News: Government Seeks Guidance on Cloud-Brokerage Services
As a result of the GAO's findings, the GSA headed back to the drawing board to revise its RFQ. With no way to formally designate which countries it might consider to be safe enough for EaaS data centers, it simply required EaaS providers to tell the government where its data centers were located. Each agency could decide for itself whether that Indian or Brazilian data center is sufficiently secure to meet its needs.
Email As a Service Brings Cloud Deployment Questions
There's more to this story. In the same RFQ, the GSA called for respondents to offer several different cloud deployment models, including public cloud, government community cloud, secret enclave private cloud and a few others. The same protesters also took issue with the GSA's addition of government community clouds. Their theory: there is no technical difference between such clouds and public clouds, and the only salient difference is that non-government traffic is prohibited on the government community cloud. As a result, the protesters argued, a government community cloud would unfairly restrict competition.
News: Salesforce to Launch Government Cloud
In this instance, the GAO decided against the protestors, concluding that the security risks inherent in a multitenant cloud environment are substantial enough to warrant excluding non-Government traffic from government community clouds. In fact, the GAO points out, the hypervisors that underlie multitenant virtual architectures in today's market have inherent security flaws that excluding non-government tenants would mitigate.
After adjusting its RFQ, the GSA reissued it, and selected 17 EaaS providers for its BPA in August. As a result, any agency or department can purchase services in five "lots," including office automation, electronic records management and email migration and integration services in addition to EaaS. The BPA also covers the diverse cloud deployment models the government requires for its EaaS capabilities. Finally, to lead the way, the GSA is rolling out its own internal EaaS to 17,000 employees.
The moral of this story, of course, is that there's a lot more to moving your corporate email to the cloud than signing up with your EaaS provider of choice or provisioning an email server at your favorite public cloud. While most private sector companies don't have regulations requiring them to purchase services from overseas trading partners, virtually every enterprise has bumps along the road to EaaS similar to the ones that the government faced. Email may be low-hanging fruit for the cloud, but don't let the mundane nature of email fool you into thinking that transitioning this most basic of IT services to the cloud is a simple task.
The other important lesson here is that moving to EaaS presents challenges that are more organizational than technical. True, security is a perennial concern, but regulatory and change management challenges create pitfalls into which even the most technically astute IT organization may fall. Moving to the cloud may lead to dramatic cost savings and increased business agility for your organization, but only if you get it right. Don't take anything for granted.
Jason Bloomberg is the president of ZapThink. Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.
Read more about e-mail in CIO's E-Mail Drilldown.