Reports R46119
Cloud Computing: Background, Status of Adoption by Federal Agencies, and Congressional Action
Published March 25, 2020 · Patricia Moloney Figliola
Summary
Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the internet. Utilities are also delivered through networks, whether the electric grid, water delivery systems, or other distribution infrastructure. In some ways, cloud computing is reminiscent of computing before the advent of the personal computer, where users shared the power of a central mainframe computer through video terminals or other devices. Cloud computing, however, is much more powerful and flexible, and information technology advances may permit the approach to become ubiquitous.
As cloud computing has developed, varied and sometimes nebulous descriptions of what it is and what it is not have been commonplace. Such ambiguity can create uncertainties that may impede innovation and adoption. The National Institute of Standards and Technology has developed standardized language describing cloud computing to help clear up that ambiguity:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Since 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned, in-house data centers. This shift is intended to achieve two goals: reduce the total investment by the federal government in information technology (IT), which currently stands at about $90 billion each year, and realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. However, challenges remain as agencies shift to cloud services. According to a survey conducted in September 2018, federal IT managers expressed concerns about security in certain cloud environments, the complexity of migrating existing (“legacy”) applications to the cloud, a lack of skilled staff to manage certain cloud environments, and uncertain funding.
Planning for cloud adoption by federal agencies began with the 2010 publication of “A 25-Point Implementation Plan to Reform Federal IT Management.” More recently, in the 2017 “Report to the President on Federal IT Modernization,” the Office of Management and Budget (OMB) pledged to update the government’s legacy Federal Cloud Computing Strategy (“Cloud First”). Fulfilling this requirement, the Administration developed a new strategy, “Cloud Smart,” which was published on September 24, 2018. The new strategy is founded on what the Administration considers the three key pillars of successful cloud adoption: security, procurement, and workforce.
In the 116th Congress, there has been one cloud-related bill introduced and two hearings directly related to cloud computing:
The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941) was introduced on July 24, 2019, by Representative Gerald Connolly. The bill would formally establish within the General Services Administration a risk management, authorization, and continuous monitoring process consistent with the Federal Information Security Modernization Act of 2014.”
On July 17, 2019, the House Committee on Government Reform Subcommittee on Government Operations held a hearing, “To the Cloud! The Cloudy Role of FedRAMP in IT Modernization.” The purpose of the hearing was to examine the extent to which FedRAMP has reduced duplicative efforts, inconsistencies, and cost inefficiencies associated with the cloud security authorization process.
On October 18, 2019, the Committee on Financial Services Task Force on Artificial Intelligence (AI) held a hearing, “AI and the Evolution of Cloud Computing: Evaluating How Financial Data Is Stored, Protected, and Maintained by Cloud Providers.” Among other topics, the hearing explored how AI could be used to improve cloud management functions.
Additionally, there have been two hearings on the implementation status of the Federal Information Technology Acquisition Reform Act. These hearings provide an update on data center optimization, which is an indication of the extent of agency adoption of cloud computing.