Feds Spend on Cloud-Based Cyber Solutions in Fiscal Year 2018

Shoring up the cybersecurity of federal agencies has been a leading goal of successive presidential administrations. The current administration made this explicit in March 2018 with the release of the latest President’s Management Agenda, which called for agencies to increase their investment in commercial cloud infrastructure to improve the security of their applications and data. “This ongoing and agile effort,” stated the March 2018 PMA, “will ensure that [security] policy stays current and relevant given changes in technology and the threat landscape.”

By that time, agencies were already increasing the use of cloud-based cyber capabilities, but in fiscal year 2018, thanks to pressure from the White House and Congress, as well as a  growing number of available solutions, agency spending on cloud-based cyber approached the $200M mark. This is the highest number seen yet here at GovWin, indicating that the trend toward agency leveraging of cloud-based cyber will continue strengthening for years to come.

The chart below shows just how steadily agency spending on cloud-based cyber grew in fiscal 2018.

From a modest total of $29M in FY 2016, agency spending rose to $124M in FY 2017 and, most recently, to $190M in FY 2018. In percentage terms this amounts to growth of 555% over the last three fiscal years.

When it comes to spending by agency, the ten agencies with the highest cloud-cyber totals are as follows:

Nearly all of DISA’s total spending occurred in FY 2017, so FY 2018 proved less robust. The story at DHS, however, is the opposite, with the National Protection and Programs Directorate (NPPD) spending $32M and U.S. Customs and Border Protection (CBP) spending $26M. Altogether, $27M of VA’s total also occurred in FY 2018, and $13M of the total at HHS happened at the Centers for Medicare and Medicaid Services (CMS) in FY 2018. Other agencies like Justice, State($11M), and Education ($10M) also saw the highest spending totals in FY 2018 as opposed to earlier years. At DOJ, the Drug Enforcement Agency (DEA) spent $14M of the department’s total.

Of the solutions agencies spent the most on the top three were Forcepoint ($33M), which offers security-oriented behavioral analytics, Entrust ($20M) for mobile device security, and Okta ($15M) a single sign-on and identity access management capability. Spending on all three of these solutions rose strongly in FY 2018, despite the fact that neither Forcepoint nor Entrust are FedRAMP certified. Okta has received FedRAMP certification, as have 24 of the other solutions in GovWin’s Cloud Database. By contrast, 45 other listed solutions being used have not received FedRAMP certification, nor do they seem to be in the process of doing so. This suggests there is still room in the market for vendors offering solutions that the FedRAMP program has not vetted.