Clearing the Cloud: Lessons from the Private Sector

March 26, 2025

Subscribe and listen anytime on Apple Podcasts, Spotify, or at FedGovToday.com.

Clearing the Cloud: Lessons from the Private Sector

Vijay D’Souza, Director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), is focused on helping federal agencies make smarter decisions about the cloud. On Fed Gov Today, he shares insights from a new GAO guide based on input from 18 private sector companies that outlines 19 leading practices for cloud implementation. The practices are organized into three key areas: cybersecurity, workforce development, and acquisition.

GAO’s interest in the private sector stems from its long-standing approach of learning from industry. D’Souza explains that GAO often looks at private sector models to inform federal operations, and cloud is no exception. The agency’s latest effort builds on a pair of expert panels GAO convened in 2023—one public and one private—to examine existing cloud guidance. Based on what emerged in those sessions, GAO launched a deeper review with industry.

The resulting guide isn’t filled with surprises, D’Souza says. Instead, it brings together common-sense practices in a comprehensive way that agencies can use to assess their own cloud strategies. In cybersecurity, for instance, many of the practices overlap with existing requirements. But in areas like workforce and acquisition, the guide presents important, practical steps that aren’t always mandated but can make a major difference.

One of the most impactful themes is the need for better financial visibility. D’Souza points to the growing adoption of “FinOps” in the private sector—a model that ensures teams using cloud resources have access to the cost data behind them. He says this type of transparency is often lacking in government, where acquisition and finance staff may be separated from those managing the cloud day-to-day. By sharing financial data more broadly, agencies can identify opportunities for cost savings, better manage their environments, and take advantage of volume discounts.

Workforce challenges also stand out in GAO’s findings. D’Souza notes that private companies struggle with many of the same issues federal agencies do—especially in hiring and retaining cloud talent. He emphasizes the need for deliberate planning around outsourcing, as well as ensuring internal staff have the right skills.

Multi-cloud strategies come with both promise and pitfalls, D’Souza adds. While one company in the study found value in using multiple providers, it also required new investments in training and tools. That’s the kind of tradeoff agencies must understand upfront.

One consistent theme across successful implementations? Leadership. D’Souza says strong leadership is often the deciding factor in whether cloud transitions succeed. In many federal IT projects, he sees delays and cost overruns that trace back to a lack of centralized authority and direction. Companies that did cloud well had leaders who made it a clear priority—and had the power to move things forward.

In the end, D’Souza hopes agencies use the GAO guide not just as a checklist, but as a tool for deeper reflection. “This is a way for agencies to ask themselves, are we really doing all the things we need to do?” he says.

Read D'Souza's full report here