Cloud computing is the buzzword today for every business and agency. It brings in cost savings and innovation offering services via the internet. While the private sector was quick in adapting to the cloud hosting, the government organizations delayed. Till recent times, the directive regarding the US data storage had been to keep the information on-premise under lock and key, away from the risks of intrusions and prying eyes.

Cloud First initiative:

Cloud redefines agility. It was a few years ago, 2011 to be precise, that the “Cloud First Initiative” was called for but it has taken quite some time before the agencies realized the necessity for the transformation.

The delay in adapting the cloud has put severe financial pressure on the agencies. They now seek the best solutions to streamline the inefficient legacy systems which had resulted in duplication and delays at every corner. People were getting disillusioned and losing faith in the federal agencies ability to serve them faster.

It is a different situation now and the government agencies are moving to the cloud environment shedding away from the in-house data centers. All the three models of the cloud-public, private, and hybrid promise of reliable and efficient solutions to the users. However, it calls for a clear understanding and evaluation of the security aspects to select the appropriate cloud model and the right service provider.

The three model options

The public cloud is a model that totally relies on the efficiency of the provider in providing technical support and maintenance. Agencies were skeptical because of the sheer volume of people that share the cloud infrastructure. The federal agencies deployed the private cloud and found solace and security. Hybrid cloud is a blend of the two where an agency can deploy some services on the public cloud and some in the private cloud. Amazon AWS, Microsoft Azure, and Google Cloud are the three major players in the cloud. They have established a separate environment in the cloud specifically for the government works.

Federal agencies are not dependent on cloud computing services like how the private sector is while applying the cloud for hosting applications for commercial gains.

The first interesting use of the public cloud was in 2013 when CIA had chosen Amazon AWS to build a secure cloud environment for them   to use the elastic resources, network, storage, and on-demand availability of instances. This brought in reliability, security and a huge cost-savings for the organization.

Cloud brings in more proficiency in generating the big data analytics, machine learning and natural language processing which is beyond the capacity of human beings to handle.

The Cloud First policy finally picked up the pace in the past couple of years. Almost all the agencies are openly deliberating about leveraging the cloud and modernizing their IT. They must take strict security and compliance to make sure there is no risk or compromise on national security from internal or external forces. Some of the mandates they must strictly follow include:

FedRAMP

The objective of FedRAMP (Federal Risk and Management Program) is to regulate the security services and streamline assessments to make sure the cloud service providers chosen by the government agencies is inspected only once. This will avoid duplication and save time as well as resources. Agencies looking for service providers must choose only the FedRAMP approved cloud providers.  The agencies can then go ahead and move even sensitive data from their in-house data centers to the cloud architecture.

FISMA

The Federal Information Security Management Act (FISMA) offers a set of rules that the government agencies must adhere to and abide by the standards and security procedures defined by the National Institute of Standards and Technology (NIST).

FIPS

Federal Information Processing Standards (FIPS) is a law approved by the Secretary of Commerce. It is mandatory for the security agencies to abide by it.

Security considerations

While the FedRAMP will ensure the credentials of the service providers, the government agencies must assess the different cloud models and choose an appropriate one for their data and documents keeping security and cost in perspective. Most agencies have been using the private cloud for the sensitive data and are making use of the public cloud once they have gained confidence in the service provider’s security capabilities. Agencies are shifting workloads in between the clouds or adopting the hybrid cloud for efficiency.

Why the shift from legacy to the cloud?

 

IT consolidation

Government agencies are moving away in a big way from in-house server rooms and data centers to reduce the cost of ownership implementing the virtualization and cloud technologies. Moving to the cloud also eliminates the huge expenditure it incurs to build a data center of their own. There is a considerable reduction in the hardware procurement requirements. Because of the multi-tenant environment, there is a significant reduction in the power consumption.

Shared services

Several government agencies are contemplating the shared environment for their IT and gain efficiency. The cloud hosting providers are responsible for hardware and software monitoring, updates, security, intrusion detection and prevention etc. This is a cost-saving feature and allows them to manage without hiring highly competent technical experts. Cloud also ensures agility, smooth elasticity and on-demand availability of resources.

Citizen services

Government agencies are mainly towards providing services to citizens. Cloud can ensure easy access to the information and data that the agencies wish to share with public. People can have a look at their consumption levels so far as utility services are concerned. They can deliberate where they could save by proper utilization of the services. They can access their medical reports and other documents from any region since the cloud gives access so long as an internet is available. Citizens can monitor their applications from their personal computers for any services.

The hybrid cloud is likely to be the most popular model among the agencies and the agencies will adopt a multi-cloud plan to ensure better efficiency and flexibility