State chief information officers continue to extol the benefits of cloud computing services, but many state governments have still been slow to move away from their aging mainframe systems, according to a new survey published Monday.
The report from Accenture and the National Association of State Chief Information Officers is the first edition of what NASCIO says will be a biennial look at states’ cloud transformations. While NASCIO’s members have named cloud services as one of their top priorities for more than a decade, mainframes can still be found widely across state governments: 89% of the 35 states that responded said they’re still using mainframes, while 71% reported not having moved any of their mainframe applications to the cloud.
This is despite cloud computing’s near-ubiquity across all sectors, with Accenture estimating that between 80% and 90% of all enterprises worldwide use at least some cloud services, a trend line that accelerated during the pandemic. But state governments have been slower to adopt, the report argues, because of how they budget for computing costs and procure technology services.
While 54% of state CIOs said their governments treat cloud computing as an operational expenditure — the preferred model — 24% said their states still view it as a capital purchase, which is less conducive to technology that is flexible and scalable. But the report also pins the lag on cloud service providers for not understanding the processes and limitations of government.
“This is a two-way street, though, and CSPs do not fully understand the nuance of government needs and requirements,” it reads. “This creates inefficiencies in what services are provided and which services are utilized. While there are growing pains for state governments and CSPs in this newer market, these known pains can be alleviated with greater cooperation.”
Cloud adoption is another area in which states are a few years behind the federal government, the report notes. Accenture and NASCIO cite the 2011 establishment of the Federal Risk and Authorization Management Program, or FedRAMP, in creating standardized requirements that cloud service providers must meet before securing a contract with the U.S. government. Before FedRAMP, the report reads, many federal migration attempts resulted in “poor outcomes and cloud sprawl.”
While 63% of states require their vendors to follow the FedRAMP standards, those efforts are voluntary. But the report does note the emergence of state-specific certification programs, like the new StateRAMP association, which has established its own guidelines that’ve already been accepted in Arizona and Texas.
During a panel discussion at NASCIO’s conference in Seattle, Pennsylvania CIO John MacMillan said that cloud-vendor certification, while important, is just one component of the journey.
“There’s training, there’s monitoring,” he said. “And contracts are temporary. When you go into a cloud relationship, you have to understand what happens in a cloud relationship.”
Pennsylvania in late 2019 awarded Unisys, its longtime mainframe operator, a two-year, $144 million extension to a 2014 contract to move its applications to a hybrid cloud environment.
Some states have been more aggressive in their cloud migrations: Arizona CIO J.R. Sloan told the NASCIO audience that the “cloud-first” approach his agency has taken for the past several years resulted in about 85% of applications being moved to a cloud environment, 5% sticking on a mainframe and the remainder “got turned off.”
An upshot, he said, is that 83 of 90 state data centers — which, he noted, ranged in size from lone servers to cavernous warehouses — “have been dispositioned.” One facility has even been torn down and replaced with a parking lot.