Last week’s Federal Times ran an op-ed by SIIA’s own Mike Hettinger. In the article, Mike describes the future of federal computing in the cloud – and what decision makers need to do to make the federal cloud a success. Specifically, he shares three suggestions:
1) Create a comprehensive federal information technology road map
Currently, the Office of Management and Buddy Strategy fails to prioritize agency IT initiatives within its strategy documents. This needs to change to avoid confusion. Writes Hettinger:
Today, agencies must interpret myriad Office of Management and Budget strategy documents involving cloud computing, shared services and data center consolidation — supplemented by the recent digital government strategy. The result is confusion around prioritization of agency IT initiatives, as evidenced by public comment from the cloud computing industry.
2) Modernize acquisition practices to discard the on-site IT model and embrace the off-site, on-demand nature of cloud computing
The current acquisition process is outdated, and in desperate need of a re-haul in the modern IT world.
Current IT acquisition regulations, mainly those espoused in the 1996 Clinger-Cohen Act and modified along the way, were written for a different time — one in which agencies sought to make capital investments in IT systems, servers and other durable IT. In today’s world of cloud computing, agencies should no longer look to make capital investments in IT but rather should invest in acquiring IT on demand and in purchasing services and capabilities.
3) Improve FedRAMP
In June, the Federal Risk and Authorization Management Program (FedRAMP) reached its initial operating capabilities to certify businesses that meet federal cloud services standards. But cloud service providers (CSPs) are concerned the program will create extra red tape for CSPs and give an unfair advantage to the first companies through the gate.
Many CSPs are concerned that FedRAMP, while well-intended, could become a bottleneck because of the limited capacity of the FedRAMP-certified third-party assessors who will evaluate applicants, and because of the approval schedule, which projects to have only three companies certified under the program by the end of 2012. Those three appear to have a leg up on the competition as we head into 2013… Clearly, there is merit in providing CSPs with a Joint Authorization Board-approved provisional authorization that can be employed agency-to-agency, showing that their cloud environment meets minimum security requirements. In theory, this should reduce some of the administrative burden on providers and the government alike.
The government has the building blocks in place to transform its IT infrastructure, but as Mike explains, some core issues must be addressed for federal IT reform to reach its full potential.
Tracy Carlin is a Communications and Public Policy Intern at SIIA. She is also a first year graduate student at Georgetown University’s Communication, Culture and Technology program where she focuses on intersections in education, video games and gender.