If the Intelligence Community Can Do Cloud, Why Can’t The Rest of Government?

Rep. Will Hurd, chairman of the Oversight and Government Reform Committee’s IT subcommittee, raised an interesting question about federal cloud computing efforts during a hearing this week.

“Intelligence agencies traditionally have the highest concern when it comes to security,” Hurd said during a Sept. 22 field hearing held in his home district of San Antonio. “If intelligence agencies can do this, why can other elements of federal agencies not?”

Hurd directed his question toward Amazon Web Services Chief Architect Mark Ryland, one of several representatives of several high-profile cloud service providers invited to testify.

Amazon secured a $600 million contract with the Central Intelligence Agency in 2013 to provide cloud services for all 17 intelligence agencies. The contract solidified the company’s status as both the leading private sector cloud-service provider and announced the company as a true contender for future efforts in the public sector. The C2S cloud AWS built for the CIA launched last year, yet those efforts haven’t carried over to the civilian side of government yet.

The main reasons are cost concerns – agencies often lack the budgets to invest in innovation – and the myth that cloud computing is less secure than having internally owned and operated data centers.

“Things like advanced persistent threats don’t exist in environments that are constantly updated,” Ryland said. “I think [the IC] had a great vision to take advantage of that and the cost savings and agility that goes with it.”

Ryland explained the IC’s efforts in cloud computing should carry over to civilian government much easier than they have so far. In other words, many of the same rules, challenges and constraints apply.

“I think the reasoning behind [the IC’s] decision is very applicable to civilian agencies and DOD as well,” Ryland said. “I’d encourage people to look hard at that solution and think about whether there would be any willingness amongst that community to make any type of compromises when it comes to security. And when they realize that’s not going to happen, then it helps assure people” commercial cloud providers can run large-scale infrastructures “in a highly secure way.”

Still, the government spends about 80 percent of its $80 billion IT budget on legacy technology, leaving little money to invest in new approaches, such as cloud computing. Even under the Obama administration’s progressive budget proposal for the upcoming fiscal year, provisioned services, such as cloud, would account for less than 10 percent of federal IT spending.

Comparatively, a recent report from research firm IDC estimates cloud spending worldwide this year will approach $70 billion and is expected to double again by 2018.

The government, Hurd said, has not been keeping up with the rest of the world.

Cloud computing allows buyers – in this case, the government – to purchase computing capacity on a utility basis as needed, promoting significant cost savings when compared to the traditional approach of buying and maintaining underutilized data centers.

As John Engates, chief technology officer at Rackspace, pointed out, government data centers use “only 15 percent” of their capacities. At any given moment, Engates said Rackspace servers are used to more than 40 percent capacity.

It’s also important to note Rackspace customers aren’t paying hardware or energy costs to use Rackspace servers, which further boosts savings for customers that no longer have to operate and maintain energy-sucking data centers.

The government stands to save billions annually, yet it hasn’t been able to capitalize even with use cases as prominent and well-publicized as the intelligence community’s innovative efforts.

Mark Kneidinger director of the Department of Homeland Security’s Federal Network Resilience Division, said government hasn’t changed much about its approach to cloud computing in the five years since former U.S. Chief Information Officer Vivek Kundra published a federal cloud computing strategy and instituted a “cloud first” policy.

“In 2015, many agencies are still using cloud computing similar to 2010,” Kneidinger said.