Key Takeaways
This report identifies:
(1) leading practices in the private sector for adopting cloud solutions; and
(2) approaches to address challenges in the private sector regarding the adoption of cloud solutions.
Background
The recent Government Accountability Office (GAO) report on cloud computing practices within the private sector provides valuable insights for federal agencies transitioning to cloud environments. Published on March 24, the report identifies leading practices from the private sector that could benefit government cloud adoption strategies.
Cloud Computing
Cloud computing enables on-demand access to shared computing resources that can be rapidly provisioned. This approach often allows organizations to obtain information technology (IT) services more efficiently, and potentially at lower costs, than traditional on-premises solutions. The National Institute of Standards and Technology (NIST) highlights several key benefits of cloud computing:
- On-demand self-service
- Resource pooling
- Rapid elasticity
- Measured service
Organizations can choose from three primary service models – Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) – and four deployment models (private, community, public, or hybrid cloud). Many are also adopting multi-cloud strategies to avoid vendor lock-in, though this approach requires specialized expertise.
Leading Practices from the Private Sector
The GAO surveyed 18 private sector companies across multiple industries about their cloud adoption experiences. These companies reported using 19 leading practices across three critical management areas:
Acquisition Practices
-
- Defining a clear business case for cloud adoption
- Negotiating transparent terms and agreements with providers
- Assessing service performance against established expectations
Cybersecurity Practices
-
- Implementing incident response procedures
- Establishing continuous monitoring systems
- Clarifying security responsibilities between the organization and cloud provider
Workforce Development Practices
-
- Identifying skill gaps in the existing workforce
- Retaining and recruiting staff with cloud expertise
- Shifting internal culture to embrace cloud technologies
Challenges and Solutions
The report also highlights challenges companies faced during cloud adoption and their approaches to addressing them:
- Technical Considerations: Companies reported enhancing flexibility, mitigating risks, and optimizing cloud resource utilization through various technical approaches.
- Multi-Cloud Strategy: One company implemented a multi-cloud approach early in its migration, which increased flexibility across different providers.
- Additional Investments: Realizing the benefits of cloud computing often required additional investments in workforce training and cybersecurity tools.
Implications for Federal Agencies
The GAO conducted this study to provide insights for federal policymakers and program managers working on cloud adoption. With both private sector and federal government making substantial investments in cloud computing, understanding these leading practices could help agencies better navigate the transition while managing associated risks and challenges.
The report suggests that federal agencies could benefit from adopting similar practices across acquisition, cybersecurity, and workforce development as they pursue their own cloud strategies.
To read the GAO-25-106369 report in full, click here.
