The Office of Management and Budget (OMB) requires federal agencies, when feasible, to adopt cloud computing and has established 14 key requirements to help them do so. A Government Accountability Office (GAO) review has found that the Department of Defense (DOD) has addressed 11 of these requirements but that gaps remain in workforce planning. These gaps include identifying the future skills needed for cloud-based services and conducting regular evaluations of customer experiences and user needs.
In order to meet OMB’s application rationalization requirement, GAO found that DOD has established a scope for its rationalization efforts and is working to formalize a governance group with the authority to set requirements and issue guidance. However, the government watchdog said DOD’s lack of established timeframes for completing the remaining activities has impacted its efforts to make progress on subsequent leading practice steps. In addition, DOD has not developed a long-term plan for rationalization implementation with measurable objectives, milestones, and timelines. GAO said this is due to significant changes to its approach over the past two years; long time frames for implementing enterprise-wide initiatives; and a lack of definition by DOD regarding who is responsible for ensuring rationalization activities are successful.
In support of its military operations, DOD manages many IT investments, including investments in business, communications, and command and control systems. In fiscal year 2022, DOD plans to spend approximately $38.6 billion on unclassified IT investments. DOD reported that this included approximately $1.1 billion in funding for cloud services and migration, with $798 million for commercial or in-house cloud services, and $329 million in costs related to migrating systems to cloud services But GAO is concerned that the Department lacks the data to make informed IT investment decisions.
In its fiscal year 2019 guidance, OMB began requiring agencies to use Technology Business Management (TBM)—a framework for increasing the granularity in agency-reported IT spending data by grouping related costs together—as part of the annual budget submission. DOD has reported its budget data using TBM cost categories. However, GAO identified weaknesses in the completeness of DOD components’ cloud spending data. As a result, the watchdog believes DOD’s cloud spending is likely underreported. GAO attributed this inconsistency, in part, to nonspecific department guidance on reporting these data and the control processes needed to ensure reliable data. In addition, GAO found that the Army and Air Force did not follow leading TBM implementation practices.
GAO recommended in 2019 that DOD complete an assessment of all IT investments for suitability for migration to a cloud computing service, and establish a consistent and repeatable mechanism to track savings and cost avoidances from the migration and deployment of cloud services. DOD concurred with the recommendation to complete an assessment of all IT investments, but disagreed with the recommendation to establish a mechanism to track cost savings. In July, GAO reported that as of April 2022, DOD had not implemented either recommendation.
It is worth noting that in February, DOD released its Software Modernization Strategy focused on accelerating the enterprise cloud environment, establishing a department-wide software factory ecosystem, and transforming processes to enable resilience and speed. This strategy replaces the 2018 DOD Cloud Strategy and is part of DOD’s Digital Modernization Strategy.
“DoD must review and modernize requirements, budget, acquisition, and security processes to take advantage of new approaches and technologies, ensuring not only speed, but better quality and protection,” the document states, adding that “fighting and winning on the next battlefield will depend on DoD’s proficiency to rapidly and securely deliver resilient software capabilities” and the department “cannot rely on antiquated platforms and processes of the past, and cannot do it alone.”
Now, GAO is making nine new recommendations to DOD related to addressing gaps in cloud workforce activities, improving application rationalization planning, and updating guidance on TBM implementation. DOD agreed with one recommendation, partially agreed with seven, and did not agree with one. The Department stated that it would update or issue workforce planning guidance and application rationalization guidance by September 2024.