When it comes to the cloud, many US federal agencies have their feet stuck in the mud.
Government agencies host a treasure trove of data — census information, tax records, and operational insights that could be used to solve real-world problems. Yet much of this information remains locked within legacy architectures. “Agencies realize they need to move to modern cloud architectures, but often are either locked-in to legacy vendors or lack the available services and expertise to move more quickly to the cloud,” says Joel Minton, head of technology, Google Public Sector.
Until recently, some federal agencies were actually outpacing their commercial counterparts in both cloud migration and in the sophistication of cloud operating and management functions, says Tom Greiner, senior managing director and technology lead at consulting firm Accenture Federal Services. But this is no longer the case. “The past year or two has seen commercial firms more rapidly adopt AI-based tooling, which is primarily created and driven by the cloud providers,” he states. Meanwhile, as the latest cloud-native services are introduced in the providers’ commercial markets first, the availability of useful new services to government cloud clients usually lags by a year or two, Greiner adds.
Faster cloud adoption would strengthen the security profile of currently vulnerable federal systems. “Many of today’s federal agencies are running on outdated, insecure technology that foreign governments and other nefarious actors have breached,” Minton says. “Cloud technology modernizes government systems and brings agencies the highest level of security and performance, enabling them to tap into compute, analytics, artificial intelligence, and machine learning capabilities in new ways.”
Deeply rooted bureaucracy is also hindering agency cloud adoption. “Today, many commercial offerings that would help the government perform their jobs better are blocked and replaced with feature-bare ‘government editions’,” says Marina Nitze, former CTO of the US Department of Veterans Affairs and co-author of Hack Your Bureaucracy. “This is because, among other reasons, cloud monitoring tools like DataDog, AppDynamics, and New Relic are not approved for use.” As a result, agencies and vendors must wait for the Federal Risk and Authorization Management Program (FedRAMP) to decide whether such security-essential monitoring tools should be allowed.
Not surprisingly, a recent Computer and Communications Industry Association (CCIA) survey of individuals responsible for technology purchasing decisions within US federal, state, and local governments, found that government technology and procurement practices often are more about making things easier for IT versus choosing what employees feel would be the best solution.
Facing finite funding and resources, federal agencies are forced to think strategically about cloud migration options and approaches, says Dan Tucker, senior vice president at consulting firm Booz Allen Hamilton. “In other words, do circumstances require the prioritization of getting out of a data center quickly [into the cloud] through a lift-and-shift approach, where you could be shifting your existing technical debt to a new platform, or does the opportunity exist to refactor and optimize the workloads?” he asks.
Inadequate staff training is also hampering cloud adoption. Many federal agency staff members lack skills in cloud governance, security, and privacy. “You’ll find this is especially the case in hybrid environments,” says Paola Saibene, principal consultant at IT services firm Resultant. If an agency has data that’s traveling from an on-prem environment to a hybrid or multi-cloud environment, the IT employees don’t typically receive training or mentoring on how to approach this from a holistic perspective, she notes. “They know how to care for governance in legacy on-prem, and they know how to care for governance for whatever data lake they’re using, but the holistic aspect of the entire cycle is not well-taught.”
Tucker is optimistic about how agencies and industry are working together to address cloud migration challenges. “The Cybersecurity Executive Order
released last May, the January memorandum related to Zero Trust Architecture, and the Cloud Security Technical Reference Architecture developed by the Cybersecurity and Infrastructure Security Agency, together provide the appropriate prioritization, patterns, and roadmap to drive secure cloud migration and operations,” he says. “This federal guidance, combined with an optimized FedRAMP process, repeatable application and data migration technical accelerants, and an increase in the number of trusted content security policy landing zones and services are all making cloud migration easier for federal agencies.”
Commercial and government cloud adopters have valuable lessons to share with each other, Greiner says. “Commercial firms will likely be the first to use and combine creative new native [cloud] services to drive new value, and government agencies will continue to develop the best-in-class cloud and data security postures,” he notes. “Working together, they can cross-pollinate these learnings to drive a more useful and more secure cloud experience for all.”
What to Read Next:
Special Report: How Fragile is the Cloud, Really?
Cloud Migration: 9 Ways to Ease the Agony
From Twitter’s New Management to Big Tech Lobbying Scandals