud in 2020, the bureau now offers the census entirely online, thanks in no small part to its effective employee-focused implementation strategy. In addition to a robust recruitment strategy for its Secure Cloud Team, the organization offers comprehensive training programs through its Census Bureau Data Academy. Brock Webb, technology strategist for the bureau’s Computer Services Division, said 90% of the process of the successful transition has been a focus on people and culture.

Recording financial impacts

Because financial savings are such a large part of the appeal of cloud services for government organizations, it is important for agencies to closely track the monetary impact of their transitions. By systematically tracking their data on savings and spending after transitioning to the cloud, agencies can contribute to a larger pool of data on the switch to cloud computing at large and provide useful examples for other organizations looking to make the change.

The cloud is everywhere

The evidence is all around us that the cloud is here to stay. The Department of Veterans Affairs (VA) uses a multi-cloud IT strategy to offer services to veterans around the world. The Federal Emergency Management Agency (FEMA) uses cloud-based AI tools to assist first responders and allocate resources more efficiently when preparing for natural disasters. The National Institutes of Health (NIH) uses the cloud to assist with biomedical research, which played a key role in addressing the COVID-19 pandemic.

Digital transformation can be daunting, but agencies everywhere are learning that the juice is worth the squeeze. With effective planning and strategizing, a switch to the cloud does not have to be as confusing or arduous as it may seem at first. By thoroughly vetting service providers, focusing on the people involved in the process, and meticulously tracking the financial results of such a change, officials can take the appropriate steps forward in building the regulators of the future.