Your favorite movie wasn’t the only thing that got a new installment in 2018. The White House’s “Cloud First” strategy, issued in 2010, got a long-overdue sequel called “Cloud Smart” late this year. Of course, this federal cloud computing initiative is a long-term strategy, so the effects of it won’t be apparent right out of the gate. The intent of Cloud Smart, however, has been made clear: it’s designed to “offer a path forward for government agencies to migrate to a safe and secure cloud infrastructure… [it will help] agencies achieve additional savings, security, and deliver faster services” (you can read the Federal Register Notice here).
This new strategy should come as no surprise; after all, Cloud First arrived during the nascent stages of cloud development, without a solid implementation plan, at a time when many government agencies were slow—and even scared—to migrate to the cloud. But that’s all changed; now, Bloomberg Government estimates that the federal cloud services market has grown from about $1.3 billion in 2010 to a projected $6.5 billion in 2018. Cloud Smart aims to further ramp up cloud adoption and ease concerns. This will be achieved by giving agencies the tools they need to make informative IT decisions that are in line with their goals while benefiting the public at large.
To achieve its goals, Cloud Smart aims to build cloud computing knowledge and remove policy barriers, along with the “fear factor,” by zeroing in on three interconnected areas: security, procurement, and workforce.
Three Considerations of Cloud Smart
Cloud Smart intends to modernize antiquated security policies, with a focus on risk-based decision-making, automation, and moving protections closer to data. The report also states that agencies need to have a 360-degree view of their data, both on-premise and in the cloud, with 24/7 monitoring to detect potential threats and encryption for data-in-flight and data-at-rest.
The need for airtight service level agreements (SLAs) is also brought up for agencies working with cloud providers. SLAs define the level of performance expected from a service provider and how that service will be measured and achieved (with penalties and reimbursement for failure strictly outlined). A solid SLA gives government agencies continuous awareness of the confidentiality, security, and availability of its data. This goes hand-in-hand with CJIS compliance—abiding with regulations put into place to protect not just the public, but the agency itself.
Cloud Smart intends to improve the ability of agencies to purchase cloud solutions with confidence. In the past, a lack of consistent government-wide guidance and common standards has resulted in agencies working with vendors that don’t provide the best environment for data governed by strict federal requirements. This can lead to sensitive agency information being placed with a cloud provider that doesn’t offer proper government security protocols.
The Cloud Smart report offers many suggestions for finding a reputable cloud services provider. In addition, the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure found within the report stresses that government executives hold themselves accountable for managing the risk to their organization, and that even a solid SLA does not absolve them of their responsibilities.
CIO’s and their teams must understand their roles and responsibilities, how to establish clear performance metrics, and how to implement remediation plans for non-compliance. Government organizations unhappy with their cloud provider, or questioning its security and compliance practices, should always partner with a provider that meets Criminal Justice Information Services (CJIS) compliance.
Cloud Smart is designed to improve skills, recruit talent, and retrain existing talent as needed in regards to cybersecurity, acquisition, and cloud engineering. The intent is not to take away jobs, but to increase cloud knowledge among IT pros. In fact, the Federal Cybersecurity Workforce Assessment Act of 2015 requires Federal agencies to implement the National Initiative for Cybersecurity Education (NICE), Cybersecurity Workforce Framework through a new coding structure and by identifying all Federal civilian positions performing information technology, cybersecurity, or other cybersecurity-related functions and help them to develop new skill sets.
To get up to speed with the Cloud Smart initiatives, federal cybersecurity policies need to evolve, taking a proactive approach to security, management, and training or recruitment. The cloud is here to stay, and holding back will only hinder your organization and its employees.
Suzette Kent, Federal CIO, says it best. "To keep up with the country’s current pace of innovation, [the White House] has placed a significant emphasis on modernizing the Federal government… Cloud Smart embraces best practices from both the federal government and the private sector, ensuring agencies have capability to leverage leading solutions to better serve agency mission, drive improved citizen services and increase cyber security."
Ready to work with a cloud provider that understands government requirements and compliance regulations? Then consider DSM’s G-Cloud. G-Cloud is the first and only Florida-based VPC solution designed for national, state, regional, and local government agencies. We ensure strict security protocols, 99.99%+ uptime, and a complete compliance package, meeting requirements for CJIS. DSM’s G-Cloud is also available for purchase through the GSA contract, and we’re already working with government organizations such as the Florida Department of Agriculture. Learn more about the G-Cloud difference, and the GSA advantage here, or contact one of our IT experts today for a free consultation.