Vivek Kundra, the former federal CIO, envisioned that 25 percent of the funds the federal government spends each year on information technology could productively be deployed through cloud-based systems.
“The adoption of cloud computing will play a pivotal role in helping the government close the productivity gap between the public and private sectors,” he said in launching the Federal Cloud Computing Strategy in 2011.
Two recent reports on the status of federal cloud procurement show that for government IT managers, market and technical factors that were either nonexistent or modest in their impact when Kundra was serving as federal CIO just five years ago will affect future cloud deployments. For vendors, these factors will shape both short- and long-term marketing strategies.
The reports, issued separately byIDC Government Insights andDeltek, predict that federal cloud spending will grow substantially over the next five years.
Cloud’s Path to Growth
Annual spending on cloud technologies could grow from US$6.65 billion in fiscal 2014 to $11.46 billion in 2019, according to IDC. Deltek sees a similar growth path, from $2.35 billion in 2015 to $6.20 billion in 2020.
The difference in the estimates stems largely from a change in terminology adopted by the Office of Management and Budget, which resulted in adding $4.6 billion more in projects to the total for 2015 than had been eligible in 2014, according to IDC. While the change departed from conventional IT taxonomy, IDC accommodated the modification in its forecast.
Deltek, however, determined that the change was not appropriate in its calculation of spending.
In any case, total cloud spending is going up, and “the nature of cloud spending itself is changing,” said IDC research director Shawn McCarthy.
Security, management and citizen expectations related to government services are among the significant issues in the dynamic federal cloud procurement process.
Security Is Constant, but Challenges Change
Federal concerns about cloud security haven’t changed, but data protection presents ever-changing challenges. The Federal Risk and Authorization Management Program was initiated in December 2011 as a way of certifying that vendors would provide adequate security for cloud services for all federal agencies.
The almost Herculean task of establishing FedRAMP fell to the General Services Administration. The value of GSA’s program has been widely recognized, and the certification process has facilitated cloud adoption.
Problems remain, however. One is that FedRAMP certification takes too much time. “The number of FedRAMP-approved solutions is growing, but so is the number of noncompliant cloud solutions,” Deltek reported, suggesting that agencies are not waiting for approval to acquire cloud solutions.
In 2012, just over 30 percent of federal cloud projects complied with FedRAMP protocols, but that fell to 18 percent in 2013 and recovered to only 26 percent in 2014. The approval process has stretched out as the number of proposed projects has grown.
Vendors participating in cloud projects that are noncompliant with FedRAMP run a risk that federal auditors might recommend termination of such contracts, Deltek warned.
Risk From Noncompliance
“Federal cloud use is one major cyberbreach away from a sea change in the market. It is impossible to predict what the impact of a major breach would be, but the fact that many agencies are using non-FedRAMP-compliant solutions is exposing them to increased risk. Should a breach occur, investment in cloud could slow considerably,” the Deltek report said.
“Having to receive certification for things like security and compliance related to specific standards always slows down a procurement process. So the debate comes down to whether it’s worth the wait to assure compatibility and to boost security,” IDC’s McCarthy told the E-Commerce Times.
“It’s tough to say that delays are always worth the wait because you’re trying to measure what might happen if no such rules are in place. My feeling is that having to clear such hurdles is the lesser of two evils. That said, yes, it would be a great thing if the whole FedRAMP process was faster,” he said.
Customers and Technical Requirements in Flux
Services such as email were among the first cloud-based applications to attract interest from federal agencies. Much remains of such low-hanging fruit for cloud migration at the federal level — but technical requirements and changes in customer behavior are emerging as factors affecting future cloud adoption.
Deltek reported several significant developments:
Security reversal: Despite challenges in facilitating FedRAMP approvals, some agencies “are turning to cloud solutions, including the use of cloud-based big data analytics, to address weaknesses in their cybersecurity posture.”
Management issues: OMB’s continuing engagement in cloud adoption will affect acquisition. The agency recently issued missives emphasizing the need for cloud interoperability along with encouraging agencies to use cloud-based storage for records management. Federal audits show that agencies “do not have a handle on their cloud investments, including how to procure them, count them or figure ROI.” Spending on legacy systems will limit availability of funds for cloud, and migration of legacy resources to cloud-based configurations will be gradual.
Procurement: GSA and the Defense Department are exploring options to simplify procurement by creating vehicles dedicated to cloud solutions. Vendors can help themselves by offering solutions “that can accommodate both private and public cloud strategies, including partnerships with public cloud providers,” and that facilitate current deployment preferences for private clouds as well as future use of public clouds.
The IDC analysis spotted other elements affecting future cloud migration:
Consumer model: Citizens are seeking capabilities on a par with private sector offerings such as utilizing self-service options, rather than depending on personal contact with agencies. Younger government employees are tuned into these modes as well. Those factors should drive new cloud investments because cloud has the potential to shortcut bureaucratic layers and offer real-time solutions and instant provisioning. Vendors that offer such capabilities while meeting federal security protocols will find a ready market in the government, IDC said.
Deployment: In total, the federal government is “temporarily spending less on infrastructure related to cloud and temporarily spending more on cloud-based software.” Vendors will need to adjust to this trend. “Both price points and reliability are key selling points,” IDC noted.
Transformation vs. Task-Specific Prospects
Even at the impressive growth pace in the two forecasts, federal cloud investment is still far from the 25 percent spending level Kundra envisioned. Cloud transformation generally is characterized as changing from the longstanding ownership model of IT resources to the newer renting or pay-as-you-go model the technology facilitates.
OMB assessments indicate that while there is significant interest in the cloud, agencies have not fully embraced the cloud in preference to owning their own IT infrastructure, according to Alex Rossino, senior principal analyst at Deltek.
“Even the subject of ownership needs to be unpacked too. Take the Social Security Administration, which built its own internal cloud. USDA has done the same. These are proprietary government clouds using commercial technology, but the agencies own them. Would this suggest that agencies are moving away from owning their own IT? Probably not, or at least not all of them,” he told the E-Commerce Times.
“Other agencies like the Department of Transportation are taking a different approach. DOT is moving to vendor-provided clouds to as far an extent as possible, but this doesn’t mean the DOT won’t continue to own its own enterprise IT assets,” Rossino added.
“Then there are shared services. These are used by agencies for certain specific capabilities like human resources and payroll,” he said. The USDA is offering cloud capabilities as shared services through interagency agreements. Meanwhile, the Defense Department’s milCloud is basically a shared service.
“The point is that the new technology approach of cloud is being embraced in pockets when it suits respective agency customers,” Rossino said. “We see no evidence though — beyond the comments of a few federal executives — that the concept of IT ownership is going anywhere fast.”