of integrating robotic process automation into the authorization process for cloud services.
Another key federal effort is the “cloud smart” strategy the Trump administration released last year, a sequel to the Obama administration’s “cloud first” strategy
of 2011. Among other things, the new strategy calls on the Department of Homeland Security to evolve its Continuous Diagnostics and Mitigation Program — which helps agencies identify, thwart and respond to cyberthreats — “in order to equip agencies with the monitoring tools and capabilities they need to understand their cyber risk in the cloud.”
Additionally, the cloud smart strategy seeks to offer stronger protections than previous directives, including the Trusted Internet Connections (TIC) initiative launched in 2007.
As the new strategy states: “In the current landscape, requiring all agency network traffic to flow through a limited number of Trusted Internet Connections is no longer feasible as a one-size-fits-all strategy. This design choice has hampered agencies’ ability to acquire new technologies including commercial cloud solutions, which use a distributed network model and use virtual, rather than physical, controls of data.”
Guy Cavallo, deputy CIO at the Small Business Administration, agrees with that assessment. After a 90-day pilot test that pitted TIC against a commercial cloud that had been authorized under FedRAMP,
he and his team found that the cloud product’s security features equaled or even exceeded what TIC provides. “I sleep a lot better at night now that I have these cloud security tools protecting me than I did when I depended on my standard, regular government security operations center and the traditional TIC,” Cavallo said.
A third federal initiative that supports cloud security is the Modernizing Government Technology Act. It calls on agencies to establish IT working capital funds “to improve, retire or replace existing information technology systems to enhance cybersecurity of existing systems and to improve efficiency and effectiveness of the life of a given workload.”
The act also established the Technology Modernization Fund (TMF) to support specific agency projects, noting that “a successful project will ensure that security is designed into execution from the outset and complements service delivery and mission objectives.”
Of the first six TMF awards, three projects focused on cloud migrations and totaled $40 million.
Modernization and security:
Not mutually exclusive
As cloud technology becomes more secure, adoption will continue to grow. For instance, earlier this year, the Air Force Network Integration Center moved 555,000 email accounts to the cloud, completing the
first phase of its $1 billion Cloud Hosted Enterprise Services program. As part of
that effort, Hanscom Air Force Base’s Command, Control, Communications, Intelligence and Networks Program Executive Office built three physical security stacks to verify users’ identities so they can access cloud-based resources such as email and other collaboration tools.
Those stacks will also be migrated to the cloud. “The initiative, called Zero-Stack, will increase security for users by giving authentication processes access to more robust cloud architecture that scales on demand,” according to an Air Force press release.
Almost a decade after cloud became a priority for government, the technology remains one of the public sector’s biggest challenges. Its adoption is a cornerstone of IT modernization and the building block for future innovation, yet concerns about security persist. Fortunately, modernization and security are not mutually exclusive
and can in fact work together to move the government forward.
At an event last year, U.S. CIO Suzette Kent said: “The way that we become more secure, the way that we protect our infrastructure, is to have more of an infrastructure and to not be looking at things that were designed so many years ago that the concepts — some of the basic concepts of blocking and tackling — [weren’t] even envisioned.”
1/3
 
156

in FedRAMP
200+

in FedRAMP
Amount of the federal IT budget

21%
 
4.5%
  
95.5%
Amount of federal data in the
 
22%
SPONSORED CONTENT S-11
Sources: FedRAMP, Gartner, Skyhigh Networks