recommended reading

Agencies aren’t providing enough details about future cloud moves, GAO says

T. L. Furrer/Shutterstock.com

Nineteen of 20 agency plans for future cloud computing projects are missing important elements, a watchdog said Wednesday.

For example, seven of the 20 blueprints submitted to the Office of Management and Budget do not include any cost estimates, according to the Government Accountability Office report. None of the 14 plans that involve migrating existing services to the cloud includes the cost of retiring or repurposing legacy systems, the watchdog said.

Without that information it’s not clear if the agencies will be able to wring all possible savings from the cloud projects, GAO said.

Technology officials have estimated the government can save $5 billion annually by moving 20 percent of its information technology infrastructure from agency-owned data centers to more nimble cloud computing.

All seven agencies that GAO surveyed had met OMB’s requirement for moving at least one service to the cloud by December 2011. They also planned to have at least three services functioning in the cloud by the end of 2012, though two agencies -- the Agriculture Department and the Small Business Administration -- said they missed OMB’s June deadline for that milestone.

The shift to cloud computing has been dogged by insufficient guidance on purchasing cloud technology and concerns about its security, GAO said.

The process of certifying cloud vendors also has been arduous, the report said, partly because the governing document -- the Federal Risk and Authorization Management Program, or FedRAMP -- is only in its early stages.

“For example, [General Services Administration] officials stated that the process to certify Google to meet government standards for their migration to cloud-based email was a challenge,” auditors said. “They explained that, contrary to traditional computing solutions, agencies must certify an entire cloud vendor’s infrastructure. In Google’s case, it took GSA more than a year to certify more than 200 Google employees and the entire organization’s infrastructure (including hundreds of thousands of servers) before GSA could use Google’s service.”

Cultural barriers also have been a challenge.

“For example, a State [Department] official explained that public leaks of sensitive information have put the agency on a more risk-averse footing, which makes it more reluctant to migrate to a cloud solution,” the report said.

GAO recommended the surveyed agencies “establish estimated costs, performance goals and plans to retire associated legacy systems” for cloud-based systems and “develop, at a minimum, estimated costs, milestones, performance goals and plans for retiring legacy systems.”

The agencies agreed with the recommendations with some qualifications.

The surveyed agencies were the Agriculture, Health and Human Services, Homeland Security, State and Treasury departments, and the Small Business Administration and General Services Administration.

(Image via T. L. Furrer/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.