Oct 17 2016

Feds Want to Move Further Into the Cloud, but Face Security Concerns

Fully 85 percent of federal cloud adopters say their agency will increase spending on cloud computing in 2017, according to a MeriTalk survey.

Federal IT decision-makers whose agencies have adopted cloud computing expect to invest more in cloud computing next year, but clear barriers to that investment still remain, especially in terms of security, according to a MeriTalk survey.

The survey, “Destination Cloud: The Federal and SLED Cloud Journey,” which was released last month, drew responses from 300 federal, state, local, and higher education IT leaders whose agencies or institutions have adopted the cloud.

Among federal respondents, the survey found that 55 percent are currently integrating cloud into their agency’s IT strategy and 85 percent expect increased cloud spending in 2017.

How Are Feds Using the Cloud?

The main reasons federal IT decision-makers are using the cloud are related to cost savings, and to gain increased flexibility, speed and scalability. Less important were staying current with IT trends, getting rid of legacy systems that have reached their end of life, and being tired of paying hardware costs and tracking versions, the survey found.

Fully 77 percent of federal respondents say that moving applications to the cloud leads to increased productivity; and 74 percent say it improves customer service and cuts application costs. Additionally, 65 percent of federal respondents say that when considering new investments, they now first look to cloud options.

What are feds using the cloud for? Federal cloud adopters are most commonly using the cloud for web hosting (82 percent), collaboration (82 percent), and backup services (81 percent).

Security Is a Crucial Concern

Adopting public cloud solutions is a key challenge that federal agencies face, and federal users have complained that it takes too long to get new cloud service providers (CSPs) approved by the General Services Administration’s Federal Risk and Authorization Management Program, or FedRAMP.

However, the government is making progress, and last month FedRAMP approved the first cloud service provider — Microsoft Dynamics Customer Relationship Manager Online — to work with federal agencies as part of the FedRAMP Accelerated program, which is designed to speed up the authorization process.

In addition, the GSA in June unveiled the “High Baseline Requirements” for FedRAMP, meaning agencies can use cloud services that meet the new requirements to protect sensitive, unclassified data in cloud environments. This includes data that, if leaked, could lead to loss of life and financial ruin.

The time it takes for CSPs to get through the FedRAMP process is lengthy, and to get around that process more than half of respondents run their IT applications in the private cloud, according to MeriTalk. Feds are using private cloud (64 percent) more than state and local government (54 percent) and higher education (50 percent).

The survey respondents agree that the decision to go with a public or private cloud depends heavily on the app’s core attributes. More than three-quarters of respondents (78 percent) say that apps that handle sensitive information should be in the private cloud. Another 69 percent say that apps that are highly specialized and used by a limited audience should be put in private cloud environments, and 51 percent say the same thing about apps that are continually evolving.

Respondents note that public cloud offerings provide cost savings and flexibility and are easier to purchase and deploy. However, 61 percent of federal respondents say that security/privacy concerns are a drawback of public cloud services.

Overcoming Cloud Adoption Hurdles

According to the survey, 42 percent of federal respondents say their agency’s CIO is the one primarily responsible for deciding which application is next in line to migrate to the cloud, and 41 percent say it is the IT director.

While it does not appear that confusion at the top of agencies’ organization charts are inhibiting them from moving to the cloud, the survey did reveal that there are some gaps in how agencies are making the migrations.

Among federal respondents, the survey found that as their agency or institution moves to the cloud, 63 percent identify and mitigate risks, 53 percent assess the required computing, network, and/or storage needs, but only half prepare their workforces for the transition.

However, federal agencies are ahead of state/local government and education respondents on those fronts.

“Agencies and institutions must factor regulations, budget constraints, and the limitations of legacy systems — leaving them with little flexibility to respond to evolving mission demands,” Rob Stein, vice president, U.S. public sector at NetApp, said in a MeriTalk statement. “Public sector adopters are looking to take advantage of the benefits of cloud, but they need a solution that allows them to manage, migrate, and secure their most valuable assets as needed.”