Government IT Priorities: Security Reigns, Cloud Crawls
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.
"The cyber-security emphasis means that [agencies] are trying to secure everything first and then talk about other things like cloud or continuity of operations," says Augustine Riolo, president of Knowledge Information Solutions in Virginia Beach, Va., whose government customers include the Defense Department, the National Institutes of Health, and NASA.
Continuity of operations planning (COOP) and disaster recovery planning were rated second in importance to security in our survey, with 31% citing COOP as "extremely important." Another 38% put COOP in the "very important" range.
"The whole idea of having backup and disaster recovery is really a function of thinking about how data is made available and the idea of redundancy in storage," Riolo says. Referring to IRS claims that the agency lost thousands of emails connected to politically embattled former IRS official Lois Lerner, all due to a computer crash, Riolo adds: "If they indeed have lost the emails, then the government has a much larger problem dealing with disaster backup and recovery than any of us thought."
Other IT initiatives that feds and their industry partners rated much lower than security and COOP include interagency collaboration (rated extremely important by 14% of respondents); data records management and shared services (13% each); and data center consolidation, virtualization, IT project management, mobile communications and wireless, PC/laptop upgrades, and mobile device management (12% each). Survey respondents gave all of those areas a "moderately important" rating in the 40% to 50% range.
Where's The Cloud? One of the federal government's highest-profile IT initiatives, cloud computing and the Obama administration's Cloud First program, placed surprisingly far down the list of priorities in our survey. Only 11% of respondents rated cloud computing initiatives as "extremely important" at their agencies, though 57% placed them in the "moderately important" category. By comparison, 15% rated cloud programs as "extremely important" in last year's survey. Furthermore, only 5% of survey respondents reported that their agency is pursuing the cloud "very aggressively," down from last year's 9%.
When asked specifically about replacing infrastructure with cloud services in the upcoming fiscal year, 54% of respondents reported a current or planned implementation of private or public cloud services (21% private, 13% public, 20% a mix of public and private clouds). However, nearly half, 46%, said their agencies aren't considering cloud deployments in the next fiscal year (compared with 41% in the 2013 survey).
Among those moving ahead with cloud implementations, there's a balance of models and technologies -- 48% of respondents are deploying shared clouds within a government environment, 40% are turning to software-as-a-service, 37% to platform-as-a-service, 34% to cloud service management tools, 32% to hybrid public-private clouds, and 25% to infrastructure-as-a-service.
As for cloud security, 32% of the respondents whose agencies have migrated or plan to migrate to the cloud said their organizations use a cloud service that has been certified under the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to assessment, authorization, and continuous monitoring of cloud products and services. While 42% of survey respondents said they expect to receive FedRAMP certification within the next six months, 26% said their agencies have no plans to use FedRAMP.
Under Cloud First, started in 2011 by former federal CIO Vivek Kundra, agencies are required to take full advantage of cloud computing to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize costs. But agencies are finding that migrating to the cloud is easier said than done.