recommended reading

Security remains the biggest hurdle for agencies moving operations to the cloud, federal IT officials say

The greatest hurdle to moving vital government data and programs into the cloud is federal executives' confidence in outside security systems, a panel of federal information technology leaders said Wednesday.

One big component of producing that confidence level is getting the Federal Risk and Authorization Management Program, or FedRAMP, up and running, they said.

Agency technology executives spoke at a conference sponsored by TechAmerica, an industry group.

FedRAMP is aimed at creating a standardized governmentwide review of private sector information technology so individual companies' offerings won't have to be reviewed and approved by dozens of different departments and agencies.

The program was unveiled in November, but immediately ran into trouble when technology companies complained the one-size-fits-all requirements didn't jibe with the diversity of programs in the federal government.

The Obama administration has said it will consider relaxing the requirements and expects to get the program up and running this summer.

"If you want to get it right, FedRAMP matters," said Mark Day, chief technology officer at the Housing and Urban Development Department. "We're looking to [the General Services Administration, which oversees FedRAMP] to give us a lot of help in this area."

Even with the FedRAMP process in place, the panelists said, there's a natural aversion to handing over sensitive data to an outside agency whose security you can never guarantee as well as your own.

"The same things we're doing for ourselves, that's what we'd want as we look at opportunities to move more than our public facing [services, such as Web pages]," State Department Chief Information Officer Susan Swart said. "We're just taking a very conservative look. Until we feel comfortable that we can get that level of security, [perhaps] by adding on to what FedRAMP provides, we won't be moving."

The panelists agreed, saying they'd prefer to move most services to a federal-only cloud for security reasons, but even that requires a change of culture.

"There's a comfort zone issue we have to address," Day said. "Private and public might better be viewed as ours and shared. If you want to talk about the culture issue, no matter where you sit, if I share with someone else who's bigger than me, there's a discomfort there, because I've lost some control."

The Obama administration's 25-point plan to reform federal IT management, published in December 2010, calls on departments and agencies to make the cloud their first storage option for new programs and to identify several programs currently stored in data centers for transition to the cloud.

Federal CIO Vivek Kundra has said transitioning large amounts of federal data to the cloud could save the government millions of dollars. Computing clouds are essentially large networks of servers. Users can take as much space from them as they need and pay only for what they use, which may vary from month to month.

The conference panelists also praised TechStat, a series of face-to-face question-and-answer sessions Kundra launched in early 2010, during which IT project and program managers must either justify cost overruns and missed deadlines or their projects will be canceled or redesigned.

As a result of the rigors imposed by the TechStat process, HUD's IT leaders have pared down the number of major projects they attempt at one time from more than 30 to around seven, Day said.

Most agencies also have launched internal versions of the TechStat process and the rigors of knowing they'll have to justify their programs to senior management has imposed more discipline on project managers, the panelists said.

One audience member, who said she was with the contractor MSB Associates, asked whether the government would make TechStat transcripts and other information available to industry so the private sector could learn from government mistakes.

Agriculture Department CIO Chris Smith said some of that information is available through the federal Chief Information Officers Council's best practices information page. But that page, so far, includes only a handful of project summaries, typically fewer than 10 pages in length.

This story has been updated to correct the name of the Agriculture Department's chief information officer.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.