Finalized Cloud Smart Policy Tells Agencies to Reassess Application Inventories

The White House has released the finalized version of this administration’s cloud policy, Cloud Smart, which replaces the Obama administration’s Cloud First policy that was established in 2010.

The first draft of Cloud Smart was released 10 months ago by the Office of Management and Budget (OMB). Its focus is organized into the three areas of security, procurement, and workforce. Between the draft and the final version, OMB reaffirmed its stance that agencies should decide whether to purchase cloud technologies or build their own, despite some criticism from industry that wanted more focus on commercial cloud.

The policy states: “These characteristics and the solutions that exhibit them are provider-agnostic—meaning anyone can develop and deploy a cloud solution, whether an outside vendor or a federal agency. Industry has moved to a more finely differentiated set of capabilities offered at different system layers, making possible nearly any combination of various components managed by either a vendor, a government agency, or a mix of both.”

The finalized policy includes a call for agencies to assess and consider which apps are necessary and discard those which are obsolete, and recommends the CIO Council’s new Application Rationalization Playbook. Overall, the policy aims to refocus the discussion on when cloud is deemed the best solution.

According to the final policy document, “agencies should assess their requirements and seek the environments and solutions, cloud or otherwise, that best enable them to achieve their mission goals while being good stewards of taxpayer resources.”

The final policy reimagines the role of the Federal Risk and Authorization Management Program, or FedRAMP. It aims to re-establish FedRAMP’s role in the risk assessment process as a verification check for agencies as they make informed decisions about the cloud solutions that they deploy, rather than a panacea for all matters related to the risk associated with any implementation of a cloud solution.

It also includes updates and further details on programs and employee training, as well as a push for leadership champions.

Kylie Bielby has more than 20 years' experience in reporting and editing a wide range of security topics, covering geopolitical and policy analysis to international and country-specific trends and events. Before joining GTSC's Homeland Security Today staff, she was an editor and contributor for Jane's, and a columnist and managing editor for security and counter-terror publications.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security