Held back by privacy and security concerns, the public sector is unlikely to fully adopt a public cloud infrastructure for its core computing needs but industry observers say there are areas in which the public cloud model can work.
Steve Hodgkinson, research director for Ovum, noted that the main challenge is that governments usually have strict compliance protocols and obligations to protect the privacy and security of the data they possess.
"Not all data is equal as governments have some data that is accessible to the public realm and some data that is sensitive," Hodgkinson said in an interview. "There is no issue over what's in the public realm but for mission-critical and sensitive data, they are unlikely to use the public cloud infrastructure."
He said governments need to ensure they can access their data any time they wish and this cannot be encumbered by data residing outside national borders. "With the public cloud infrastructure, there is no way to know for certain where the data is residing or traversing at any point in time," he noted.
However, the analyst highlighted that there are examples of government agencies using software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) for applications that involve public data. These include emergency response systems, and customer relationship management applications to track and coordinate donated goods or match people with the help they need in disaster situations, Hodgkinson said.
According to John Galligan, director of Internet policy at Microsoft Asia-Pacific, more governments worldwide are looking at public clouds to support citizen services because the platform is scalable and provides an efficient way to provide information and create interaction between government agencies and citizens.
In an e-mail interview, Galligan explained: "Governments should take a considered approach to what information should remain not just within a nation's borders, but also within their own data centers.
"Certain datasets are always going to have to be treated with greater levels of security and protection, but that doesn't mean the same approach should apply to all information created within the government."
He suggested that governments audit the different categories of information and datasets, based on risk and relevance, and determine which data can be hosted in a public cloud.
This would allow the public to make better informed decisions and could increase dividends both in terms of reducing costs for government IT spend, while empowering citizens with more information, he said.
Identify right service provider
Miklos Sandorfi, chief strategy officer at Hitachi Data Systems, noted that the issue is not about whether public clouds are suitable but about understanding the necessary security, data center and availability practices.
"There are public clouds that do not include any meaningful service level agreements (SLAs) and do not permit audits of their infrastructure or data center practices, but there are also others that do have strict SLAs [and these] can be an option for the public sector," he said.
Asked what the public sector should do to capitalize on the scalability and the benefits of the public cloud, Sandorfi said governments must find the right service provider which understands the local requirements of data sovereignty and data management practice.
He noted that "commodity" public cloud providers typically do not provide the tools or governance to meet the requirements of some government agencies. "However, there's a growing number of cloud service providers that clearly understand the more sophisticated requirements customers in both the enterprise and public sectors require, and are delivering services that cater to these segments," he said.
Hodgkinson concurred, noting that while governments could afford to build their own private clouds and manage these infrastructures by themselves, a better and optimal approach is to select an enterprise-grade cloud provider that can guarantee strict SLAs and has a trustworthy name capable of building a secure and robust cloud for the public sector.
"This way, a government does not have to worry about the complexity of building and having the skillsets to maintain their cloud infrastructure," he said.
Policies, guidelines needed
Despite the benefits that the cloud computing model touts, governments are still struggling to keep up with the policies and guidelines necessary to regulate the platform.
Galligan noted that governments need to look at the policy agenda for how services should be delivered through the cloud and promote responsible adoption and coordinated policy action.
"At a minimum, we need a technology policy that advances access to cloud services and builds confidence among users that their information, identity and independence are protected through the closer alignment of privacy laws, promotion of online safety education and greater resources for and coordination in combating cybercrime," he explained.
Badlisham Ghazali, CEO of Multimedia Development Corporation (MDeC), noted that as Malaysia moves to the cloud, standards development for security, interoperability and portability are important to protect government information and privacy of its citizens.
In the United States, Ghazali said the National Institute of Standards and Technology serves as the government lead, working with industry players to facilitate the development of cloud computing standards.
"For Malaysia, it's relatively premature at this point but in the near future, we should have something similar replicated. MDeC is currently undertaking a study to further understand the Malaysian cloud landscape," he revealed.
Sandorfi said: "While some may view cloud as an 'all or nothing' approach, we recommend that governments should not simply 'jump in' without understanding clearly how the service will be delivered, what the different SLAs for the service will be and the expected outcome and benefit to the country."
Edwin Yapp is a freelance IT writer based in Malaysia.