Cloud vendors’ lack of clarity causing problems for federal adoption efforts
Now that federal cloud integration is fully underway, IT leaders are focusing more of their time, effort and energy into developing the specific plans and strategies that will allow their organizations to take full advantage of this technology. The benefits of cloud solutions are obvious – all that remains to be determined is the best path going forward. Naturally, a big part of these efforts is choosing a cloud services provider. Picking the right partner will yield maximum dividends, while a subpar vendor may lead to higher costs and a lower satisfaction rate among users.
Unfortunately, many federal IT leaders are running into trouble in this area. Specifically, these decision-makers are feeling frustrated by the lack of clarity demonstrated by cloud vendors eager to provide their services to government agencies, CIO reported. These complications are slowing the cloud adoption process for many departments.
The news source explained that government agencies tend to be far more focused on cybersecurity concerns than typical organizations. This makes federal IT leaders wary of choosing an insufficiently secured cloud solution. This isn't surprising, considering the highly sensitive nature of many agencies' digital assets, as well as government bodies' general inclination for cautious progress.
However, as CIO pointed out, many cloud services providers seem unwilling or unable to recognize agencies' needs in this capacity. More specifically, these vendors are not providing agency decision-makers with the clarity they need to effectively evaluate the companies' cloud offerings.
"There is often a fundamental misunderstanding with the CSPs about what the government expects to see in terms of documentation," said Christopher Bollerer, director of security governance at the Risk Management and Compliance division of the Department of Health and Human Services, the news source reported. "We have struggled with every single CSP that we have gone through with documentation."
These struggles are not limited to the HHS. While many government agencies have made significant strides toward achieving broader cloud integration, these efforts have not progressed as far as they could have with more open engagement between agencies and cloud vendors.
Ostensibly, FedRAMP should have a significant mitigation effect in this area. FedRAMP was specifically designed to enable government agencies to adopt cloud services without worrying about those solutions' cybersecurity capabilities or performing exhaustive tests of their own. Instead, any cloud service that receives FedRAMP approval should be suitably secure for the vast majority of government groups.
And indeed, FedRAMP has had a positive effect on government cloud integration. Matthew Goodrich, the FedRAMP director at the General Services Administration, estimated the program's cost savings to be around $40 million, CIO reported.
However, as the news source pointed out, there are limitations to FedRAMP's impact. Because the approval process is so time-consuming and complex, few cloud vendors have garnered the program's endorsement. This severely limits the cloud options available to any given federal agency. For this reason, the HHS and other departments often need to go beyond FedRAMP-approved vendors, which forces them to conduct their own cybersecurity examinations. This is where vendors' lack of transparency becomes a problem.
While FedRAMP improvements are in development, many agencies feel a more urgent need to embrace cloud solutions before this revamp is completed. To take full advantage of the cloud sooner rather than later, agencies need a more independent approach.
With this in mind, federal organizations would do well to partner with third-party cloud integration specialists. These firms can help agencies to thoroughly vet potential cloud vendors and services, determining which meet the department's cybersecurity standards and which represent too great a risk. This will allow agencies to move ahead with their cloud integration plans safely, smoothly and quickly.