“The Cloud First strategy was actually released in 2010, and it was part of the 25-point implementation plan to reform federal information technology. But that was at a time when cloud was still new, many agencies were kind of early in their journey and adopting those technologies, and we’ve learned a substantial amount within the federal government, as well as the capabilities within the industry have significantly advanced,” said Federal Chief Information Officer Suzette Kent at a media discussion on the strategy.
“This new strategy is the first update in seven years. It defines an integrated approach for agencies to more extensively leverage cloud technologies, and it updates the original approach and closes some gaps in policies that allow faster adoption as well as streamlining some of the activities.”
The strategy focuses on three considerations for agencies that look to move to the cloud: procurement, workforce and security.
The agenda requires leadership from across agencies to prioritize IT modernization, data transparency and workforce challenges.
“Most of the agency teams have already demonstrated some kind of success in this area, but what we intend is to move faster,” said Kent.
“We seek to talk about not just one sliver of technology, but marry that with acquisition, workforce and security. So all the pieces that need to go together to not only implement cloud technologies but to sustain them.”
Under security, the administration plans to help agencies update their trusted internet connection strategy to better meet modern technology landscapes, focus on continuous data protection that ensures security throughout data transit, and improve the Federal Risk Authorization Management Program to accelerate cloud-provider authorizations.
For procurement, the administration plans to address the lack of a governmentwide standard for cloud procurement through category management, address uncertainty in service level agreements with a two-track approach, and update the High Value Asset memorandum to shift procurement focus to security implications.
Finally, the administration plans to address the workforce component of the plan by getting agency officials to conduct analyses of IT skills gaps even beyond the mandatory National Initiative for Cybersecurity Education framework, re-skill current employees in both the general service and senior executive service, emphasize recruitment to target identified skill gaps, communicate with employees about cloud transition strategies, and remove the barriers to hiring needed talent quickly.
Can the cloud awaken the government from cyber Groundhog Day?
According to Kent, the new cloud strategy is a continuation of the May 2017 IT modernization executive order, for which the administration has already completed a majority of the assigned tasks.
“One of the last sets of those initial tasks was updating old policy. So today, we’re actually starting with the Cloud First strategy,” said Kent.
She added that future policy updates will include those for TIC, data centers and high-value assets.
According to a timeline released with the cloud strategy document, the strategy includes a total of 22 actions that will take anywhere between three and 18 months to complete. Three actions address the general strategy, six address the security component, six cover procurement and seven impact workforce.
“We look forward to the public reviewing and commenting on the federal cloud strategy,” said Kent.
An administration official told Federal Times that the public comment period closes Oct. 24.