The U.S. Government Accountability Office uncovered restrictive licensing practices that limit, impede or prevent federal agencies’ efforts to use software in the cloud, according to a report to the U.S. Congress published Wednesday.
“Along with its potential to transform agencies’ use of IT, cloud computing also presents specific challenges that may impede agencies’ ability to realize the full benefits of cloud-based solutions,” the GAO said in a report addressed to Sens. Gary Peters (D-Mich.) and Joni Ernst (R-Iowa). Congress requested a yearlong review, which was conducted from October 2023 through November 2024.
The GAO assessed the impact of restrictive software licenses on six agencies selected at random, including the Departments of Justice, Veteran Affairs and Transportation, the Social Security Administration, the National Aeronautics and Space Administration and the Office of Personnel Management. The report recommends all six agencies improve processes for identifying and mitigating the impacts of restrictive software licenses.
The GAO review found instances of software vendors requiring agencies to repurchase licenses for use in cloud, charging additional fees to use software on another provider’s infrastructure and levying conversion fees to migrate on-prem software to cloud.
The report also uncovered examples of private cloud vendor lock-in tied to software that could only run on one provider’s infrastructure and contractors that required payments for agencies to regain data ownership post-migration.
“The restrictive practices either increased costs for cloud software or services or limited the agencies’ options when selecting cloud service providers,” the GAO said.
The federal government is no stranger to cloud — or to the technology’s potential pain points.
The GAO began requiring agencies to migrate IT assets in 2010 with a three-pillar cloud-first strategy outlined by Vivek Kundra, the federal government’s first CIO. The plan called for shuttering at least 800 data centers while shifting workloads to commercial cloud platforms when feasible, launching private government clouds and utilizing regional infrastructure service providers where appropriate.
Agencies have since encountered unanticipated cloud expenses and restrictive software licensing provisions that have plagued private-sector companies.
While federal agencies received cloud provider evaluation guidelines from the White House in 2011, the GAO determined that there were no existing federal requirements for managing restrictive software licenses.
Earlier this year, the GAO reviewed software asset management across 24 federal agencies and found 10 vendors account for the majority of licenses, with Microsoft commanding just under one-third of federal spending on software. Adobe, Salesforce and Oracle were the next highest, consuming 10%, 9% and 7% of federal spending, respectively.
The federal government spends more than $100 billion annually on IT and cybersecurity, the GAO said.