Do agencies know where they're going in the cloud?

As cloud computing steadily gains ground in the federal government, a new survey suggests that many agencies lack proper planning to successfully execute a migration.

The Federal Information Security Initiatives Trend Study by nCircle, an information risk and security performance management solutions firm, surveyed the views of more than 100 federal IT security professionals on cloud and mobility. The study found that an overwhelming majority of agency respondents – 96 percent -- indicated one-third or less of their infrastructure has been outsourced to cloud vendors.

“This suggests we’re at an inflection point with the cloud,” Keren Cummins, nCircle's director of federal markets, told FCW. “There’s been a lot of talk and attention, and I think we’re going to see a lot more of this."

Respondents expressed increasing confidence in the technology and policies that can enable higher risk use of the cloud. More than 30 percent reported they are migrating moderate impact data to the cloud. This finding supports recent buzz that agencies’ cloud use is evolving and there’s a move beyond the low-hanging fruit such as email.

However, the actual cloud planning still lacks key components, Cummins noted.

“Looking at the numbers, it’s very interesting that agencies have cloud policies but when you dig a little deeper and ask about a migration strategy, there’s really isn’t one,” she said.

The survey found that just 13 percent of respondents recognized a role for Federal Risk and Authorization Management Program baseline security controls in driving their migration to the cloud. The program reached initial operating capability in June 2012, and is expected to move to a more sustainable operating level in fiscal year 2014.

More than half of the respondents also had yet to determine how FedRAMP would play a role in their move to the cloud. Cummins said the findings could indicate that agency leaders aren’t familiar enough with the benefits of FedRAMP’s security guidance.

A lack of details about the study methodology makes it difficult to conclude how broadly it pertains to the general population of IT professionals in government, said Julie Anderson, chief operating officer and managing director at Civitas Group. However, she said the information provided in the survey suggested three key points related to the current state of affairs in federal IT:

For one, federal policy and regulation continues to lag behind industry and technology innovations and adoptions of next-generation IT such as cloud computing.  "We continue to see multiple examples of this in many departments since the release of the cloud-first policy by OMB," said Anderson, who formerly served as acting assistant secretary for policy and planning for Veteran Affairs Department.

The study provides additional rationale for the Office of Management and Budget to simplify and streamline its policy directives and regulations around cloud so a comprehensive and approach will come to govern agencies investments and practices.  "For example, OMB could integrate provisions of cloud first, Cloud Strategy of 2011, and 25 Point IT Implementation Plan to help clarify the environment in which departments must comply with requirements," Anderson said.

It also provides further support for the need to invest in skills development among federal IT professionals so they can perform to the best of their abilities as the policies and regulations evolve to keep up with cloud adoption.  "In particular, enhancing knowledge and skills about best practices in IT security, understanding purposes and approaches of federal policies in cloud, identifying patterns in threats and advanced persistent threats, and mitigating security vulnerabilities," Anderson explained.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.