Is Legislation Necessary to Move Agencies to the Cloud?

We’ve all read the acronyms. There’s FITARA, MOVE IT, MGT, and the ITMF, not to mention the fiscal 2017 NDAA and the Office of Management and Budget’s revised Circular A-130. Each of these policies and legislative initiatives contains some form of language pressuring federal agencies to adopt commercial cloud solutions. Everyone is in the game pleading, begging, and pushing to speed up a government-wide transition to the cloud. So much pressure is building, in fact, that it makes one wonder why moving to the cloud is so darned important all of a sudden.

In general, a lot of the impetus for pushing agency cloud adoption appears to be the overall impression that agencies will save money. Agency savings are expected to translate into reduced costs that will further translate into Congress’ ability to shrink agency budgets. Maybe that’s the point. Congress can’t do its job properly, so instead it pressures agencies to adopt technology solutions they may not be prepared for in an effort to cut their IT budgets by incremental amounts.

Does Cloud Save Money?

This brings us to the first of the two assumptions that underlie the push to the cloud – that it saves money. Does existing evidence show that agencies will realize a massive reduction in costs by moving to the cloud?

Consider the following data based on Deltek’s recent study of federal IT procurement trends from fiscal years 2013 through 2015:

• The average value of task orders awarded on twenty of the largest federal multiple award contract vehicles was $2.5 million.
• The average awarded value of task order contracts over this same period was $250 thousand. Task order competitions make up just over 40% of IT contract spending annually, so knowing the average value is critical for understanding the market.

Meanwhile …

• The average value of cloud contracts awarded over this same period was just over $6 million.

Admittedly, this data only compares awarded contract values, not the spending on those contracts. Different types of work can also skew the results, so that must be taken into account too.

Nevertheless, based purely on evaluating non-cloud IT contracts vs. cloud IT contracts the value of those awarded for cloud efforts is almost three times higher than those awarded for other types of IT work.

Is Cloud More Secure?

Claims that commercial systems are more secure than government systems are frequently suggested as another reason why federal agencies should make greater use of the cloud. Legislators and others cite the breach of the Office of Management and Budget's personnel background check system as one example of how government systems are vulnerable. To my knowledge, no objective evidence exists to validate this claim. Vendors certainly spend more than government agencies do to engineer their systems with the latest security technology, but these efforts certainly didn’t keep Colin Powell’s private email safe.

The Powell hack has received a great deal of attention because of the information that was revealed. No attention has been focused on the fact that Powell’s account was with Google. It was his cloud-based Gmail account that was hacked. Let that sink in for a moment. Gmail is one of the solutions federal agencies have been the most aggressive in adopting and it is FedRAMP approved too.

Conclusion

The point here isn’t to pick on Google or any other commercial cloud provider. No solution is perfect and federal IT systems definitely need to become more agile and efficient through modernization. The point is that no matter what Congresses’ “sense” of the situation is there is no magic bullet. Policy is being made based on a series of beliefs that may not be true and as a result agencies are being forced into uncomfortable territory.