Getting from cloud first to cloud smart
- By Stephanie Kanowitz
- May 06, 2019
As cloud adoption continues in government agencies, major sticking points remain in the areas of security, procurement and workforce. A recent report looks at what agencies can expect in those areas as they work to implement the 2018 Cloud Smart strategy that calls for streamlining migrations and embracing the cloud's capabilities.
IDC’s “Federal Government’s Journey from Cloud First to Cloud Smart: Leveraging Security” finds that replacing on-premise systems with cloud solutions is still a challenge for agencies. Meanwhile, agencies' legacy systems are becoming fragile and expensive and constraining digital transformation.
The report points to the 22 action items the CIO Council created to support the strategy, a follow-on to the 2011 Cloud First policy. The council’s objective is to accelerate cloud adoption, and its website shows that all actions are in progress.
In terms of security, the report calls out six actions with time lines ranging from three to 12 months of the strategy’s September 2018 release. They include work -- undertaken largely by the Office of Management and Budget and the General Services Administration -- to update the identity, credential and access management policy; the Trusted Internet Connections policy; and Continuous Diagnostics and Mitigation guidance. Other actions include expediting low-risk software-as-a-service certification through the Federal Risk and Authorization Management Program Tailored classification, developing a strategic plan to streamline the authority-to-operate process and creating agency requirements across the federal security enterprise.
“Innovative approaches such as security as a service and threat intelligence are proving themselves, protecting the security and privacy of an organization's digital assets. And the ability to anticipate, identify, contain, measure, and address security risks are critical to mitigating the crisis of trust,” the February report states.
Cloud Smart also addresses procurement. From GSA and OMB, agencies can expect to see a governmentwide Cloud Solutions Category Team emerge to develop standards and approaches to cloud buying and to recommend governmentwide acquisition contracts. Additionally, the administration will issue guidance on supplier management and create working groups that identify service-level agreements unique to government needs.
Of course, no cloud initiative can happen without a skilled workforce to implement the deployments and migrations and oversee their life cycles. To that end, the report recommends that agencies train all employees on data security and hire or train employees with modern technical, vendor management and business skills to manage cloud procurement and use.
“Cloud is foundational to many digital transformation initiatives, and those without a cloud-first strategy may find it difficult to digitally transform their agency,” the report states.
Stephanie Kanowitz is a freelance writer based in northern Virginia.