Dealing with the regulatory fears that bedevil cloud adoption
- By Mark Rockwell
Nobody said cloud was easy -- especially in government. Federal IT managers who want to leverage the cloud's cost and operational efficiencies can succeed, despite the regulatory complications of federal IT. But first, they should take a deep breath and make detailed plans before moving ahead, cloud experts said.
Federal CIOs and IT managers working to implement cloud services face “the four horsemen of federal IT -- the FAR, FISMA, OMB and FITARA,” according to Chad Sheridan, the CIO at the Department of Agriculture’s Risk Management Agency.
Those four things -- the Federal Acquisition Regulation, the Federal Information Security Management Act, the Office of Management and Budget and the Federal Information Technology Acquisition Reform Act -- aren’t going away, he said in remarks at ATARC’s Feb. 16 Federal Cloud and Data Center Summit.
“The FAR isn’t going to change,” he said. “FISMA basically says ‘cloud bad.’” The Office of Management and Budget scrutinizes how agencies spend their money, and FITARA sets up a “one CIO to rule them all” scenario that demands accountability, he said.
All of those rules create complications in moving to cloud, Sheridan said. “The natural state of government is command and control,” he explained. Rules and regulations are part of the way the federal government works. CIOs and IT managers can’t change that.
Federal IT managers who face their fear of those four horsemen, Sheridan said, will find them overblown. “We can spend all day complaining why we can’t get cloud,” or, he said, we can find ways to work with those permanent complications.
Implementing cloud, he said, is based “on a belief that your mission matters. Patient action is required,” he said.
The mission is certainly key, Immigration and Customs Enforcement CTO David Larrimore said, and IT has become like electricity to those delivering on the agency’s mission. “People don’t care about cloud. It’s a utility,” he said. “People want to ensure they have enough electricity to do their job. It ties back to mission.”
Larrimore, who has been at ICE for five months, said his agency has taken an incremental approach to implementing cloud, identifying cloud vendors who can centralize and keep track of agency use of the services. ICE is also assessing which operations -- such as email, customer relationship management and HR systems -- might be most amenable to a cloud environment.
Assessing what networks and data centers an agency has and then coming up with a plan is an essential first step in getting past trepidations in implementing cloud, according to Maria Roat, CIO at the Small Business Administration.
Roat took on the SBA CIO job only four months ago but said she has been collecting details on the agency’s data centers and telecommunications networks with an eye to “getting out of the data center business” in favor of cloud services.
Roat said she wants to have a well-delineated roadmap on cloud and data center consolidation by the time she convenes a meeting with her IT teams in early March.
Consolidating, or shutting down data centers, knowing what you own and where it is, she said, also are integral milestones on the road to cloud.
Mark Rockwell is a staff writer at FCW.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at email@example.com or follow him on Twitter at @MRockwell4.