The federal government’s road to cloud computing has never been easy, but as more agencies seek to make the shift, new challenges and opportunities are following.
Federal cloud adoption officials talked Thursday at the Digital Transformation Summit presented by Dell Technologies and produced by FedScoop about the early wins and what lies ahead for agencies in the next step of the cloud age.
How will the cybersecurity executive order affect cloud consumption?
Following the Trump administration’s May release of its cybersecurity order, federal agencies are taking a closer look at both the standards they need to meet as well as how they will pay for the shift.
Matt Goodrich, director of the Federal Risk and Authorization Management Program, said the order highlights the challenges agencies have already undergone, but it also provides them an easier path to adoption with its embrace of shared services.
“One of the things I really appreciate about the executive order is that it is kind of taking the pain points that we have experienced in the past eight or nine years and actually taking a direct stance to solve it more directly,” he said.
“It is also, in an indirect way, acknowledging that agencies don’t always have all of the money to do the right security,” Goodrich said. “So how to solve that by focusing on things like shared services or you can outsource some of those things to someone can do some of those things for you.”
He added that the order removes some of the previous barriers to cloud adoption and allows agencies to put more focus on their mission-critical tasks.
Can ATOs be done in a day?
Lauren Knausenberger, the Air Force’s director of cyberspace innovation, outlined the service’s plan to speed cloud adoption in a day as a way to streamline the authority to operate process.
“Cloud adoption is a bit of a slow process,” she said. “We’re moving towards this floodgate of innovation, so we need to get ahead of policy issues so that innovation doesn’t have its rapid speed right into a brick wall.”
To speed the process, the Air Force is in the preliminary phase of its ATO-in-a-day program, which gives cloud service providers an approved platform and criteria of software to apply to accelerate the authorization process.
“It’s a concept that we’ve confirmed is compliant, but we’ve not run into a lot of applications getting to go through this process because the technical paces are still fluid at this point,” she said.
Goodrich also said that there needs to be more communication about what the expectations for ATO-in-a-day are, elaborating that some applications require a heavier lift than others.
FedRAMP’s next year will be all about the data
Goodrich said with the continued growth of FedRAMP-approved providers, the office is taking a deeper look at acquisition and vendor data to get a sense of the services agencies will need in the future and which providers can deliver those.
“A lot of it depends upon the modernization efforts that the government is doing,” he said. Agencies have already picked off a lot of the “low-hanging fruit,” like email and websites. “But now it comes to those much larger transformation initiatives and what do they need to support that.”
“Is that going to be all of the different [software-as-a-service] providers out there? Maybe not. Maybe it’s actually truly getting the energy and effort to transform those legacy systems into a cloud environment,” Goodrich said.