The chairman of the House Committee on Oversight and Government Reform’s IT subcommittee, along with various cloud computing company representatives, pressed federal agencies to do more to embrace the cloud during a Tuesday field hearing in San Antonio, Texas.
“We deserve a federal government that harnesses innovative solutions such as the cloud to modernize record keeping, improve critical government functions, maximize security, and be wise stewards of our tax dollars,” said Rep. Will Hurd, R-Texas.
Despite the 2010 release of the government’s “cloud first” policy, cloud adoption among federal agencies remains slow, he said.
Echoing the chairman’s comments, witnesses from Amazon Web Services, Rackspace and VMware complained that many government technology executives have balked at integrating mission IT on their services.
“Today, the U.S. government imposes outdated requirements that effectively require U.S. cloud providers — all of which are global corporations — to create separate operating entities that employ only U.S. citizens,” said John Endgates, chief technology officer of Rackspace Technologies, in his prepared testimony. “These requirements raise unnecessary barriers to entry for providers who would otherwise be glad to serve the federal market. And they needlessly raise costs for providers and the government alike.”
Mark Kneidinger, director of Federal Network Resilience for the Department of Homeland Security, said agencies remained worried about ceding the power to control their own hardware and infrastructure.
The concern “is driven by the ability to have a degree of awareness as to the level of security that’s provided at the cloud level, and the visibility the agency has to make sure they are meeting their responsibility for securing their assets,” Kneidinger said.
Endgates said cloud services often have better security than what agencies currently have in place because their technology is updated much faster than what can be done on legacy systems.
“I feel that agencies could take immediate advantage of some of the scale efficiencies of the cloud provider when it comes to security,” he said. “To be player in the cloud, you have to defend against the most sophisticated attacks on the planet on a regular basis, so you get very good at it.”
Mark Ryland — chief architect for Amazon Web Services’ worldwide public sector — agreed, adding, “Threats don’t exist when it’s updated all the time.”
DHS is working on initiatives that should put CIOs at ease when it comes to cloud security, according to Kneidinger. He said part of the next push of the White House’s Office of Management and Budget cybersecurity sprint is to examine strategies for moving legacy systems to the cloud. DHS is also working with the Federal Risk and Authorization Management Program to establish a “Triple H” (High Confidentiality, High Integrity and High Availability) baseline.
He also said that the Federal IT Acquisition Reform Act will allow CIOs to push for better spending.
“When I was a federal CIO, I only controlled 20 percent of IT spend,” he said. “With FITARA in hand, that’s going to allow the CIO to have oversight of all the IT spend and be able to take a look at how they can move some of the missions support activities into the cloud.”
There is a lot of room for growth in cloud spending. According to a 2014 GAO report, seven major agencies only spent 2 percent of their IT budget on cloud services — a 1 percent increase from 2012.