Cloud procurement adoption precipitates digital governance

The US Center for Digital Government (CDG) released its first cloud procurement guide in 2014, and in 2016 it updated it to help state and local governments standardise their cloud purchasing.

Since then, the cloud industry has changed, both in infrastructure and buying applications as a service, and the pandemic has added new cloud adoption requirements.

As a consequence, the CDG released a new revision of the guide titled “Best Practice Guide for Cloud and As-A-Service Procurements” to help government entities address current cloud adoption requirements. The guide is crafted to align with the vetting process for cloud providers laid out by StateRAMP and other state-specific bodies.

The pandemic has accelerated cloud adoption across all states, primarily as a path to modernisation but also as a response to new requirements.

“Arizona, and I think every other state in the US, has significantly increased its adoption of cloud services,” said Arizona CIO J.R. Sloan, who helped craft the revision.

Center for Digital Government Senior Fellow Dugan Petty, who also participated in revising the guide, said, “we saw a lot of infrastructure as a service, platform as a service, and particularly software-as-a-service solutions adopted very quickly."

The rate of cloud service adoption has been palpable. A virtual workgroup that included representatives from six states (Arizona, Georgia, North Carolina, Massachusetts, Michigan and Texas), as well as Sacramento County, California, and three city governments (New York, New Orleans, and Detroit) helped to update the procurement guide.

Industry representatives included Amazon Web Services, Knowledge Services, VMware, and Citrix.

Center for Digital Government Senior Fellow Sean McSpaden, said: “We had information technology leaders, cybersecurity leaders and also folks from the procurement and legal teams for each of those jurisdictions. We had a good diverse group.”

The new revision of the guide emphasises mitigating risks in cloud environments, with expanded sections dealing with data security breach notification and security audits, based on real-world experience.

Additionally, the guide provides specific advice and best practices on what government entities can and should ask for within their procurement documents.

“We're in a place where we can begin to provide more specific advice and best practices on what they can and should ask for within their procurement documents,” said McSpaden, who focused on updates to the security guidelines.

The new procurement guide also provides guidance on data management, transparency, and security, with specific details about data ownership and access.

While it offers a lot of detailed guidance, the guide remains flexible enough to accommodate the differences in each state’s procurement and IT management policies.

The document aims to standardise and simplify cloud procurement for state and local governments, enabling them to incorporate best practices into their cloud procurements.

IT leaders can use the guide to ensure that they are working in alignment with established standards and create greater consistency in their cloud purchasing programs. They can also use the guide as an educational tool to help others understand the procurement process.

The revised cloud procurement guide by the Center for Digital Government provides specific advice and best practices for government entities to consider in their procurement documents.

The guide aims to standardise and simplify cloud procurement for state and local governments, allowing them to adopt best practices and align with established standards. It provides a flexible framework to accommodate the differences in each state’s procurement and IT management policies while helping to mitigate risks in cloud environments.