The promise of cost savings and improved services has catapulted federal cloud computing into a multibillion dollar market. Civilian agencies alone are poised to spend more than $2.8 billion on cloud solutions this year, with the vast majority of funding slated for software services hosted in private clouds.
The administration’s push to consider cloud technologies first, coupled with the 2012 release of baseline security standards for federal cloud solutions, have made Internet-based services a viable option for many cash-strapped agencies. Since then, cloud investments have grown by nearly a billion dollars across civilian agencies, according to data from the Office of Management and Budget.
“At NOAA [National Oceanic and Atmospheric Administration], we probably think of the economic case first because the prime driver of going to the cloud is to be able to get the most technology you can for the money,” while maintaining security, said Zachary Goldstein, NOAA’s deputy chief information officer.
While some agencies are exploring the cost benefits of shared tenancy in a public cloud environment, federal security standards are driving CIOs to invest in private cloud models that, at a minimum, can comply with nearly 300 governmentwide requirements. And that’s only a starting point for agencies like the Defense Department that require companies to meet additional security standards.
About $2.2 billion, or nearly 80 percent, of reported cloud spending this year will be invested in private cloud models, where infrastructure is provisioned exclusively for an agency, according to OMB data. Planned investments in community cloud total about $381 million, or 13 percent of cloud spending this year. Public and hybrid clouds make up a small fraction of spending, 3 percent and 5 percent, respectively. DoD data will be released later in the spring.
As agencies do an economic analysis of building private clouds, the economies of scale they had hoped to achieve diminish as the cloud environments become more isolated and private, Susie Adams, chief technology officer for Microsoft Federal, said during a March 25 webcast.
Only a small fraction of federal spending is being used to move the government’s public data into public clouds that are available for general use.
“They are still very conservative, and it has taken longer than folks thought, but to move something outside their data center … there are challenges,” said Peter Gallagher, a group vice president for Unisys Federal Systems.
Some of the government’s public websites contain personally identifiable information and records that go beyond public statistics, Gallagher said. Some of those websites are categorized as low or moderate, in terms of potential impact on organizational operations and assets if they are disrupted, and therefore have not been moved to public clouds that don’t meet a certain level of security, Gallagher said.
That is expected to change as more cloud providers build to government standards and are approved through the federal cloud security program, FedRAMP. But FedRAMP for some is a starting point, not a finish line.
“The one thing that FedRAMP has done a good job at is drawing the line in the sand,” Adams said. “It’s probably at a lower level than we had hoped,” she said of the program’s baseline standards.
DoD, for example, used FedRAMP as a baseline to create a template of standards for storing sensitive data in the cloud. FedRAMP currently does not provide standards for classified systems. “If we can’t draw a line in the sand for communities of interest, it doesn’t make sense for vendors to provide [certain types of] cloud,” Adams said.
Biggest focus on Software as a Service
OMB does not provide a breakdown of how much agencies are spending on software, infrastructure and platform services within private or public clouds. But the numbers do show how much of the $2.8 billion will be invested in cloud service models.
Software services, which include web-based email, accounts for 44 percent of reported cloud spending this year, compared with 32 percent for infrastructure services, such as data storage. Spending on cloud software services would grow to 47 percent next year, according to OMB data.
Agencies may be spending more on software services, but the majority of cloud adoption is in the infrastructure area, Lisa Schlosser, deputy federal CIO, said at a March 26 budget event. Schlosser said she expects to see greater use of cloud services as FedRAMP standards are adopted and security concerns are addressed.
Today, only two of the 15 cloud solutions approved under FedRAMP are software-as-a-service offerings. By June, all cloud services in use must meet FedRAMP standards or be in the queue for review.
A number of agencies are evaluating niche software services like mobile device management capabilities that can move to the cloud, said Unisys’ Gallagher.
At the Securities and Exchange Commission, the focus is on private clouds, especially for information considered proprietary, said Pamela Dyson, SEC’s chief technology officer and deputy CIO. Dyson said the agency is actively looking to move incident and asset management work and service catalogs to the cloud.“The choice of going to the cloud technologically is almost a given,” said NOAA’s Goldstein.