The race to bring cloud computing to the federal government has officially begun. In June, the Federal Risk and Authorization Management Program (FedRAMP) reached its initial operating capabilities to certify businesses that meet federal cloud services standards — moving government closer to utilizing the cloud to reduce costs and more effectively serve citizens.
But we need commitment to make this cloud computing vision a reality. Specifically, federal decision-makers need to:
Create a comprehensive federal information technology road map
Today, agencies must interpret myriad Office of Management and Budget strategy documents involving cloud computing, shared services and data center consolidation — supplemented by the recent digital government strategy. The result is confusion around prioritization of agency IT initiatives, as evidenced by public comment from the cloud computing industry.
These independent initiatives would be better served by a comprehensive, overarching federal IT strategy. OMB should review, revise and consolidate the memorandums and guidance associated with implementing these initiatives into one.
The comprehensive guide would eliminate redundancy and provide agencies with clear guidance on how to prioritize initiatives. It would go a long way toward reducing the cost of government and improving the delivery of services to citizens.
Modernize acquisition practices to discard the on-site IT model and embrace the off-site, on-demand nature of cloud computing
The Chief Information Officers Council and Chief Acquisition Officers Council rightly pointed out that to effectively implement the Cloud First policy, the government “needs to buy, view and think about IT differently.”
Current IT acquisition regulations, mainly those espoused in the 1996 Clinger-Cohen Act and modified along the way, were written for a different time — one in which agencies sought to make capital investments in IT systems, servers and other durable IT.
In today’s world of cloud computing, agencies should no longer look to make capital investments in IT but rather should invest in acquiring IT on demand and in purchasing services and capabilities. This shift requires not only efforts to change acquisition regulations to keep pace with technology but also a shift in agency acquisition culture to a mindset of services over capital.
Government decision-makers should focus on how best to use the procurement process to acquire IT services quickly and cost-effectively. They also must ensure that IT acquisition personnel, with training, can make the shift from buying and installing IT infrastructure to negotiating service agreements and navigating the new tech life cycle.
The “do once, use many times” philosophy of FedRAMP holds significant promise for cloud service providers (CSPs) seeking to do business with the federal government. But many concerns remain about whether the program will create extra red tape for CSPs and give an unfair advantage to the first companies through the gate.
Many CSPs are concerned that FedRAMP, while well-intended, could become a bottleneck because of the limited capacity of the FedRAMP-certified third-party assessors who will evaluate applicants, and because of the approval schedule, which projects to have only three companies certified under the program by the end of 2012. Those three appear to have a leg up on the competition as we head into 2013.
Others are concerned that unless all federal entities buy into the program, FedRAMP may become an additional step from what is required under the Federal Information Security Management Act.
Clearly, there is merit in providing CSPs with a Joint Authorization Board-approved provisional authorization that can be employed agency-to-agency, showing that their cloud environment meets minimum security requirements. In theory, this should reduce some of the administrative burden on providers and the government alike.
Cloud computing is transformational, and the government has put the building blocks in place to effectively transform its IT infrastructure, but some core issues must be addressed for federal IT reform to reach its full potential.
Michael Hettinger is director of the Public Sector Innovation Group at the Software and Information Industry Association.