Cloud adoption slowed by culture, even with FedRAMP

Image from Shutterstock. 

The federal government maintains a "cloud first" policy, but is that statement backed up by what an agency can do as a practical matter?

"You can't say 'cloud first' with no way to procure it," Tony Summerlin, special advisor to the CIO of the Federal Communications Commission.

Speaking at the ImmixGroup Government Sales Summit, Summerlin complained that the right procurement vehicles aren't available for agency tech buyers.

"Buying software-as-a-service through GSA is painful," he said. "GSA doesn't know how to do it."

The ability to buy secure, effective cloud technology quickly is a key to moving federal agencies over to cloud platforms, he said. "Discipline and speed are key. You have to move rapidly or the goblins will eat you."

What's not so quick, Summerlin suggested, was the relatively slow approval process for the GSA-led Federal Risk and Authorization Management Program. Even with recent improvements, it can still take months to achieve provisional security authorizations via FedRAMP.

Claudio Belloli, FedRAMP's program manager for cybersecurity at GSA's Technology Transformation Service, said the approval process has been overhauled and streamlined to produce faster results and pointed to encouraging results in 2016.

In a conversation with FCW after the presentation, Belloli pointed to FedRAMP's increasing numbers of cloud providers and Authorities to Operate, as well as 2017 goals to grant provisional ATOs in an average of under six months.

Belloli pointed to a Nov. 7 blog post by Matt Goodrich that includes plans for "FedRAMP Tailored" -- an effort to speed authorizations for certain software-as-a-service offerings instead of demanding a "one size fits all" approach.

Belloli also said GSA would review how to make the continuous monitoring component of the risk management process more effective in 2017.

Even with improved authorization processes and speedier approvals, however, both Summerlin and the Securities and Exchange Commission's Mike Fairless said cloud adoption depends largely on agency culture.

"We realized we lived in a siloed world" when it came to IT, said Fairless, who is the SEC's branch chief for servers and storage and has worked to get his agency to accept cloud operations. Most agencies, he said, tend to want technological innovators, but then as legal and jurisdictional interests arises, those innovators can be tossed aside.

The FCC, said Summerlin, was similarly fragmented. "We had 1,800 databases and 1,700 employees," he said. "We had 87 licensing systems" that broadcasters had to navigate to get their operating and ownership licenses.

The best way get around such obstacles, according to Summerlin, is to get experts to "live in the environment" and learn the nitty gritty details of what needs to be done.

"You have to bring in someone who is bulletproof" technologically, he said. "You have to become part of the environment. None of that parachuting in crap."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.