The federal government has a new driving policy for agency movement to the cloud, one year after the Trump administration first announced its intent to revise the Obama-era Cloud First strategy into a new Cloud Smart approach.
The Cloud Smart Strategy, the final version of which was released June 24, instructs agencies to take a three-pronged approach to cloud adoption — security, procurement and workforce — that serves as a “practical implementation guide” to help agencies get the most out of cloud technology.
“The federal government has a commitment to providing the high-quality services to the American people, but that delivery has been limited when agencies are using antiquated systems,” said Federal Chief Information Officer Suzette Kent in a statement.
“With today’s updated Cloud Smart Strategy, we are providing a road map to accelerate transformation for IT modernization that will enhance security and advance mission for federal agencies. This new strategy will embody the interdisciplinary approach to IT modernization that the Federal enterprise needs in order to provide improved return on its investments, enhanced security, and higher quality services to the American people.”
According to the strategy, Cloud First — which was released by the Obama administration in early 2011 — gave agencies the broad authority to adopt cloud, and the new strategy focuses on an interdisciplinary approach to bringing cloud services into government.
The strategy should come as no surprise to federal agencies, as the administration released a substantively similar draft of the policy back in September 2018.
The main precepts of the strategy also follow the major tenets of previous Trump administration documents, such as modernizing the federal workforce as a means of supporting IT and restructuring how agencies look at data security.
“Given the distributed nature of cloud and the growing number of discrete capabilities and deployment models available to choose from, agencies might consider moving or adding security and privacy controls to the data layer itself, rather than just where they have historically resided at the network perimeter,” the strategy said.
“By doing so, agencies can improve their overall security and privacy posture, empowering them to fully embrace cloud technologies while granting them peace of mind that the confidentiality and integrity of their data are intact.”
The strategy also relies heavily on already-established policies, legislation and initiatives that agencies are encouraged to leverage: the Department of Homeland security’s Continuous Diagnostics and Mitigation program; the Federal Information Technology Acquisition Reform Act; Trusted Internet Connection policy; use of category management in acquisition; the National Initiative for Cybersecurity Education’s framework for identifying needed IT and cybersecurity skills gaps and others.
“To be Cloud Smart, agencies must consider how to use their current resources to maximize value: reskilling and retraining staff, enhancing security postures, and using best practices and shared knowledge in acquisitions. Cloud Smart is about equipping agencies with the tools and knowledge they need to make these decisions for themselves, rather than a one-size-fits-all approach,” the strategy said.