Rethinking public sector cloud strategy for the AI era

  • May 29, 2026
A person standing in front of a glowing vertical light, surrounded by a dark blue digital-like pattern.

Cloud has become the backbone of public sector modernization. What began as a cost and infrastructure play has evolved into a strategic enabler of digital services, resilience and innovation. More than a decade of adoption has also helped organizations develop the experience and operational maturity needed to manage cloud environments with increasing confidence.

However, that foundation is now being tested and extended as agencies prepare for the next wave of transformation driven by AI and agentic AI. This shift is giving governments a new opportunity to evolve managed cloud services, moving beyond infrastructure-centric models toward intelligent operations and mission-enablement platforms. The pressure to transform is real and multi-layered: aging legacy systems, staffing shortages, mounting cybersecurity demands, constrained budgets and rising citizen expectations are all converging at once.

Cloud adoption across US state, local and education organizations is fairly mature. In a report commissioned by CentralSquare Technologies and Amazon Web Services (AWS), 94% of public sector respondents viewed cloud adoption as important for the future, and as a tool for modernization, with 64% citing disaster resilience as a top benefit and 59% saying it enabled better digital experiences for citizens.

Despite maturity, cloud adoption remains uneven and varies by state and department. States like Texas, California and Georgia have made significant progress by investing in shared services, centralized governance and cloud-first strategies. These states are increasingly adopting hybrid and multi-cloud environments, balancing legacy systems with modern platforms to improve digital services, data and analytics, and resilience.

NTT DATA was recently selected by the Texas Department of Information Resources (DIR) to deliver public cloud managed services across the state.

From barriers to breakthroughs

The 2026 ISG Provider Lens® report finds US public sector agencies are rethinking mainframe strategies as pandemic-era funding expires, balancing the need to maintain critical systems with pressures to cut costs, improve efficiency and ensure long-term sustainability. They are also adopting targeted modernization strategies focused on business outcomes, and determining which applications to retain, integrate with cloud environments or retire from legacy systems.

As mentioned before, cloud adoption is still uneven, and while some agencies are building cloud-native capabilities, others remain constrained by legacy infrastructure, lack of strategic alignment to business, fragmented systems and insufficient investment.

Overcoming legacy challenges

Legacy systems remain one of the biggest barriers and continue to hold some governmental agencies back from cloud-related innovation, AI adoption and cloud modernization; they are difficult to migrate, expensive to maintain and often incompatible with modern cloud architecture and hamper digital-led services. How can organizations overcome this challenge?

  1. Prioritize systems: Focus on modernizing applications that directly impact citizen services or operational efficiency.
  2. Adopt a phased modernization approach: Use a mix of rehosting, refactoring and replatforming rather than attempting full transformation at once.
  3. Leverage cloud-native architectures: Move toward microservices, APIs and containerization to improve scalability and flexibility.

See how we are helping the Virginia Information Technologies (VITA) modernize the Commonwealth’s public cloud environment, helping them transition from legacy systems to a unified cloud platform.

Closing the cloud skill gap

The cloud skills gap is both real and widening, spanning cloud architecture, cybersecurity, AI and data engineering, among others. The pace of modernization has outstripped agencies’ ability to recruit, retain, organize and continuously upskill technical talent. This gap is further compounded by competition with the private sector for skilled professionals, making it difficult for agencies to build and retain the expertise to manage modern cloud environments effectively.

The most effective path forward can be to utilize the economies of scale that large global enterprise-grade partners bring to the table. Organizations that have invested years building large, credentialed cloud workforces and have cultivated strategic alliances with the major hyperscalers, AWS, Microsoft Azure and Google Cloud, can offer government agencies something that simply cannot be replicated quickly in-house: immediate access to deep specialization, proven delivery methodologies and the collective innovation of a global technology ecosystem.

What sets the right enterprise partner apart, however, is more than technical depth. The best partners understand that for state and local government as well as education institutions, technology is never the end goal - mission delivery is. Enterprise-grade partners like NTT DATA approach cloud solutions through that lens, ensuring that modernization efforts are shaped around the unique service obligations, compliance requirements and community outcomes that define the public sector.

Rather than diverting limited budget and leadership attention toward recruitment pipelines and retention challenges, agencies can lean on partners with this kind of scale, reach and mission awareness, staying focused on what matters most while trusting that the complexity of modern cloud environments is in capable, committed hands.

