And if the project should turn into the dreaded boondoggle, government leaders could pay the ultimate political and professional price.
“Cloud first”
Belt tightening has been part of the national conversation ever since the economic bubble burst in 2008, so it’s no surprise that the US is looking for communications technology to simplify,
streamline and consolidate government functions.
From the outset of President Obama’s first term the federal government has adopted a “cloud first” policy. Vivek Kundra, the former US chief information officer, oversaw its creation, and in
August 2011, at the end of his two-year tenure in the government’s top tech spot, he wrote a New York Times op-ed piece explaining how the continued expansion of government cloud computing could
save money and boost efficiency.
Kundra pointed to the success of some particularly large G-cloud projects: “For example, in preparation for the 2010 census, the Census Bureau used the cloud computing services of salesforce.com
to expand its I.T. capabilities, saving the cost and time of purchasing, designing and installing a brand-new I.T. infrastructure.”
But he ominously warned that for both public-sector leaders and private-sector vendors, the success of government-cloud implementation will likely determine the winners and losers in the
21st-century market.
“The budget crisis will accelerate the move toward cloud services,” Kundra wrote. “Governments, businesses and consumers all have a lot to gain, but not everyone will have an equal say at the
table. Public and private organizations that preserve the status quo of wasteful spending will be punished, while those that embrace the cloud will be rewarded with substantial savings and
21st-century jobs.”
His successor, Steven VanRoekel, has continued the federal “Cloud First” policy. In 2011 alone he moved 40 government services to the cloud while eliminating 50 legacy systems.
In December of that year VanRoekel announced the launch of the Federal Risk and Authorization Management Program (FedRAMP). Developed with input from government agencies, the CIO Council, the
Information Security and Identity Management Committee (ISIMC), state and local governments, the private sector, academic experts, and non-governmental organizations, FedRAMP aims to bolster the
development of relationships between government agencies and cloud service providers (CSPs).
“With FedRAMP we have established a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services, which every agency will be required to
use,” said VanRoekel. “This approach uses a ‘do once, use many times’ framework that will save cost, time and staff required to conduct redundant agency security assessments so no one has to
reinvent the wheel. Last year agencies spent hundreds of millions of dollars on these types of activities. Thanks to FedRAMP, the government can expect to save 30-40 percent of these costs when
using a solution that has been put through FedRAMP.”
Which all sounds really simple and tech and forward-looking, but at the time this article was written not one single CSP had been granted official FedRAMP authorization.
“Several cloud service providers are in an active queue requesting a provisional security Authorization to Operate (ATO) issued by the FedRAMP Joint Authorization Board,” says Katie Lewin, who
oversees the program as director of cloud computing for the US General Services Administration (GSA). “The program is on track to issue three provisional ATOs between now and the end of January
2013. The program is in its initial operating-capability phase that allows the FedRAMP program [management] office [PMO] to evaluate and improve workflow processes and procedures. There has been
great interest in FedRAMP, as evidenced by the large numbers of IT industry participants in FedRAMP webinars and training sessions and over 70 CSP applications filed with the FedRAMP PMO.”