GAO wants agencies to update cloud computing guidance to manage restrictive licensing

Restrictive software licensing practices are impacting multiple federal agencies in the form of cost increases and limited choices of cloud service providers (CSP) or cloud architecture, according to the Government Accountability Office. 

The Department of Justice, NASA, Department of Transportation and Department of Veterans all told the GAO that as result of restrictive practices in software licensing, the agencies either experienced or expected cost increases in acquisition, infrastructure and licensing. The Social Security Administration, NASA and DOJ each identified issues that involve their choice of CSP or architecture as a result of the practice, the watchdog noted, while the Office of Personnel Management has not encountered these restrictive practices in managing cloud computing efforts and maintains a single provider for services. 

The GAO said in its report that DOJ, NASA, SSA, VA and DOT took “specific actions that may have limited their exposure to potential impacts from restrictive practices,” including establishing enterprise-wide cloud contracts with multiple service providers. OPM’s efforts to consolidate applications and services through one cloud provider, however, “effectively locked itself into that cloud service provider.”

“Along with its potential to transform agencies’ use of IT, cloud computing also presents specific challenges that may impede agencies’ ability to realize the full benefits of cloud-based solutions,” the report states.

GAO suggested that the leadership for all six agencies update guidance to fully address how restrictive software licensing practices impact cloud computing efforts, as well as assign and document responsibility for identifying and managing potential impacts across their respective departments. 

Within the report, GAO shared that four vendors had required three agencies to repurchase licenses that they had already been using on premise in order to use licenses in the cloud. Additionally, two agencies reported that two vendors charged additional fees to use their software on infrastructure from third-party CSPs. One agency reported that a vendor required it to pay a conversion fee to change an on-premise license over to use in the cloud. 

Additionally, the watchdog said that DOJ, NASA and SSA reported a vendor that attempted to “lock-in” each agency through requiring or encouraging them to use the company’s software on that same vendor’s cloud infrastructure. This happened again with one agency when a vendor involved a contractor that “migrated an agency’s data into a vendor’s cloud infrastructure, requiring the agency to pay to regain ownership of the data at the end of the contract.”

One agency told GAO that a hardware vendor supplying an on-premise private cloud service “did not allow” software from another vendor to be used on the hardware.