Agencies Turn to the Cloud to Remedy Cyber Woes

Published: September 16, 2015

Cloud ComputingContract AwardsCybersecurityDEFENSE

Cyber security and cloud computing are often discussed independently of each other, but agency contract awards and spending on cloud-based cyber solutions show they go hand in hand.

Cyber security is big news nowadays. Hardly a day passes without another story about hacks, breaches, and general hand-wringing associated with cyber-preparedness appearing in the media. The concern about cyber security runs to the highest levels in government too, although ironically Congress berates agencies for not adequately securing their information technology environments while at the same time it cuts agency budgets. Congressional whimsy notwithstanding, agencies have begun to do more with less by turning to cloud-based and cloud-related solutions to remedy their cyber woes. The use of cloud to address cyber security is itself a “through the looking glass” moment given that most agencies have also seen their data security risks skyrocket as they’ve transitioned to the cloud, but then these are the times in which we live.

Contract Awards for Cloud-Based/Related Cyber Security Solutions

The chart below reflects data that Deltek/GovWin’s Federal Industry Analysis team compiles on the cloud computing market. In this case, the data has been parsed to show the total value of contracts awarded for cloud-based or cloud-related cyber security solutions in fiscal years 2014 and 2015 (through Q3).

This data shows that the total value of contracts related to cloud-based cyber security solutions has risen steadily each of the last five fiscal years. The lion’s share of the total in FY 2015 is a $74 million award made to Northrop Grumman in November 2014 via the Encore II contract vehicle for Community Data Center and Sensor Operations at the Defense Information Systems Agency. Under this contract, Northrop Grumman is performing work related to DISA’s Centaur operations, which is part of the Acropolis big data analytics monitoring system. Fiscal 2015 is not over, however, and there is a lag in the reported data, particularly from the Department of defense, so when all is said and done, expect the total dollar amount awarded to again be well above FY 2014.

Types of Solutions Employed

The chart below breaks down FY 2014 and 2015’s award numbers into specific areas of cyber security activity.

Since 1 October 2013, federal agencies have awarded cyber-related cloud contracts totaling $104.8 million in The continuous monitoring total is attributable to the single contract awarded to Northrop Grumman mentioned above. Meanwhile, the identity management solutions employed include Equifax’s E-Authentication and Identity Proofing at the Office of Budget, Finance, and Management at the Social Security Administration and the Entrust IdentityGuard Cloud Services provided by AGSI for the Department of Energy’s National Energy Technology Center. Two instances of CloudShield deployed at the Air Force Life Cycle Management Center’s Program Executive Office Command, Control, and Communications Information and Networks (PEO C3I&N) make up the deep packet processing awards and the consulting gigs encompass FedRAMP cloud hosting and program design and architecture efforts at Veterans Affairs and Army, respectively.

Given these low totals in the grand scheme of things, why haven’t agencies moved forward more aggressively with using cloud-based security solutions? One answer is that they probably have, it is just that the data is either hidden or not publicly available. The term “hidden” isn’t intended to suggest deliberate obfuscation. Rather, it denotes that the designation of a solution as cloud-based or related is not clear. This speaks to a problem identified by more than a dozen agency inspectors general; namely, that agencies aren’t able to account for their cloud investments because many investments haven’t been classified as cloud.

The other outlier is the Department of Homeland Security’s Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring as a Service contract vehicle. I could have included the $6 billion ceiling value of this contract in the totals above, but it would have only skewed the overall trend of rising award totals much higher. Since its award at the end of FY 2013, agencies have reported spending more than $102 million through the CDM/CMaaS vehicle, suggesting that spending on cloud-based cyber security solutions is much higher than the contract award value data cited above indicates. This does not negate the value of the contract award data, it simply confirms the trend that agencies are turning to the cloud for cyber security solutions.