Federal Agencies Have Their Heads in the Cloud
As federal legacy technology continues to age and fail, agencies have been given the green light to move to the Cloud for faster processing and more elasticity in computing in an on-demand, more efficient platform.
But, for many federal agencies, moving to the Cloud has proven to be difficult, redundant, time-consuming, costly and unsecure.
Then, there is also the cultural resistance inside some agencies, despite the General Services Administration’s (GSA) Federal Risk and Authorization Management Program’s (FedRAMP) best efforts to accelerate the move by authorizing Cloud Service Providers (CSPs).
This resistance isn’t without reason: many agencies have been stung by data breaches and other cybersecurity mishaps and are, rightfully, concerned about the security of Cloud applications.
Other federal CIOs cite federal regulations as the obstacles:
“The four horsemen of federal IT — the FAR, FISMA, OMB and FITARA” are obstacles for federal CIOs and IT managers working to implement cloud services in their agencies, according to the Department of Agriculture’s Risk Management Agency CIO Chad Sheridan.
Those four things — the Federal Acquisition Regulation, the Federal Information Security Management Act, the Office of Management and Budget and the Federal Information Technology Acquisition Reform Act — aren’t going away, he said in remarks at ATARC’s Feb. 16 Federal Cloud and Data Center Summit.
Still, the CISOs at the CIA and the Department of Homeland Security (DHS) have embraced cloud migrations and are able to develop, test and share security code more easily. FedScoop reported that CIA CIO John Edwards said that the agency’s cloud partner – Amazon Web Services – meets its high bar for security.
In June 2015, the GSA released the high baseline requirements for FedRAMP, which added 100 security controls on top of the program’s moderate impact level. These controls, in theory, make it more likely that agencies will be able to use cloud services to handle more secure information.
So, with such conflicting information, where will most federal agencies head?
“With so many aging and unsecure legacy systems, federal agencies will have to move to the Cloud to contain costs by sharing services and infrastructures,” said Sword & Shield Federal Vice President Raymond Kahre. “However, these agencies also must meet stringent FISMA, FedRAMP and FITARA mandated compliance and security measures. Truly secure agencies are constantly aware of how their data and applications interact while continuously monitoring for potential threat vectors, particularly in Cloud environments. Agencies must pick CSPs that provide assurances they can identify threats before they become disasters.”
At Sword & Shield Federal, we are excellent partners with proven processes. Through our two Government-Wide Acquisition Contracts (GWAC), we work with some of FedRAMP’s most active moderate– and high-level CSPs to provide agencies with the secure Cloud services they need.
Contact us at 800-860-0075 or at firstname.lastname@example.org to discuss how we can help your agency move to a secure Cloud service or for any other federal cybersecurity needs.