Cloud

EPA’s cloud computing conundrum

Shutterstock image: minimalist image of data-driven cloud technology.

An IG report critical of the agency's handling of its cloud services shows a "business as usual" approach to managing assets, says a Deltek analyst.

An inspector general's report -- which has raised questions about whether the Environmental Protection Agency is on top of its various cloud initiatives -- is symptomatic of a larger problem across the federal government, says Alex Rossino, principal research analyst on Deltek's Federal Industry Analysis team.

"I think this situation points to the fact that despite the 'Stat' initiatives, agencies are still business as usual when it comes to managing IT assets," Rossino said.

The EPA's IG found that the agency didn't know when its offices were using cloud computing and that several of EPA's subcontracting processes for cloud projects were lacking." The IG report, released July 24, said the EPA needs to "strengthen its catalog of cloud vendors and processes to manage vendor relationships," in order to be compliant with federal security requirements.

The report comes two years after the EPA announced it would move 80 percent of its computing environments to the cloud by 2015. At the time, CGI Federal announced the $15 million, 3-year contract that would migrate 20 percent of EPA's environment to the cloud in the first year, and then 30 percent in years two and three. In 2012, Toni Townes-Whitley, senior VP at CGI, said EPA's move "is setting an impressive pace for cloud adoption."

However, the IG report suggests that the proper infrastructure wasn't in place to support that move.

"Technology is not the problem. It's easy to get into the cloud," Rossino said. "They don't have the processes in place to manage the investments. It's not just a cloud problem. It's a federal IT problem."

One solution, Rossinp said, would be to have a team or a person with responsibility for managing what is being moved to the cloud and what contracts are being used to manage it attached to every agency CIO. Automated cloud management software would also be a step in the right direction, he added.

Counting the clouds

The IG audit was based on results from a Council of the Inspectors General on Integrity and Efficiency survey on deployment of cloud computing technologies.

The EPA IG specifically looked into the contract for the Office of Water's Permit Management Oversight System.

The auditor found several problems, including a subcontractor not compliant with FedRAMP guidelines, and no assurance that "the EPA has access to the subcontractor's cloud environment for audit and investigative purposes."

Survey results found that there were 11 total IT cloud services at EPA. The IG said he lacked confidence that number was accurate, citing the way program offices collected information about how many cloud services were being offered.

The EPA's Office of Acquisition Management (OAM) indicated that the survey was "completed by performing a search for the word 'cloud' in the procurement description."

"As a result, the auditor concludes that regardless of whether a contract was a cloud contract, the contract would only be included on the list if the term 'cloud' appeared in the description of the procurement," the report said.

There is no database that specifically identifies "cloud" procurements, according to OAM.

During this process, the auditor found one application wrongly listed as a cloud application and two that appear to be cloud applications but weren't included in the survey results.

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.