Securing the cloud

Security remains a critical challenge in cloud adoption. As high as 89% of government CIOs cite security as a top concern during cloud migration initiatives. Governments manage highly sensitive data, and cloud environments introduce new risks, including misconfigurations, identity vulnerabilities and expanded attack surfaces. Additionally, compliance requirements (such as StateRamp, CJIS) add complexity.

How can organizations ensure security:

  1. Adopt zero trust architectures: Shift from perimeter-based security to identity-first models with continuous verification.
  2. Implement continuous monitoring: Move beyond periodic audits to real-time visibility across environments.
  3. Strengthen governance and accountability: Establish clear ownership of security responsibilities under the shared responsibility model.

Learn how organizations can navigate security complexities and how IT modernization and new technologies are critical to solving the dual challenges of security and public sector delivery.

How AI and agentic AI are redefining cloud strategy

Cloud enabled the first wave of public sector modernization. AI, and especially agentic AI will now define what’s next. Since AI workloads are inherently data-intensive, compute-heavy and scalable, they require a modern cloud foundation.

However, it also comes with its own set of challenges, particularly security. AI systems introduce risks that go beyond traditional cybersecurity, including data leakage, privacy concerns, bias, lack of explainability and model drift that can lead to performance degradation. Agentic AI takes this further, because it can act autonomously, triggering workflows, making decisions and interacting across systems, thus introducing operational risk, not just technical risk.

Concerns about adopting agentic AI and cloud-based systems in government are understandable and valid. However, these risks are manageable when organizations take the right approach from the outset.

Success hinges on building transparency, auditability and continuous monitoring into these systems from day one. This is particularly important since these solutions operate in cloud environments and interact directly with citizens. Agencies need clear visibility into how AI models are trained, where data resides in the cloud and how decisions are made.

When these fundamentals are paired with strong governance and security frameworks, organizations create a solid foundation for success. With real-time visibility, well-defined guardrails and a commitment to ongoing improvement, agencies can effectively mitigate risks and build cloud and AI-driven systems that are both resilient and secure.

In practice, cloud security varies by operating model. Agencies that leverage centralized, statewide shared services --- typically led by a central IT organization --- tend to have stronger policies, higher confidence and more secure, trusted environments. In contrast, more decentralized models, where individual agencies manage their own cloud environments, often face higher costs, fragmented approaches and lower overall confidence in security across the system.

Traditional approaches like periodic audits and static controls are no longer sufficient for managing AI and cloud systems. Agencies must adopt continuous monitoring, behavior-based threat detection and AI-driven security operations to stay ahead of emerging risks.

Equally important is robust governance. This includes model auditability and transparency, data governance and lineage tracking, and clear accountability for outcomes. Together, these capabilities enable agencies to maintain control and build trust as they scale their AI and cloud initiatives.

The path forward: Three steps for success

As cloud and AI converge, public sector organizations must take a more integrated and proactive approach.

  1. Build a modern, cloud-first foundation: Prioritize application and data modernization to enable scalability, flexibility and AI readiness.
  2. Embed security and governance by design: Adopt zero trust, continuous monitoring and robust AI governance frameworks to manage evolving risks.
  3. Align technology to mission outcomes: Break down silos, centralize governance and ensure cloud and AI investments are tied to measurable improvements in service delivery and public trust.

The agencies that succeed won’t be those that simply adopt new technologies, but those that integrate them with intent, thus balancing speed with security, innovation with accountability and transformation with trust.

Also read:

Beyond the Pilot: How to Scale AI for Real Impact in Government

From readiness to results: Five public sector trends defining 2026  

Learn more about our public sector expertise.

Subscribe to our blog

ribbon-logo-dark
Beth-Howen_s-head-shot
Beth Howen
Beth is the president of state, local and education (SLED) at NTT DATA North America, responsible for driving profitable growth, industry strategy and client satisfaction through modern IT solutions. With over 30 years of leadership experience in the technology sector, Beth has held executive roles at Capgemini, Telus International, Atos and the City of Indianapolis. Her expertise spans strategic planning, process optimization and technology integration, and she has consistently delivered enterprise-wide initiatives that enhance operational efficiency and drive sustained growth. Beth is also a dedicated mentor to emerging leaders and a strong advocate for women in tech, actively supporting the Women & Hi-Tech organization.

Related Blog Posts

Also of Interest: