Rep. Will Hurd (R-Texas) last week urged Federal agencies to stop wasting money on legacy computer systems and move more quickly with cloud computing initiatives.
“Legacy systems are expensive to operate and often make sensitive information vulnerable to cyber attacks,” Hurd said at the House Oversight Committee’s subcommittee on Information Technology field hearing at the University of Texas at San Antonio.
The Labor Department has a 30-year old legacy system designed by people “who are now all dead,” the congressman said.
“We deserve a Federal government that harnesses innovative solutions such as the cloud to modernize record keeping, improve critical government functions, maximize security, and be wise stewards of our tax dollars,” Hurd said.
Mark Kneidinger, director, Federal Network Resilience Office of Cybersecurity and Communications at the Department of Homeland Security (DHS), did little to dispel the congressman’s cynicism over Federal cloud adoption. Agencies have made little progress in their efforts to move data or applications to the cloud, Kneidinger said, typically relying on cloud computing for email and web hosting.
“In 2015, many agencies are using cloud computing in a similar manner as in 2010, with a particular focus on commodity IT rather than mission IT,” Kneidinger said. “This is due in large part to the complexity of obtaining necessary visibility into the appropriate security of agency mission assets.”
In February 2015, DHS found that agencies had started 32 Infrastructure-as-a-Service (IaaS) programs, 24 Platform-as-a-Service (PaaS) initiatives, and 77 Software-as-a-Service (SaaS) programs, Kneidinger said. Of those instances, the majority of services were for email, customer relationship management, sharepoint, case management applications, collaboration tools, web hosting, and help desk capabilities, he said.
Hurd noted that U.S. intelligence agencies appear to have overcome concerns about cloud security, but that those same concerns are holding back other agencies.
“The intelligence agencies traditionally have the highest concern when it comes to security. If the intelligence agencies can do this, why can other…agencies not?” the congressman asked.
They can, said Mark Ryland, director, Solutions Architecture and Chief Architect, Amazon Web Services, because commercial cloud providers routinely provide secure cloud computing initiatives for a range of Federal agencies and “run very, very large-scale infrastructure in a highly secure way. That’s something every agency can take advantage of.”
The Federal Risk and Authorization Management Program (FedRAMP) has helped speed Federal cloud adoption, several participants said at MeriTalk’s Cyber Security Brainstorm last week.
Jeff Eisensmith, chief information security officer at DHS, said FedRAMP has greatly improved the ability of agencies to implement secure cloud solutions quickly.
“FedRAMP is really… the wave of the future,” Eisensmith said.
Despite FedRAMP’s accomplishments, the program would benefit from changes, Ryland said.
The Joint Authorization Board (JAB) process could be improved to enable more timely authorizations and reduce duplication of assessment efforts between FedRAMP’s Program Management Office (PMO) and the third party assessment organizations (3PAO) to keep up with rapid pace of changes in cloud technology, Ryland said at the subcommittee hearing.
Ryland also said agencies should be given more flexibility to either use existing working capital funds, or to establish new ones, for the adoption of cutting-edge technologies such as cloud computing services.
“The old way of doing IT worked well under a capital expenditure model, but the new way of offering IT does not. If Federal agencies are going to have more options for paying for only the services consumed as outlined in the president’s fiscal 2015 budget request, then agencies will increasingly need to be able to acquire these services under operating expenses,” he said. “In today’s budget climate, and following major security breaches of Federal government systems in 2015, now is the time to aggressively expand cloud computing adoption.”