EPA’s cloud computing conundrum

Shutterstock image: minimalist image of data-driven cloud technology.

An IG report critical of the agency's handling of its cloud services shows a "business as usual" approach to managing assets, says a Deltek analyst.

An inspector general's report -- which has raised questions about whether the Environmental Protection Agency is on top of its various cloud initiatives -- is symptomatic of a larger problem across the federal government, says Alex Rossino, principal research analyst on Deltek's Federal Industry Analysis team.

"I think this situation points to the fact that despite the 'Stat' initiatives, agencies are still business as usual when it comes to managing IT assets," Rossino said.

The EPA's IG found that the agency didn't know when its offices were using cloud computing and that several of EPA's subcontracting processes for cloud projects were lacking." The IG report, released July 24, said the EPA needs to "strengthen its catalog of cloud vendors and processes to manage vendor relationships," in order to be compliant with federal security requirements.

The report comes two years after the EPA announced it would move 80 percent of its computing environments to the cloud by 2015. At the time, CGI Federal announced the $15 million, 3-year contract that would migrate 20 percent of EPA's environment to the cloud in the first year, and then 30 percent in years two and three. In 2012, Toni Townes-Whitley, senior VP at CGI, said EPA's move "is setting an impressive pace for cloud adoption."

However, the IG report suggests that the proper infrastructure wasn't in place to support that move.

"Technology is not the problem. It's easy to get into the cloud," Rossino said. "They don't have the processes in place to manage the investments. It's not just a cloud problem. It's a federal IT problem."

One solution, Rossinp said, would be to have a team or a person with responsibility for managing what is being moved to the cloud and what contracts are being used to manage it attached to every agency CIO. Automated cloud management software would also be a step in the right direction, he added.

Counting the clouds

The IG audit was based on results from a Council of the Inspectors General on Integrity and Efficiency survey on deployment of cloud computing technologies.

The EPA IG specifically looked into the contract for the Office of Water's Permit Management Oversight System.

The auditor found several problems, including a subcontractor not compliant with FedRAMP guidelines, and no assurance that "the EPA has access to the subcontractor's cloud environment for audit and investigative purposes."

Survey results found that there were 11 total IT cloud services at EPA. The IG said he lacked confidence that number was accurate, citing the way program offices collected information about how many cloud services were being offered.

The EPA's Office of Acquisition Management (OAM) indicated that the survey was "completed by performing a search for the word 'cloud' in the procurement description."

"As a result, the auditor concludes that regardless of whether a contract was a cloud contract, the contract would only be included on the list if the term 'cloud' appeared in the description of the procurement," the report said.

There is no database that specifically identifies "cloud" procurements, according to OAM.

During this process, the auditor found one application wrongly listed as a cloud application and two that appear to be cloud applications but weren't included in the survey results.

About the Author

Colby Hochmuth is a former staff writer for FCW.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.