Although federal agencies are becoming increasingly aware of the benefits of moving to the cloud, many remain tied to legacy technologies or are hesitant to fully embrace cloud solutions.
Earlier this month, the Congressional Cloud Computing Caucus and Rep.Gerry Connolly (D-Va.) announced an inaugural report, Don’t Be a Box Hugger, assessing the state of cloud computing in the federal government.
Underwritten by Amazon Web Services, Booz Allen Hamilton, Dell, MeriTalk and Microsoft, the report revealed that government agencies have made substantial progress in transitioning to the cloud. Moreover, President Obama’s Fiscal Year 2016 budget request would invest $7.34 billion of the federal IT budget – 8.5 percent of all IT spending – in provisioned services, such as cloud.
However, nearly half of federal IT decision makers are still “uncomfortable” turning over IT to the cloud, according to statistics from MeriTalk, a public-private partnership focused on improving the outcomes of government IT.
The report classified federal agencies by three categories: Cloud Pioneers, Fence Sitters and Box Huggers. The Pioneers—which include the Department of Homeland Security, National Aeronautics and Space Administration, and Department of Defense, among others—consistently look a new ways to leverage the cloud.
Cloud Pioneers share three common traits: leadership that understands how the cloud can further their mission, defined requirements and goals for their solution, and direction and support from both the chief information officer (CIO) and chief financial officer, enabling them to enable culture change.
“Successful agencies using cloud are mixed in their size and budget. But they [all] have leadership support to make the change to the cloud,” a White House official said in the report.
However, the Cloud Pioneers are heavily outnumbered by the Fence Sitters, who have dipped a toe into cloud but are not ready to make cloud mainstream, and the Box Huggers, an anti-cloud group committed to keeping their own hardware and software.
With predictions that the global market for cloud computing will reach $270 billion by 2020, it is crucial federal agencies pick up the pace and begin to think outside the box.
“To accelerate Federal adoption of cloud technologies, agencies must overcome inertia and cultural resistance, while working with Congress to address any regulatory, educational, or bureaucratic hurdles that may exist,” Connolly said. “We must adapt to new models of doing business. And we must make it easier for commercial vendors to enter the federal market by removing barriers to entry and unnecessary procedural hurdles.”
Legacy technology: thwarting government progress toward cloud adoption
In 2011, the Office of Management and Budget (OMB) issued the “Cloud First policy” to help government agencies transition to cloud computing. The Federal Cloud Computing Strategy identified nearly $20 billion in potential savings—nearly one quarter of the approximate $80 billion the US government spends on IT annually—by migrating to the cloud.
To accelerate the shift to cloud computing, OMB required agencies to identify, plan, and fully migrate three services to a cloud solution by June 2012. OMB required federal agencies to immediately shift to a “Cloud First” policy by implementing cloud-based solutions whenever a secure, reliable and cost-effective cloud option exists.
Homeland Security Today previously reported that despite initiatives like “Cloud First,” a Government Accountability Office (GAO) report in September 2014 revealed only 2 percent of government agency IT budgets go to cloud spending, resulting in agencies capturing only a fraction of potential cost savings.
According to GAO, most agencies said they only consider cloud options at times when the legacy technology needs to be modernized or replaced—a decision that is inconsistent with OMB’s “Cloud First” policy.
“Until the agencies assess their IT investments that have yet to be evaluated for suitability for migration to the cloud, they will not know which services are likely candidates for migration to cloud computing services, and therefore will not gain the operational efficiencies and cost savings associated with using such services,” GAO said.
Commenting on the GAO report, Connolly said, “The bottom line is that the federal government is running on systems that are disjointed and regrettably, often built on aging, outdated technology.”
According to Connolly, out of the $79 billion the federal government will spend on information technology in FY 2015, roughly $58 billion – or 73 percent – will be used to maintain antiquated legacy systems.
“American taxpayers deserve more for their hard-earned dollar than yesterday’s technology tomorrow,” Connolly said. “They deserve value, and cloud technology is all about value – paying for computing power when you need it, rather than designing everything for maximum use or worst-case scenarios.”
Earlier this year, Homeland Security Today reported on a study by MeriTalk, Cloud without Commitment, underwritten by Red Hat and Cisco, which revealed that more than half of federal cloud users say cloud/legacy system integration is a barrier to further migration.
