2014 forges a new, more comfortable relationship with cloud for government


Written by


It’s almost impossible to talk about a federal agency’s mission over the course of the past year without the conversation quickly turning to its use of cloud computing. With the federal government moving past the introductory stages of cloud, it spent 2014 refining how cloud is used within the government and how agencies can acquire it quicker and cheaper than ever.

There is no better example of how much the government has become comfortable with the cloud than the CIA’s
$600 million deal with Amazon Web Services, which went live this summer. The cloud will serve all 17 agencies that make up the U.S. intelligence community, offering all the perks of commercial cloud behind the CIA’s fence line. The CIA seems to have liked the offering so much that it announced a classified marketplace will be integrated into the system.

In other corners of the military, the Defense Information Systems Agency also reconfigured its cloud strategy, with DISA CIO David Bennett telling people
at an August industry day he plans to “not rule out anything” with how the military adopts new instances of the cloud.

On the civilian side, the Federal Risk and Authorization Management Program (FedRAMP) spent the year refining its processes, providing cloud computing companies an easier track for government certification. Earlier this year, then-FedRAMP Director
Maria Roat called the “Revision 4″ security bench line a huge lift and talked about moving toward a continuous monitoring security model.

In October, the program debuted
FedRAMP Ready, which was touted as a way for CSPs to gain federal authorization faster than ever before. “Agencies can use this documentation to initiate an assessment and authorize these systems in a faster time than starting from scratch,” Acting Director Matt Goodrich said in October.

This process is part of a two-year plan Goodrich outlined in October, which focuses on three core efforts: increasing cloud adoption and compliance, improving efficiencies in the approval system and continuing to adapt to changing technology. The first part of that effort seems to be a sore spot for FedRAMP; Goodrich said
during a meeting with the National Institute of Standards and Technologies’ Information Security and Privacy Advisory Board that only 25 to 40 percent of those cloud service providers are FedRAMP compliant.

If FedRAMP looks to 2015 as the year where it can raise those compliance numbers, it’s going to need some help. At the NIST meeting, Goodrich said his program management office’s workload is “50 percent over capacity,” currently working with 10 to 12 cloud service providers so they can earn authority to operate.

Top Story of 2014

Amazon building classified marketplace for CIA cloud

By Greg Otto · Wednesday, Nov. 12, 2014 · 3:29 p.m.

Read more of our 2014 wrap-up coverage:

2014 Year-in-Review: Big names and big stories

Federal IT acquisition 2014: A year of reform

Congress 2014: The year of unfinished business

Cybersecurity 2014: The battle for mindshare

Defense 2014: The year of strategies and women

FAA 2014: From UAS integration to NextGen

The FCC’s 2014 in the spotlight may be just the beginning

Health IT 2014: The push toward interoperable data

Patent and Trademark 2014: The downfall of a teleworking leader

Veterans Affairs 2014: The Year of Being Held Accountable

Federal workforce 2014: Hiring millennials and closing the STEM skills gap

White House 2014: Departures, digital service and Google

-In this Story-

Cloud, FedRAMP, Tech