The federal government is known for its risk-adverse nature and tight control of IT assets. But with increasing data needs and constrained budgets, agencies are turning to cloud computing as a solution.
Policies such as Cloud First have moved agencies in the right direction. Cloud First, authored by former federal CIO Vivek Kundra, mandates that agencies consider cloud computing before other options for new IT projects. In an interview with InformationWeek Government earlier this year, Kundra, who is now with Salesforce as executive VP of emerging markets, said the public sector is experiencing a major shift in the IT landscape. "We've seen amazing proof points when it comes to cloud computing, like the $600 million contract that Amazon won with the CIA," he said.
While initial deployments in government targeted "lower-hanging fruit" such as website hosting and email migration, software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS) are now finding their way into the market, said Gartner analyst Katell Thielemann in an email. This has allowed agencies to focus on other areas, including document tracking, grants management, ERP hosting, collaboration services, security storage, geospatial services, and records management.
There are several other cloud computing factors that are starting to prove attractive to federal agencies, said Thielemann. She gave an example of technology refresh cycles that are owned and managed by providers. Increasingly, agencies are allowing providers to handle things like version updates, security patches, and server rationalization so they can spend more time on mission-critical tasks. The ability to rapidly add or decrease usage is an attractive factor for some agencies, and metered usage to help with budget planning is useful for others.
But despite the progress, security and privacy remain top concerns. This is evident in the fact that a relatively modest number of companies are reaching the FedRAMP Authority to Operate (ATO), said Thielemann. "While the initial interest in the cloud for governments is centered on cost reductions, it is still unclear whether long-term lifecycle costs are indeed lower in the cloud," she added.
Agencies, too, have been slow in certifying cloud security. A recent MeriTalk study found that only a third of agencies met the June 5 deadline to ensure that their cloud products and services comply with FedRAMP. On the flip side, nine out of ten agencies are taking steps to manage trust with their cloud vendors, such as keeping security functions on premises (42%) and requiring certification of security measures by cloud vendors (41%).
"Besides security, the acquisition process remains a hurdle to faster adoption as the acquisition workforce learns to handle the financing/business model and procurement processes," said Thielemann. "The key for government vendors is to tailor their offerings to the government verticals they are targeting, bringing along their deep domain knowledge of the way government agencies need to operate."
Although broader implementation of the cloud has been generally slow, there are those that have paved the way for other agencies. Here are five early cloud adopters in the federal government.