Have Federal Agencies Adopted Cloud Solutions Too Fast?
Published: July 29, 2014
Recently the Office of the Inspector General at the Environmental Protection Agency released an audit report that highlighted a lack of coordination and clarity in the agency’s cloud computing investments. The results of the audit were based on a survey designed by the Council of the Inspectors General on Integrity and Efficiency (CIGIE), which provides a matrix for collecting information about cloud projects. When the EPA OIG conducted the survey it focused primarily on the lack of clarity surrounding a single contract awarded by the Office of Water for cloud hosting of its Permit Management Oversight System (PMOS). During its survey, however, the OIG discovered significantly wider problems, leading them to conclude that the EPA “did not know when its offices were using cloud computing.”
This statement surprised me at first. After all, in the age of OMB’s “Stat” initiatives (i.e., PortfolioStat, TechStat, and AcquisitionStat) one would think that a smaller agency like the EPA had developed a solid handle on its investments, especially those made within the last four years. Alas, this is not the case. Perhaps the methodology used by EPA program offices to discover cloud investments was the problem. According to the OIG, “the Office of Acquisition Management (OAM) indicated that the Cloud Survey was completed by performing a search for the word ‘cloud’ in the procurement description.”
At first I could only shake my head when I read this. Then it dawned on me that the OIG had provided some real and valuable insight into the current state of federal IT.
The reality is that despite multiple inventory efforts, agencies simply don’t know what assets they possess, and when it comes to cloud computing the challenge is particularly acute. Cloud solutions come in a large number of diverse forms and the solutions often have multiple pieces. Industry partners seeking to make sales further add to the confusion by touting solutions “as-a-Service” when they really aren’t and by throwing around the term “cloud” when it doesn’t technically apply.
All of this points to the absolute and desperate need for agencies to invest in some kind of cloud broker or asset management program. Such a program could take the form of automated tools for tracking cloud investments or end-to-end brokerage/management services. These services could be provided by a vendor or, as in the case of the Defense Information Systems Agency, a formal program office. In this day and age it is simply astounding that any agency seeking to use cloud computing would jump into the deep end without having a handle on what it is they are buying. The EPA in particular set ambitious goals for migrating 80% of its computing environment to the cloud by 2015. Clearly they aren’t going to make that deadline. More importantly, as the OIG audit demonstrates, the EPA appears to have set this goal without putting a proper management infrastructure into place. Implementing a cloud broker solution would have helped.
Maybe Congress has a solution. If the Federal IT and Acquisition Reform Act (FITARA) passes, budgetary and oversight authority will be centralized in CIO shops, providing the means by which cloud investments could be cataloged, especially since they would be tied to Cloud Computing Working Capital Funds.
Whatever happens with FITARA the example of the EPA is clear – the agency jumped into cloud computing faster than it should have. NASA had its hand slapped for doing something similar in connection with FedRAMP compliance and I’m guessing other agencies face challenges in this area. Ironic, isn’t it? We read all the time that agencies aren’t adopting cloud-based solutions fast enough. The lesson of the EPA shows, however, that maybe the opposite is really the case. The agency actually adopted cloud solutions faster than it was prepared to handle. Where’s Alanis Morissette when you need her?