The Office of Management and Budget today released a draft of its new Cloud Smart strategy, marking the first update to White House guidance on Federal agency cloud adoption since 2011.
With the new draft strategy the administration has broadly highlighted three areas–security, procurement, and workforce–as the foundational areas of the strategy and where it feels that updated guidance is most necessary.
The Federal government’s first cloud strategy, titled Cloud First, was released in November 2010, and shortly was followed by a more robust Federal Cloud Computing Strategy, released by then-Federal CIO Vivek Kundra in February 2011.
Since then, the administration hasn’t offered new formal advice to agencies seeking to move to the cloud. Today, the White House noted the gaps in its initial guidance several years ago.
“This policy was created at a time when cloud technology was still relatively new, and provided agencies broad authority to adopt cloud-based solutions,” the new Cloud Smart strategy says. “However, absent an implementation plan or strategy, agencies were slow to adapt. While Cloud First successfully highlighted the importance of IT modernization efforts, its shortcomings needed to be addressed.”
To do that, OMB says that Cloud Smart provides an “integrated, interdisciplinary approach, rather than a one-size-fits-all approach to IT modernization.” It seeks to combine the three disciplines of security, procurement, and workforce “into a cohesive strategy,” saying the three areas were “isolated” previously.
Regarding security, OMB highlights the Trusted Internet Connections Initiative (TIC), “continuous data protection and awareness” through identity management and encryption, and the Federal Risk and Authorization Management Program (FedRAMP) as primary facilitators of proper cyber hygiene in the cloud.
Under procurement, Cloud Smart advocates the use of category management approaches to reduce cost inefficiencies, and a “two-track approach” to service level agreements–which “focus on the goal of avoiding inconsistencies between commercial regulation and Federal law” and also clarify accountability over the management of risk–to “increase standardization across Government usage of cloud and mitigate the risks associated with siloed efforts at executive agencies.”
The workforce section of the strategy highlights the identification of skill gaps, reskilling of current Federal employees, and additional recruiting and hiring “leveraging industry recruitment best practices, expanding the use of pay flexibilities, and removing bureaucratic barriers to hiring staff expeditiously.”
In its current state, the draft Cloud Smart strategy appears to primarily offer statements of best practice rather than step-by-step guidance or the proposed “implementation plan” for agency migrations. However, the strategy does include a list of CIO Council Actions–22 targeted goals with articulated deadlines, which the CIO Council, OMB, the General Services Administration, and other agency partners will seek to complete “to accelerate the adoption of cloud technologies.”
“The Chief Information Council and Chief Financial Officer Council will work with the Office of Management and Budget, the General Services Administration, the Department of Homeland Security, and other Federal agencies to develop a work plan of actions and targeted policy updates delivered over the next eighteen months to move the Cloud Smart agenda ahead,” the strategy says.
The administration is also seeking further input on Cloud Smart, instructing interested parties to offer suggestions on either Github or via email to the Office of the Federal CIO. The public comment period ends Oct. 24.