July 12, 2012, 11:59 AM — It's no secret that agencies core to the U.S. government has as a central plan - known as Cloud First -- to move
most operations toward a cloud computing service. In the process of course is a never-ending evaluation by other
agencies to talk about how those cloud implementations are doing.
The Office of Management and Budget (OMB) issued the Cloud First policy in December 2010 which requires federal
agencies to implement cloud services whenever a secure, reliable and cost-effective cloud option exists; and to
have migrated three technology services to the cloud by June.
This week the Government Accountability Office issued a report on the overall progress of that plan and in the process found
seven common challenges that the GAO said may end up impeding their ability to realize the expected benefits of
From the GAO report, those seven common challenges include:
" Meeting federal security requirements: Cloud vendors may not be familiar with security requirements that are
unique to government agencies, such as continuous monitoring and maintaining an inventory of systems. For example,
State Department officials described their ability to monitor their systems in real time, which they said cloud
service providers were unable to match. U.S. Treasury officials also explained that the Federal Information
Security Management Act's requirement of maintaining a physical inventory is challenging in a cloud environment
because the agency does not have insight into the provider's infrastructure and assets.
" Obtaining guidance: Existing federal guidance for using cloud services may be insufficient or incomplete.
Agencies cited a number of areas where additional guidance is needed such as purchasing commodity IT and assessing
Federal Information Security Management Act security levels.