With the Box Huggers afraid to let go of their hands-on control of their servers and data, it is important that CIOs examine reasons for keeping an on-premise solution versus other cloud-based alternatives, and communicate their findings on how cloud solutions can make a difference.
According to Acting Defense Department CIO Terry Halvorsen, cloud pioneers are more likely to buy into cloud because they understand the advantages over on-premises solutions. The crucial differentiator between the pioneers and box huggers, as well as those sitting on the fence, is leadership.
“The key to overcoming obstacles can be as simple as putting cloud solutions to the test,” the report stated.
According to MeriTalk, most federal cloud users want to migrate more services to the cloud, with nearly one in five saying they deliver some of their agency’s IT services fully or partially via the cloud. However, security and control concerns are preventing them from fully embracing the cloud.
Fortunately, initiatives like Cloud First and the Federal Risk and Authorization Management Program (FedRAMP), a government-wide cloud security standards initiative, are pushing agencies to test the waters. However, the rigid security requirements offered by FedRAMP come at the expense of a cumbersome certification process.
The average cost to complete FedRAMP certification is between $4 million and $5 million, takes approximately 18 months, and requires 1,000 pages of technical and legal documentation.
“It’s a maturing process to become certified and we’re learning along with the entire community,” GSA Acting CIO David Shive told the Cloud Computing Caucus Advisory Group in March. “It’s safe to assume there will be some refinements and optimization. We hear from industry that they understand the process and it can be difficult and time consuming. But anything worth doing typically takes a fair amount of effort.”
Shive added, “There is value in securing the Federal enterprise in line with certain standards. It’s a burden, but a burden worth doing. Our goal is to lessen that burden on the bureaucracy side. But the basic blocking and tackling of running scans and making sure your stuff is validated is important.”
According to Kathy Conrad, deputy associate administrator of GSA’s Officeof Citizen Service and Innovative Technologies, FedRAMP does not want to sacrifice security requirements simply to speed up products and solutions in the pipeline.
In response, the report stressed the point that the FedRAMP Program Management Office is under resourced to meet the challenge of improving the FedRAMP process to balance efficiency with security, and suggested additional investment in staff and support to speed the approval process and increase the number of FedRAMP-approved products and services available to government customers.
“The barrier to the cloud used to be security, security, security,” said one long-time Federal CIO. “FedRAMP is tearing that barrier down.”
Recommendations to spur federal cloud adoption
Although the Obama administration plans to allocate $7.34 billion of the $86.4 billion budgeted for federal IT in FY 2016 for provisioned services like cloud computing, those numbers do not match up with those reported on the OMB’s Federal IT Dashboard, which estimates current federal cloud spending at only about $2.1 billion.
Consequently, the report emphasized the importance of increasing transparency as a key way to spur cloud adoption.
“Suggesting that 8.5 percent of federal IT spending will go toward ‘cloud and other provisioned services,’ when actual cloud spending is barely a quarter of that, is obfuscation, not transparency,” the report stated. “Nobody wins by wallpapering over the cracks – nothing is gained by creating inflated expectations, followed hard by disappointment.”
In addition, leadership will play in a crucial role in helping federal agencies open up to cloud opportunities. While many federal agencies have already plucked the low hanging fruit—email, collaboration technologies, and contact management systems—many larger opportunities remain where cloud solutions can help save money, speed development, improve services and increase mission effectiveness.
Moreover, with security concerns identified as a major obstacle to federal cloud adoption, it is critical that more funding go toward FedRAMP. In addition, the government needs to streamline acquisition and budgeting, provide incentives and reward success and foster public private collaboration.
“With Tony Scott, the new federal CIO, at the White House and continued interest from the Hill in changing the failing status quo in Federal IT investments, we see real opportunity ahead for the acceleration of business transformation via cloud computing,” said Steve O’Keeffe, founder of MeriTalk.
“We need to accelerate the FedRAMP process, clarify Cloud First policy guidance, and encourage best practice exchange and collaboration among pioneers and fence sitters,” O’Keeffe added. “Candidly, the box hugger phenomenon is likely a generational obstacle that time will address.”