Government IT Priorities: Security Reigns, Cloud Crawls - InformationWeek
Government // Leadership
01:40 PM

Government IT Priorities: Security Reigns, Cloud Crawls

Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.

"The cyber-security emphasis means that [agencies] are trying to secure everything first and then talk about other things like cloud or continuity of operations," says Augustine Riolo, president of Knowledge Information Solutions in Virginia Beach, Va., whose government customers include the Defense Department, the National Institutes of Health, and NASA.

Continuity of operations planning (COOP) and disaster recovery planning were rated second in importance to security in our survey, with 31% citing COOP as "extremely important." Another 38% put COOP in the "very important" range.

"The whole idea of having backup and disaster recovery is really a function of thinking about how data is made available and the idea of redundancy in storage," Riolo says. Referring to IRS claims that the agency lost thousands of emails connected to politically embattled former IRS official Lois Lerner, all due to a computer crash, Riolo adds: "If they indeed have lost the emails, then the government has a much larger problem dealing with disaster backup and recovery than any of us thought."

Other IT initiatives that feds and their industry partners rated much lower than security and COOP include interagency collaboration (rated extremely important by 14% of respondents); data records management and shared services (13% each); and data center consolidation, virtualization, IT project management, mobile communications and wireless, PC/laptop upgrades, and mobile device management (12% each). Survey respondents gave all of those areas a "moderately important" rating in the 40% to 50% range.

Where's The Cloud?
One of the federal government's highest-profile IT initiatives, cloud computing and the Obama administration's Cloud First program, placed surprisingly far down the list of priorities in our survey. Only 11% of respondents rated cloud computing initiatives as "extremely important" at their agencies, though 57% placed them in the "moderately important" category. By comparison, 15% rated cloud programs as "extremely important" in last year's survey. Furthermore, only 5% of survey respondents reported that their agency is pursuing the cloud "very aggressively," down from last year's 9%.

When asked specifically about replacing infrastructure with cloud services in the upcoming fiscal year, 54% of respondents reported a current or planned implementation of private or public cloud services (21% private, 13% public, 20% a mix of public and private clouds). However, nearly half, 46%, said their agencies aren't considering cloud deployments in the next fiscal year (compared with 41% in the 2013 survey).

Among those moving ahead with cloud implementations, there's a balance of models and technologies -- 48% of respondents are deploying shared clouds within a government environment, 40% are turning to software-as-a-service, 37% to platform-as-a-service, 34% to cloud service management tools, 32% to hybrid public-private clouds, and 25% to infrastructure-as-a-service.

As for cloud security, 32% of the respondents whose agencies have migrated or plan to migrate to the cloud said their organizations use a cloud service that has been certified under the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to assessment, authorization, and continuous monitoring of cloud products and services. While 42% of survey respondents said they expect to receive FedRAMP certification within the next six months, 26% said their agencies have no plans to use FedRAMP.

Under Cloud First, started in 2011 by former federal CIO Vivek Kundra, agencies are required to take full advantage of cloud computing to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize costs. But agencies are finding that migrating to the cloud is easier said than done.

Next Page

Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 15 years. View Full Bio

2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
7/23/2014 | 6:45:52 PM
Re: Unsurprising, but ironic
Amidst the budget challenges, IT security in cloud should be a priority nonetheless. I can understand the security and privacy concern. In this day and age from what we see across other sectors with password and data breaches, government IT is just as vulnerable.
User Rank: Strategist
7/22/2014 | 11:00:25 PM
Re: Unsurprising, but ironic
You're right. There is a huge problem with the lack of cloud-ready IT people. There's a great infographic here:

that outlines the cloud skills gap and how people really need to be educated to manage and support cloud services. Still, I am surprised at the lack of implementation given the Cloud First policy.



User Rank: Ninja
7/22/2014 | 1:13:49 PM
Re: Unsurprising, but ironic
It's interesting to see how much priority the government puts on data loss and identity management, which considering the shortage in IT security talent, means there is still a way to go to ensure they are meeting the same standards of private companies.  Considering the large amount of sensitive information that these agencies are dealing with, it's surprising that this isn't higher on their budget priority lists.
Lorna Garey
Lorna Garey,
User Rank: Author
7/21/2014 | 3:50:02 PM
Unsurprising, but ironic
Security is top of mind for everyone -- that's a given. However, the way agencies lag behind private-sector enterprises in public cloud use is feeding that security pain. Multiple studies show there are not enough top-tier security pros to go around. They are expensive. Government agencies are budget-constrained, and are competing with cloud providers for that talent. They won't win.  
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll