Challenges remain for agency cloud computing adoption, says CAGW
While federal agencies have made progress expanding their use of cloud services, many challenges remain for full implementation, Citizens Against Government Waste says in its 2012 review of the federal cloud.
As part of the Obama administration's "cloud ﬁrst" strategy for IT procurement, federal agencies are moving various services, including email, legacy software, archival services, public website hosting and infrastructure services to the cloud. CAGW says federal spending on cloud computing, include public, private and shared service models, is expected to total $11.2 billion between 2012 and 2017.
Nevertheless, the review cites a July 2012 Government Accountability Ofﬁce report that found several challenges facing agencies including meeting federal security requirements, obtaining guidance on deployment, acquiring internal cloud knowledge and expertise, certifying and accrediting vendors, ensuring data portability and interoperability, overcoming cultural barriers, and procuring services on a consumption or on-demand basis.
The GAO also detailed some of the roadblocks confronting agencies trying to meet the deadlines for the cloud-ﬁrst policy. It found that of the 20 plans submitted to the Office of Management and Budget, every agency cloud program, except the Treasury Department's Document Management and Freedom of Information Act Case Management program, was missing key elements including estimated costs and plans for retiring or repurposing existing legacy systems, the review notes.
In addition to GAO reports, CAGW cites several surveys over the past two years highlighting the obstacles to cloud adoption, including compliance with regulations, IT governance, problems with service level agreements, and interoperability. However, the highest number of respondents in the surveys indicated that security in the cloud was their top concern.
To help meet the security requirements of the Federal Information Security Management Act, the General Services Administration manages the Federal Risk and Authorization Management Program to streamline the security certiﬁcation process for government agency purchases of cloud computing tools and services.
However, according to CAGW, even with a standardized security certiﬁcation process, there are questions as to whether FedRAMP will meet the needs of all federal agencies, specifically agencies requiring more robust security levels, such as the Defense Department, Homeland Security Department and National Security Agency.
"Much work still needs to be done in order to assure federal IT professionals that the information they will be storing remotely in the cloud will be secure," CAGW says. "Along with continued security concerns, federal IT managers will face new challenges to cloud computing, including the desire of employees to bring their own mobile devices, such as tablets, notebooks and smartphones into the workplace."
Cloud computing is "a maturing and robust tool," CAGW concludes. "As FedRAMP continues to gear up and accept applications and certiﬁes additional vendors to supply the federal government with cloud computing services, there will be a greater shift toward using these IT tools."
- download CAGW's 2012 Federal Cloud Review (.pdf)