We’ve talked multiple times on this blog about the incredible cost savings that government organizations and agencies could realize by embracing cloud computing. In light of our nation’s ongoing financial situation, saddled with debt and looking everywhere for costs to cut, the time to implement cloud infrastructures across the government and consolidate existing datacenters is now.
Unfortunately, there is more standing in the way between government agencies and cloud computing than just concerns about security. There’s also a lot of red tape to cut through. What’s worse, this red tape is doing nothing but costing the government even more money, all while it tries to cut costs.
The problem resides in the accreditation process. For a technology vendor to do business with a federal agency, they need to be given three separate stamps of approval: one for the datacenter, one for the people and process involved and one for the product. These stamps of approval are different from agency to agency across the federal government and the process to acquire them is not cheap.
This means that every time a company wants to sell a cloud solution to the government, they need to go through an expensive accreditation process with each and every agency, at a significant cost to that company. But this is business, and you can be sure that those companies aren’t going to foot the bill. The same way defense contractors mark up their projects to accommodate the costs incurred during their red-tape-filled sales process, these technology companies pass the cost of their accreditation right back to the government.
The end result? The government is delaying the implementation of cost-saving cloud solutions by tying them up in bureaucratic approval processes. They’re also subsequently increasing the cost of these solutions when they are approved for purchase.
There have been programs put in place in the past designed to implement information security programs in the federal government, including the Federal Information Security Management Act (FISMA). FISMA was intended to create consistent and cost-effective application of security controls across the federal information technology infrastructure. Unfortunately FISMA compliance, which would provide stamps of approval for multiple agencies across the government, remains extremely expensive for vendors.
In an attempt to rectify the shortcoming in FISMA and speed up the approval process to get cloud computing through the door at federal agencies, the government is working on something new.
The Federal Risk and Authorization Management Program, or FedRAMP, was adopted this year to provide joint authorizations and continuous security monitoring of cloud solutions for federal agencies. FedRAMP would create security requirements among federal agencies, ensure compatible security requirements on shared systems, eliminate duplication of effort and allow solutions to be acquired faster and easier.
The FedRAMP Program is a good one, with significant potential to cut down on the time to acquire cloud solutions and reduce the cost of approvals, which will, in turn, cut the cost of the solutions themselves. But FedRAMP has taken a long time to come to fruition. A very long time. In the meantime, the private sector has continued to innovate new technology as the government continues to take its time approving, purchasing and implementing older technology.
For the government to catch up and start doing business at the speed of the private sector, wholesale changes are needed. An antiquated system that focuses on taxonomies and terminology needs to be replaced with one that focuses more on allowing the federal government to do business at a faster pace. Only then will money-saving technologies come to our cash-strapped government at the right price.
Filed under: Uncategorized Tagged: | accreditation, economy, federal government, Federal Information Security Management Act, Federal Risk and Authorization Management Program, FEDRAMP, FISMA, national debt