The councils’ joint report also includes directions on approaching data privacy.
The document notes that if cloud services host privacy data, agencies must identify potential privacy risks and responsibilities and address them in a contract.
The document authors suggest the government needs to buy, view and think about information technology in a different manner.
The councils say the first step is to select a cloud service and deployment model.
Following service selection, the councils recommend agencies define the terms of service and all customer required agreements.
The councils also recommend agencies seek a service level agreement with performance terms and measurement to ensure service level agreements are met.
The CIOs suggest agencies abide by National Institute of Standards and Technology standards for cloud architecture and establish stringent set of security requirements to maintain the integrity of agencies’ data.
The report says agencies should ensure that data stored in a cloud environment is available for legal discovery and also that the data is available for appropriate handling under the Freedom of Information Act.