The White House wants to clear the way for Federal agencies to adopt commercial cloud computing, even if that means tweaking acquisition rules to help them get there.
The final Federal IT Modernization plan released Dec. 13 by the White House American Technology Council (ACT), like the draft version released at the end of August, emphasizes security technology upgrades, and focuses on hastening the move to cloud computing models. One difference between the two versions is an acknowledgement of how procurement regulations have hindered widespread cloud adoption and a suggestion that those regulations may need to be altered.
“Current challenges associated with use of commercial acquisition practices limit the Federal Government’s ability to achieve the modernization goals,” the report states. “There are statutory and regulatory requirements that prevent the use of accepted commercial best acquisition practices.”
The report, without going into much detail, says that changing those acquisition requirements could “achieve efficiencies while maintaining the core tenet of fairness.”
The final report from ACT, prepared by representatives of the General Services Administration, Office of Management and Budget, as well as the departments of Homeland Security and Commerce, is largely the same as the draft that was released for comment Aug. 30. The plan calls for modernizing Federal IT, adopting a more efficient, cost-effective, and secure infrastructure, setting a set of deadlines to be reached over the next year. Among the steps, the report orders are modernizing high-risk High Value Assets (HVAs), Trusted Internet Connections (TIC), and the National Cybersecurity Protection System (NCPS), the latter two specifically to enable cloud migration. The report recommends updating policies and architectures “to enable agencies to focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.”
Whether addressing security, modernization, network architectures, or cost-effectiveness, the common theme of the report is shared services–that is, cloud computing–and accelerating adoption. The report calls for supporting faster migration of cloud email and collaboration services, using the government’s buying power to help swing deals, and identifying the next agencies to come on board. It also calls for using shared services to combining capabilities, while eliminating agency-specific technologies.
ACT takes a similar approach to network infrastructure, recommending that the government, “Consolidate and standardize network and security service acquisition to take full advantage of economies of scale, while minimizing duplicative investments in existing security capabilities.”
The report also said the government should focus on a small handful of cloud providers as part of its modernization efforts. “Cloud is not a one-size-fits-all solution, and offers a multitude of options for agencies based on their needs and preferences,” the report said. “While it is important to ensure flexibility across the Federal Government, there are a few models that can cover most Federal use cases. As such, the Government should invest in two to three cloud models to support the differing security and risk-tolerance postures of agencies.”
Cloud adoption has recently become a focus of government leadership. Deputy Secretary of Defense Patrick Shanahan in September issued a memo urging the acceleration of cloud adoption throughout the Department of Defense, and a “a culture of experimentation, adaptation, and risk-taking.”