Shadow IT Concerns in Federal Cloud Adoption

Agencies continue to move their data to the cloud, but increasing adoption of cloud applications outside of existing security programs like FedRAMP (the Federal Risk and Authorization Management Program) and the CIO’s office brings security concerns as well, a new report notes.

The survey, conducted by the Ponemon Institute and Forcepoint with 618 participants, found that on average, only 43 percent of cloud providers within agencies are FedRAMP authorized, and 69 percent of respondents said that over half the cloud applications in their environment are not FedRAMP authorized.

In addition to FedRAMP, the study also found that agencies are bypassing the CIO’s office too often.

“Despite the Cloud First and Cloud Smart mandate that requires the CIO to be directly responsible for cloud transformation, only 19 percent of respondents say the CIO is most influential in directing the agency’s cloud strategy,” the report found. In contrast, 32 percent found departmental management to be the most influential force in the agency’s cloud strategy.

Decision makers acknowledge the importance of cloud – 63 percent say software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) are key to meeting agency IT needs, and 35 percent run mission critical applications on IaaS.

However, the study also found security concerns holding agencies back in their migrations. Respondents cited security posture as the top concern at 65 percent, followed closely by migration complexity at 61 percent and lack of visibility at 60 percent.

Agencies are also limited by workforce gaps, as 64 percent cited staffing concerns as a difficulty in managing cloud deployments.

Categories

Recent