A More Comfortable Cloud

The federal government’s comfort level with the cloud improves, due in part to standards and more offerings from commercial cloud providers.

Although it is already ubiquitous in the private sector, cloud computing has had a slow adoption by the federal government. That trend is shifting, an expert says, as the federal government, as well as state and local governments, employ more cloud computing.

Federal cloud practitioners are finding it easier to use the platform. Federal government cloud usage processes have been informed by best practices and aided by the structure cloud certifications provide, such as the Federal Risk and Authorization Management Program (FedRAMP), says Justin Brunelle, a principal researcher at The MITRE Corp.

Cloud practitioners within the government understand the role cloud computing plays—offering additional computational capabilities that can be located at the point of data collection or the point of information consumption, he notes.

“The biggest shift I see is that the government no longer views cloud as this big monolithic domain that they have to figure out, but rather as a tool by which they can start to enhance services [that they provide internally],” Brunelle states. “It’s no longer something that’s a Silicon Valley type of technology where the government needs to play catch-up, rather, they’re starting to understand the intricacies of the value of using cloud computing and understanding the benefits of using it in certain domains.”

In addition, the market is emerging to offer not only the traditional cloud service providers—the heavy hitters with larger market share—but to also include niche companies providing more services that fall outside of the traditional infrastructure, platform and software as a service that cloud features. For example, the market includes companies acting as cloud brokers, playing a role as an aggregator of cloud products offered by a variety of different organizations.

More importantly, commercial cloud service providers of various sizes are increasingly catering to the government’s needs, Brunelle adds.

An initial impediment to cloud usage by the government—especially from the Department of Defense—was an overarching concern about the security of the cloud. “Seven, eight years ago, what you were seeing was government practitioners saying, ‘Gee, this is scary,’” he says. “The security is still concerning, but we’re starting to see that comfort level increase, where government cloud practitioners are more comfortable with the services that are being provided. There is an increased practice of using cloud at the appropriate levels of classification.”

Concerns about giving up control of systems remain, Brunelle acknowledges, but what has evolved from that apprehension is the government’s improved ability of knowing when to use the cloud.

“Essentially, what the government is asking itself to do by adopting cloud is to give up some control of the legacy products,” he observes. “There’s the hardware, the software and trusting their cloud service provider to handle that effectively. Now what you’re seeing is government practitioners being more discerning with the use cases, making sure of the appropriate transitions to the appropriate environments.”

Another aspect driving the shift toward federal cloud use is the cloud industry’s consideration of products that the government uniquely requires and recognizing them as a major consumer of cloud services, Brunelle says. Cloud providers are working to make sure that their government-offered products match what’s expected as indicated by FedRAMP, he says.

Brunelle advises cloud companies to continue to develop and offer targeted cloud services for the government, but to have a clear understanding of the cloud certified security classification levels and the appropriate services and environments in which the Defense Department can operate. “The industry can really help by working with the government to help them understand where those boundaries are,” he stresses. “Knowing what a Provisional Authorization for Impact Level 4 versus Level 5 means and being able to describe what their products can do across use cases, I think would be a big benefit to the government.”

As for future capabilities, Brunelle expects cloud services emerging in the next year that incorporate Internet of Things (IoT) and mobile devices. “A lot of the services are being provided by a cloud on the back end,” he explains. “So when you think about being able to provide robust computation and services that mobile devices and IoT devices can consume, you’re starting to talk about delivering a lot of computational power to your mobile users and being able to consume those computational resources from a relatively thin device [enabled by cloud].”

This may include “a movement towards almost canned environments where you have the tools by which you can amplify the effects of IoT in a package,” such as being able to visualize incoming data or processing data automatically from IoT devices “and being able to manage it at an IoT scale,” Brunelle adds.

He also expects new test bed platforms for the cloud that could enable development and security of big data products stemming from IoT device data. “We’re starting to be on the cusp of that now,” Brunelle states.

For the federal government, which was slow to adopt mobile devices, the cloud may also play a role in increasing the endorsement of IoT and mobile devices, he notes.