Cloud First: Three Years Later

In December 2010, the Obama administration announced its 25-Point Plan to reform federal information technology (IT) management (the 25-Point Plan).  As part of the plan, agencies were to implement a “cloud first” strategy when purchasing new IT systems and programs.  At the time, there was much head-scratching about how this new policy would be implemented, and whether or not it would save taxpayer dollars and streamline federal IT programs.

In its 2013 annual survey, Tripwire found that cloud adoption by federal agencies had increased by 400 percent since 2012, and is projected to grow at a compound annual growth rate of 32 percent over the next three years.  The survey also found that 58 percent of the 100 respondents felt that federal initiatives to encourage cloud adoption have improved security; four times more respondents than the 2012 survey indicated they are outsourcing at least one third of their IT infrastructure to cloud vendors; 50 percent are moving moderate-impact data to the cloud, compared to only 31 percent in 2012; and 28 percent indicate that FedRAMP’s baseline security controls have accelerated their agency’s migration to the cloud, compared to only 11 percent in 2012.

The federal government plans to spend approximately $80 billion for IT programs in fiscal year 2014.  According to a July 15, 2013 report by IDC Government Insights, federal spending on cloud computing is expected to reach $1.7 billion in FY 2014, while spending on federal private cloud services are expected to reach $7.7 billion by FY 2017.  The report indicated that in 2013 and 2014, cloud investments stalled out in part due to sequestration, a slowdown in system consolidation efforts, and other government-wide issues including the complexity of establishing enterprise architecture standards, but IDC expects this slowdown will end by mid-2014, and federal cloud spending will start rising.

Meanwhile, the General Services Administration (GSA) has been busy queuing up the FedRAMP compliant Cloud Services Providers list, which now includes companies such as AT&T, Akamai, Amazon Web Services, CGI Federal, CTC, HP, IBM, Lockheed Martin, Microsoft, and the U.S. Department of Agriculture.  However, many agencies have contracted with companies not yet on this list.  All cloud computing vendors must certify that they have met the baseline standards for FedRAMP no later than June 5, 2014.

In a January 21, 2014 article in Federal Computer Week, former Department of Homeland Security CIO Richard A. Spires provided some guidance to agencies moving more information to the cloud.  He noted that the need for brick-and-mortar data centers will continue to exist even as agencies continue to expand their cloud footprint, due to the need to support legacy IT systems and provide the security needed for highly sensitive information.  Additionally, Spires recommended that agencies should migrate most of their applications from stand-alone servers dedicated to individual systems to cloud services using production, development and test-as-a-service models.  He suggested that enterprise software applications, such as email services, virtual desktops, and mobile device management can be moved to cloud services models.

Increased usage of cloud computing services by the federal government is a positive initiative that should continue to save taxpayers billions of dollars.