Do agencies know where they're going in the cloud?

As cloud computing steadily gains ground in the federal government, a new survey suggests that many agencies lack proper planning to successfully execute a migration.

The Federal Information Security Initiatives Trend Study by nCircle, an information risk and security performance management solutions firm, surveyed the views of more than 100 federal IT security professionals on cloud and mobility. The study found that an overwhelming majority of agency respondents – 96 percent -- indicated one-third or less of their infrastructure has been outsourced to cloud vendors.

“This suggests we’re at an inflection point with the cloud,” Keren Cummins, nCircle's director of federal markets, told FCW. “There’s been a lot of talk and attention, and I think we’re going to see a lot more of this."

Respondents expressed increasing confidence in the technology and policies that can enable higher risk use of the cloud. More than 30 percent reported they are migrating moderate impact data to the cloud. This finding supports recent buzz that agencies’ cloud use is evolving and there’s a move beyond the low-hanging fruit such as email.

However, the actual cloud planning still lacks key components, Cummins noted.

“Looking at the numbers, it’s very interesting that agencies have cloud policies but when you dig a little deeper and ask about a migration strategy, there’s really isn’t one,” she said.

The survey found that just 13 percent of respondents recognized a role for Federal Risk and Authorization Management Program baseline security controls in driving their migration to the cloud. The program reached initial operating capability in June 2012, and is expected to move to a more sustainable operating level in fiscal year 2014.

More than half of the respondents also had yet to determine how FedRAMP would play a role in their move to the cloud. Cummins said the findings could indicate that agency leaders aren’t familiar enough with the benefits of FedRAMP’s security guidance.

A lack of details about the study methodology makes it difficult to conclude how broadly it pertains to the general population of IT professionals in government, said Julie Anderson, chief operating officer and managing director at Civitas Group. However, she said the information provided in the survey suggested three key points related to the current state of affairs in federal IT:

For one, federal policy and regulation continues to lag behind industry and technology innovations and adoptions of next-generation IT such as cloud computing.  "We continue to see multiple examples of this in many departments since the release of the cloud-first policy by OMB," said Anderson, who formerly served as acting assistant secretary for policy and planning for Veteran Affairs Department.

The study provides additional rationale for the Office of Management and Budget to simplify and streamline its policy directives and regulations around cloud so a comprehensive and approach will come to govern agencies investments and practices.  "For example, OMB could integrate provisions of cloud first, Cloud Strategy of 2011, and 25 Point IT Implementation Plan to help clarify the environment in which departments must comply with requirements," Anderson said.

It also provides further support for the need to invest in skills development among federal IT professionals so they can perform to the best of their abilities as the policies and regulations evolve to keep up with cloud adoption.  "In particular, enhancing knowledge and skills about best practices in IT security, understanding purposes and approaches of federal policies in cloud, identifying patterns in threats and advanced persistent threats, and mitigating security vulnerabilities," Anderson explained.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Mon, Sep 10, 2012 OccupyIT

Let's face it, if GSA was offering compelling shared services then 'Cloud-First' would be seen for the fiasco it is - a policy wonk asserting a technology instead of a solution focused on mission execution. Besides the obvious commodity IT services, like email, there is no plan because cloud is an implementation and marketing/packaging detail. Agencies claim 'cloud' because they buy from a proprietary vendor that utilizes 'cloud' technology for their SaaS product. Seriously, who cares what technology they use if they are delivering a solution our agency needs at a cost that is reasonable? 'Cloud-First' is an epic distraction for limited mind-space that should be focused on mission. On the other hand, jumping through hoops for senior management has amused and entertained bureaucrats for eons - its the new Enterprise Architecture, or Data Warehouse, or Client-Server, or blah, blah, blah. Probably needs more senior level consulting from ex-CIOs. Good luck!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group