Federal agencies reach new threshold of cloud adoption

Five years after the White House Office of Management and Budget shifted policy gears —from “Cloud First” to “Cloud Smart” — federal agencies have reached a new threshold in cloud adoption, with two-thirds of federal IT leaders in a new survey saying their agency is now using, or starting to use, the cloud for “mission critical applications.”

The increased willingness to host mission critical applications, not just business or research data, in the cloud reflects the growing trust agency IT executives say they have in the security of federally approved cloud services.

Among federal agency IT leaders polled in the survey, more executives (27%) believe they can “maintain the greatest security control over their strategic data” in a federally approved, FedRAMP-authorized cloud service than in their own on-premises data center (23%). FedRAMP is a program managed by the U.S. General Services Administration that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

The findings — released this week in a new FedScoop report, “Federal Perceptions of Cloud Security” — suggest that long-standing concerns about protecting data in the cloud are giving way to a broadening belief that data can be managed more securely in the cloud than in traditional agency-built or managed data centers.

Roughly half of all respondents in the study now say they trust government-approved cloud service providers to securely “store, process and analyze data” for a significant range of use cases, including for research (51%), business and financial operations (47%), and employee/human resource information (47%).  More than 4 in 10 respondents similarly trust federally approved cloud services to handle mission critical operating data.

Significantly, more than one-third (36%) of federal IT executives say they now trust their classified and sensitive data in government-authorized clouds (albeit in more exclusive cloud services that have demonstrated a higher standard of security controls).

The study is based on a survey of 186 prequalified C-suite, program and IT officials working at or for federal agencies and explores their perceptions about cloud security. The survey was conducted online by Scoop News Group in February for FedScoop and underwritten by Amazon Web Services.

The report looks at what’s driving federal cloud investments; who federal officials trust most to handle their cloud data; the challenges they face trying to leverage the cloud; and what would help them adopt cloud services more readily. It also compares the responses of executives working at agencies considered “early adopters” — those using or starting to use the cloud for critical applications — versus “late adopters,” those still exploring or considering using the cloud for critical applications. Additionally, the report breaks out certain results, where meaningful, by agency size based on the number of employees.

Where agencies still need help

Security remains a complex driver of cloud investments.One area where executives remain more reluctant about trusting their data in the cloud is with personally identifiable information (PII) of citizens. Only a quarter of respondents (27%) say they currently trust citizen data in the cloud. That’s partially a function of the complexity agencies face in meeting federal regulatory and risk management requirements for PII. But it also reflects another factor: 62% of executives say that the biggest security concern that holds their agency back from taking greater advantage of cloud services is the risk of data loss or leakage.

When it comes to whom agencies trust to manage their cloud workloads, early (more experienced) cloud adopters trust their in-house staffs most, followed by specialists at cloud providers and then managed services providers. Fewer say they trust system integrators and contractors.

“That points to some continuing confidence gaps in the still-evolving ecosystem of cloud fulfillment services. But it also highlights the breadth and depth of experience that cloud service providers are now demonstrating — especially to those early cloud adopters among federal agencies,” said Wyatt Kash, senior vice president, content strategy at Scoop News Group.

Beyond security assurance, roughly equal shares of early adopters (44%) and late adopters (47%) say that “adding qualified workforce/skills” to their organization would help most to accelerate their agency’s use of cloud, followed by “achieving greater observability of system activity.”

IT officials say their agencies continue to need more help forecasting and controlling the total cost of operating in the cloud and added support to help manage IT services across hybrid and multi-cloud platforms.

To meet those needs, cloud service providers will have to continue investing in training programs — for agencies as well as for contractors and systems integrators — at a pace that matches their investments in infrastructure and applications, the study concludes.

Download the full report, “Federal Perceptions of Cloud Security.”

This article was produced by Scoop News Group for FedScoop and sponsored by AWS.