The General Services Administration launched the Federal Risk and Authorization Management Program (FedRAMP) last November to "provide a standard approach to assessing and authorizing cloud computing services and products" and to establish security standards for federal cloud computing. But MeriTalk's "Federal Cloud Weather Report" cites the following challenges:
64% of 167 federal government IT leaders surveyed said they understand FedRAMP but aren't optimistic that it will help.
56% said it will neither facilitate nor accelerate federal cloud adoption.
67% said it won't make federal cloud computing more secure.
Public, Private or Hybrid
Analysts say that government agencies, like their private-sector counterparts, are trying all of the cloud options to see which models work best in certain situations.
Government entities that are implementing cloud computing are primarily doing so in one of three ways, according to Marie Francesca, director of engineering operations, and Geoff Raines, senior principal software systems engineer, at The Mitre Corp., a government contractor based in Arlington, Va.
One is to use commercial services such as those offered by Amazon and Google. Examples include the migrations of Treasury.gov and Recovery.gov to Amazon's cloud service.
The second is to share services within the government, where one agency acts as a service provider for others. Examples of this are DISA's RACE system and NASA's Nebula.
The third option is to build a private cloud for an organization's exclusive use.
Francesca and Raines point out that government CIOs have such diverse systems that they can legitimately use any of those approaches, depending on the needs of the applications and data slated for migration to the cloud.
The General Services Administration and the National Institute of Standards and Technology (NIST) are helping federal agencies with their cloud computing moves, according to Francesca and Raines.
The GSA is setting up contract vehicles and schedules that will allow agencies to purchase commercial cloud services in a quicker and more uniform way, they explain. The website Apps.gov will provide a central point for information on this initiative. They say the GSA had already been providing federal agencies with a uniform mechanism for handling other types of contractors.
Meanwhile, NIST is defining cloud concepts, identifying standards and organizing security research.
Despite such guidance, the reality is that many federal entities aren't yet moving to the cloud.
According to MeriTalk's report, 79% of federal CIOs said their agencies aren't adopting the cloud-first policy, and only 64% are planning to embrace that approach in the next two years.