A common challenge facing federal IT leaders today is balancing the need to invest in modernization while maintaining legacy systems. A recent survey of federal chief information officers (CIOs) found that 75% of IT spending is dedicated toward the maintenance of legacy systems, rather than IT modernization. FITARA, the Federal Information Technology Acquisition Reform Act, is expected to change that by granting federal CIOs greater authority, visibility and responsibility into IT acquisitions. Enacted in December 2014, FITARA is intended to improve the acquisition and management of federal IT assets. Overall, there is optimism about its impact; 84% of IT professionals believe that FITARA will improve federal IT efficiency. Chief among its expected benefits are reducing the amount of waste and duplicative IT systems, and improving communication and visibility within agency IT teams.
FITARA defines new roles and responsibilities for agency CIOs, chief financial officers (CFO) and budget officers, chief acquisition officers (CAO), and senior procurement officials. Specifically, the CIO will now oversee all IT procurement, budget, and workforce decisions. How will this impact the rest of an agency’s IT staff? As the CIO takes greater ownership of IT projects, it will be increasingly important to speak the same language as the CIO to gain approval on IT projects. Additionally, as agency CIOs become accountable for a wider range of metrics, it will also be important to understand these metrics and how you impact them. In other words, it is important to be well versed in FITARA even if you are not a CIO.
In the next three years, there’s $3 billion of that stuff that goes end of life. Meaning no more patches, no more upgrades, no more spare parts, no longer official support from the companies.
– Tony Scott, Federal CIO, Office of Management and Budget
Cloud computing is expected to play a significant role in government IT. Anecdotally, much of the innovation occurring in commercial software today is being delivered in a cloud form factor. A key goal of FITARA is data center consolidation, and that objective will likely involve moving many agency processes from legacy IT systems to new cloud-based applications. According to one agency CIO, “We are moving legacy applications from the mainframe to the web. This will save us $160M in people time by automating processes, enabling us to get supervisors from desks into the field.” In the 2010 mandate “A 25-Point Implementation Plan to Reform Federal IT Management” released by United States CIO, Vivek Kundra, a “cloud first” approach to IT procurement was prioritized to make government IT more efficient.
One of the primary challenges federal agencies face moving to the cloud is meeting strict security standards. A 2016 report from the Congressional Research Service found that despite programs like FedRAMP, which are designed to streamline the procurement of cloud services, cloud adoption across government agencies is being held back due to security concerns. While IT may be waiting, agency employees are not. On the contrary, government employees are adopting cloud services as rapidly as the private sector. This is happening without the knowledge or involvement of IT, creating “shadow IT” environments across government agencies. The average agency now uses 859 cloud services, most of which have been introduced by employees, and only 3.3% of them are FedRAMP compliant.
We’ve written an ebook that describes how to leverage FedRAMP alongside a Cloud Access Security Broker (CASB) to help your agency meet its objectives under FITARA. CASBs offer a new approach to cloud security that, according to Gartner, provides “a critical control point for the secure and compliant use of cloud services across multiple cloud providers.” First, we’ll look the state of cloud adoption in government today. Next we’ll examine two key provisions of FITARA as they relate to cloud and how FedRAMP can help in the secure adoption of cloud services. Finally, we’ll describe in detail how to leverage Gartner’s cloud access security broker framework to better meet FITARA objectives using FedRAMP.
What to expect in this ebook
In the context of your agency’s requirements around FITARA and FISMA, this ebook includes:
- An overview of federal cloud usage today including the average number of cloud services in use per agency and the percentage that are FedRAMP compliant
- Key provisions of FITARA and how they relate to the procurement and management of cloud computing: data center consolidation and portfolio review
- An overview of FedRAMP accreditation requirements and how to use FedRAMP to streamline your agency’s adoption of cloud
- How to meet FITARA and FISMA requirements using Gartner’s four-part cloud security framework: visibility, threat protection, compliance, and data security
- Deployment considerations for a cloud access security broker (CASB)
Get a free copy of the ebook to get a complete guide to meeting your agency’s FITARA requirements as you adopt cloud services.