recommended reading

How Close is the Government Really to Broad Cloud Adoption?


The advent of utility-based computing has changed the information technology game in the federal market, but the government still has ways to go before cloud services are broadly adopted and incorporated across its many agencies.

To put it another way: Federal agencies’ first forays into cloud computing were baby steps in the late 2000s, and the past two years -- with the development of government security standards -- have been slightly longer strides. Yet, the pieces are now beginning to fall into place, according to Teresa Carlson, vice president of Amazon Web Services’ global public sector, for the broad adoption of cloud computing governmentwide.

“The president’s FY 2015 budget request placed a greater emphasis on the utility-based model of cloud computing, and [the Federal Risk and Authorization Management Program] was highlighted as the administration pushes for further adoption of cloud,” said Carlson, speaking this week at the AWS government symposium in Washington, D.C.

Carlson described the evolution of federal cloud computing in six stages. The first, she said, was “a stated policy,” referencing former U.S. Chief Information Officer Vivek Kundra’s “cloud-first policy.” When released, that framework had a ripple effect across the Atlantic; the United Kingdom soon followed suit, issuing even more progressive policies.

The second phase was the government formulating an actual definition of cloud. The National Institute of Standards and Technology accepted the mission to define “cloud,” and did so after meticulous research that included significant industry weigh in. Phase three -- security and compliance -- has been addressed through FedRAMP, the government’s standardized approach to cloud security. More than a dozen cloud service providers have introduced to government cloud solutions that meet FedRAMP’s robust risk-based requirements. Dozens more are in the pipeline awaiting accreditation, which signals a competitive federal cloud market ahead.

Cloud’s continued evolution is beginning to alter how the government makes certain kinds of acquisitions, Carlson said, addressing the fourth phase. AWS, she said, just responded to a request for proposal in Queensland, Australia, that spelled out NIST’s definition of cloud computing at the top of the document -- a sign that governments globally have a more detailed perspective of what they want when purchasing technology.

The last two phases, culture and broad adoption, may be the two toughest to scale. Yet, two factors are forcing change, according to Carlson: tighter budgets and the desire for more agility. Just a few years ago, it may have been difficult to imagine the government -- with its thousands of disparate data centers -- becoming cloud centric. But today, that could well be the case. Carlson said, surprisingly, cost isn’t even the biggest driver to cloud these days -- at least not for AWS customers.

“Increased agility has become the No. 1 reason organizations use the AWS cloud now; it’s not just price anymore,” Carlson said.

(Image via wavebreakmedia/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.