The Government Accountability Office (GAO) is recommending that six large Federal agencies take action to lessen the impact of restrictions put in place by software vendors that make it more expensive for agencies to run software products in a variety of cloud environments.
“Federal agencies must move their data and software to the cloud when possible,” GAO said in a new report issued on Nov. 13.
“But software licenses and restrictive vendor practices can limit or prevent such efforts,” the watchdog agency said. “For example, some vendors charge extra fees to use their software with third-party cloud providers.”
GAO said it interviewed six agencies chosen by random selection – the departments of Justice, Transportation (DoT), and Veterans Affairs (VA), along with NASA, Office of Personnel Management (OPM), and Social Security Administration – and said that five of those reported that “restrictive practices generally affected the cost of cloud services or their choice of cloud providers.”
Only OPM reported that it had not encountered any restrictive licensing practices, GAO said.
On the financial front, GAO reported that three of those agencies said software vendors required the repurchase of an existing license for use in the cloud, and two agencies reported that vendors charged additional fees to use their software on infrastructure from other cloud service providers.
Another three of the six agencies said that a vendor “required or encouraged agencies to use its software on that vendor’s own cloud infrastructure,” which GAO said encourages vendor lock-in.
Also encouraging vendor lock-in, GAO said, was an agency report of a vendor for an on-premise private cloud not allowing vendor’s software to be used with its hardware, and a contractor that migrated an agency’s data into a vendor’s cloud infrastructure and required the agency to pay a fee to regain ownership of its data at the end of the contract.
According to GAO, “none of the six selected agencies had fully established guidance that specifically addressed the two key industry activities for effectively managing the risk of impacts of restrictive practices.”
“These activities are to (1) identify and analyze potential impacts of such practices, and (2) develop plans for mitigating adverse impacts,” GAO said.
Of the five agencies that reported encountering restrictive practices, three of them reported partially implementing those two steps, while both VA and DoT did not show they had implemented either of them, the report says.
Inconsistent implementation of those two steps, GAO said, stemmed from agencies not fully assigning responsibility for undertaking them, and not considering them to be a high priority.
“Until the agencies (1) update and implement guidance to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices, and (2) assign responsibility for identifying and managing such practices, they will likely miss opportunities to take action to avoid or minimize the impacts,” GAO said.
GAO said it delivered the same two recommendations – assign responsibility and update and implement guidance to lessen the effects of restrictions on moving software to the cloud – to each of the six agencies. Five of the agencies concurred with the recommendations, and while the Justice Department offered some pushback on them, GAO said it continues to believe its recommendations are warranted.