Rep. Will Hurd (R-Texas) on Tuesday urged Federal agencies to stop wasting money on legacy computer systems and move more quickly with cloud computing initiatives.
“Legacy systems are expensive to operate and often make sensitive information vulnerable to cyber attacks,” Hurd said at the House Oversight Committee’s subcommittee on Information Technology field hearing at the University of Texas at San Antonio.
The Labor Department has a 30-year old legacy system designed by people “who are now all dead,” the congressman said.
“We deserve a Federal government that harnesses innovative solutions such as the cloud to modernize record keeping, improve critical government functions, maximize security, and be wise stewards of our tax dollars,” Hurd said.
Mark Kneidinger, director of Federal network resilience at the Department of Homeland Security’s Office of Cybersecurity and Communications, said agencies have made little progress in efforts to move data or applications to the cloud. Agencies typically rely on the cloud for email and web hosting, he said.
“In 2015, many agencies are using cloud computing in a similar manner as in 2010, with a particular focus on commodity IT rather than mission IT,” Kneidinger said. “This is due in large part to the complexity of obtaining necessary visibility into the appropriate security of agency mission assets.”
In February 2015, DHS found that agencies had started 32 Infrastructure-as-a-Service (IaaS) programs, 24 Platform-as-a-Service (PaaS) initiatives, and 77 Software-as-a-Service (SaaS) programs, Kneidinger said. Of those instances, the majority of services were for email, customer relationship management, sharepoint, case management applications, collaboration tools, web hosting, and help desk capabilities, he said.
The Federal Risk and Authorization Management Program (FedRAMP) has helped speed Federal cloud adoption, said Mark Ryland, director of solutions architecture and chief architect at Amazon Web Services, but that program would benefit from changes.
Ryland said the Joint Authorization Board (JAB) process could be improved to enable more timely authorizations and reduce duplication of assessment effort between FedRAMP’s Program Management Office (PMO) and the third party assessment organizations (3PAO) to keep up with the rapid pace of changes in cloud technology, while re-emphasizing the role of Federal agencies to conduct security assessments of cloud service providers (CSPs).
Ryland also said agencies should be given more flexibility to either use existing working capital funds, or to establish new ones, for the adoption of cutting-edge technologies such as cloud computing services.
“The old way of doing IT worked well under a capital expenditure model, but the new way of offering IT does not. If Federal agencies are going to have more options for paying for only the services consumed as outlined in the president’s fiscal 2015 budget request, then agencies will increasingly need to be able to acquire these services under operating expenses,” he said. “In today’s budget climate, and following major security breaches of Federal government systems in 2015, now is the time to aggressively expand cloud computing adoption.”