A report from the International Data Corporation is shedding light on just how important cloud services are to modern governmental functions. The study's researchers expected the federal cloud budget to increase from $6.65 billion in 2014 to $11.46 billion by 2019, according to TechNewsWorld contributor John K. Higgins. A second study by Deltek confirmed this upward trend, although this report's final number differed from IDC's due to a disagreement over IT taxonomy.
Regardless, it's clear that the government will be relying even more heavily on cloud services in the years to come. That said, federal agencies will need to keep a close eye on cloud security if they want to take full advantage of this technology.
Cloud security concerns
As it is with most changes to federal IT management, the cloud's main concern to early adopters was security. This is actually still a major point of interest across multiple industries, as transparency market research compiled a report that expected the cloud security market to hit $11.8 billion in 2022. What's more, the global cyber security market 2015-2025 study conducted by Strategic Defence Intelligence found that 15 percent of the entire world's security spending will have to do with the cloud.
While every sector's security needs are obviously important, federal information is simply on another level. Government data is entirely too sensitive to allow it to fall into the hands of cybercriminals, and as such, the federal risk and authorization management program was created to ensure that cloud vendors were making their services secure enough.
Although FedRAMP does great work in terms of certifying if a specific cloud is safe enough for federal use, its methods aren't exactly quick. In fact, only 26 percent of government projects in the cloud complied with FedRAMP standards in 2014. It's not that agencies don't mind throwing caution to the wind in terms of their data security. Rather, waiting for FedRAMP to complete an assessment and certify a specific cloud project simply isn't a viable option. These programs get bogged down by bureaucracy enough as it is, setting up another layer of certification seems to only slow down the process even more.
What's to be done?
While waiting for FedRAMP to certify every single cloud project isn't a possibility for certain departments, security within the cloud still needs to be a top priority. Cybercriminals can do enough damage with data from private institutions, and allowing these individuals access to public documents cannot be allowed.
One option hinted at in Higgins's TechNewsWorld article is allowing departments to decide which projects they should perform in-house and which ones they should outsource to private organizations. Alex Rossino, Deltek's senior principal analyst, was quoted in the article that agencies can't be expected to let an outside company completely handle their data.
"Even the subject of ownership needs to be unpacked too. Take the social security administration, which built its own internal cloud. USDA has done the same," said Rossino. "Other agencies like the Department of Transportation are taking a different approach. DOT is moving to vendor-provided clouds to as far an extent as possible, but this doesn't mean the DOT won't continue to own its own enterprise IT assets,"
As it stands, it seems that each agency is going to need to assess its security needs as the government's transition into the cloud moves forward. Contracting a cloud vendor may work for certain departments, but many will have to keep data in-house to mitigate the risk of a data breach. Spending for federal cloud projects may be increasing, but that doesn't mean the entire government should jump into the cloud head first.