Agencies Invest in Cloud-Based Cybersecurity

Agencies under continuous assault from hackers have been pressured for several years now to modernize their cybersecurity posture. The President’s Management Agenda in 2017 even mentioned explicitly how agencies should leverage commercial cyber solutions, especially cloud-based Security Operations Centers-as-a-Service, to better protect their data. The federal government’s turn toward cloud-based solutions to improve cybersecurity represents a marked change from a few years ago when agencies cited concern about the security of their data in commercial clouds as a primary reason for slow-rolling cloud adoption. Ironically, the transition toward a more affirmative view of commercial cloud has come with agency recognition of the fact that industry partners can provide better security than agencies can themselves. Just as important, though, is the proliferation of  cloud-based cybersecurity solutions available to agencies from commercial partners. The growing number and sophistication of these solutions has made it clear to agencies that data moved to commercial clouds can be protected by the latest technology.

Investment in Cloud-Based Cyber Continues Growing

Investment has followed accordingly. The chart below shows growth in agency spending on and the contracting of cloud-based cybersecurity solutions. What’s interesting about this data is that it shows growth in both spending (i.e., obligations) on cloud-based cyber and the total value of contracts (TCV) awarded for cloud-based solutions. Typically when comparing spending vs. contracting totals TCV tends to skew unevenly across the time period examined. For example, a spike in fiscal 2015 will become a trough in fiscal 2016 only to shoot up again in fiscal 2017. In this data set, however, we see nice, steady growth in both spending and TCV for all three fiscal years.

TCV grew faster than spending in percentage terms from FY 2015 to 2017, rising by 409% over the period. Spending, which rose at a slower pace of 76%, still saw excellent positive growth, indicating how agencies are adopting cloud-based cybersecurity solutions.

The types of solutions procured by agencies is shown in the chart below.

Not surprisingly, given the growing movement of data to and from commercial cloud environments, agency investment in continuous monitoring (CM) leads all solution sets. Spending and TCV on CM extends beyond the continuous monitoring service offered by DHS, including solutions offered by Amazon Web Services, Cisco, ThousandEyes, and ThreatConnect. Agencies are also investing in engineering support to implement new cloud-based solutions, although the TCV for this work has yet to show up as spending. Identity and Access Management spending proved to be the second highest as agencies attempt to lock-down who is on their networks and what data those individuals have access to. Lastly, spending on Cloud Access Points is growing. Again, this is understandable given the need to provide secure transport between commercial clouds and agency data centers.

Summing up then the cloud-based cybersecurity market is a small, but vital part of the overall federal cloud market. Rising pressure from the Office of Management and Budget, as well as Congress, and not to mention hackers, should continue to power growth in this area, especially for Software-as-a-Service capabilities that are FedRAMP certified.

The data and analysis for this post came from Deltek’s recently published Federal Priorities Spotlight: Cloud Computing report. It is only a sample of the deep data-based insight into the federal cloud market that the report makes available.