A new report from the Government Accountability Office (GAO) found that the Department of Defense (DoD) needs to do better in mitigating the effects of restrictive practices by cloud service vendors – from choice of provider to the cost of cloud services – as it moves its data and software to the cloud.
The Federal watchdog agency explained that two of the six cloud investments it reviewed from the Army, Airforce, and Navy described restrictive software license practices that impacted their cloud computing efforts.
While “four of the six selected investments did not identify impacts from restrictive software licensing practices” DoD officials told GAO that the reason may be because these investments were configured to deploy software within the cloud instead of transferring software to the cloud.
But as “DoD implements IT projects and migrates systems to the cloud,” it may continue to “encounter restrictive software license practices,” GAO reported. However, DoD’s current guidance and plans related to its cloud efforts don’t fully address identifying and analyzing the impacts of restrictive practices.
According to GAO, the lack of relevant guidance or planning allows these kinds of shortfalls to happen.
“Key industry activities for managing the risk of impacts from restrictive practices include identifying and analyzing impacts and mitigating those impacts. However, the six selected investments … did not consistently address these key activities,” the report states.
For example, two of the investments GAO analyzed identified an impact but did not analyze or develop plans for mitigating it. The other four investments did not address identifying, analyzing, or mitigating, GAO said.
The report continues to say that until the DoD updates and implements guidance and plans for mitigating the impacts of restrictive software licensing practices for the cloud, the department will not be “well-positioned to identify and analyze the impact of such practices or to mitigate the risks.”
GAO recommends that the Secretary of Defense direct the DoD chief information officer to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices for the cloud. The DoD concurred with the recommendation.