GAO-22-106195 Printed: Sep 28, 2022. Publicly Launched: Sep 28, 2022.
Federal businesses plan to spend billions of {dollars} every year to assist their IT and cybersecurity efforts. These efforts embody transitioning their IT assets to safe, cost-effective industrial cloud providers.
We have recognized challenges in 4 areas that businesses should overcome to completely understand the advantages of transitioning to cloud providers. Particularly, businesses face challenges in:
- Making certain cybersecurity
- Procuring cloud providers
- Sustaining a talented workforce
- Monitoring prices and financial savings
This snapshot discusses our work on this space and suggestions that may assist businesses with this transition.
Because the federal authorities transitions to cloud computing, businesses face challenges in 4 areas: guaranteeing cybersecurity, procuring cloud providers, sustaining a talented workforce, and monitoring prices and financial savings. Our work in these areas—and the implementation of our suggestions—may help businesses overcome these challenges
The Massive Image
Federal businesses plan to spend billions of {dollars} every year to assist their IT and cybersecurity efforts, together with transitioning IT assets to safe, cost-effective industrial cloud providers. Federal businesses can use cloud computing to entry IT assets—corresponding to servers that retailer digital information—by way of the Web sooner and for much less cash than it could take to personal and preserve such assets.
Illustration of a cloud computing setting
What GAO’s Work Exhibits
Our physique of labor highlights 4 foremost challenges associated to the federal authorities’s adoption of cloud providers and our suggestions for enchancment. Federal businesses haven’t totally carried out the entire suggestions.
1. Making certain Cybersecurity
In 2011, the Workplace of Administration and Funds (OMB) established the Federal Danger and Authorization Administration Program (FedRAMP) to offer a standardized method for choosing and authorizing the usage of cloud providers that meet federal safety necessities.
In December 2019, we reported that, whereas all 24 main federal businesses had been collaborating in FedRAMP, many of those businesses continued to make use of cloud providers that weren’t approved by way of this system. As well as, the 4 main businesses we chosen for an in depth overview didn’t all the time:
- embody required info of their cloud system’s safety plans;
- summarize safety management take a look at leads to safety evaluation reviews; and
- determine required info in remedial motion plans which can be to record cloud service deficiencies and the way they are going to be mitigated.
We discovered that one trigger of those weaknesses was that FedRAMP’s necessities and steering on implementing these management actions weren’t all the time clear and this system’s course of for monitoring the standing of safety controls over cloud providers was restricted.
We really useful that OMB hold agencies accountable for authorizing cloud providers by way of FedRAMP. We made an extra 24 suggestions to federal businesses associated to bettering the implementation of the FedRAMP program, together with clarifying steering on program necessities and duties.
2. Procuring Cloud Providers
An necessary a part of procuring cloud providers is incorporating a service stage settlement into the contract. These agreements outline the extent of service and efficiency that the company expects the contractor to fulfill. In April 2016, we reported that 5 of the most important businesses that we chosen for overview didn’t all the time incorporate key practices for these agreements of their cloud service contracts. For instance, the businesses didn’t all the time specify:
- what constitutes a safety breach and the duties for notifying the company;
- how knowledge and networks can be managed; and
- the vary of enforceable penalties for non-compliance with the settlement.
This was primarily as a result of lack of steering that totally addressed the important thing practices.
We really useful that 4 of the businesses develop guidance that totally incorporates the important thing practices and that the fifth company replace its steering to incorporate the entire key practices.
3. Sustaining a Expert Workforce
Having expert IT personnel is vital to supporting the federal authorities’s cloud adoption efforts.
Illustration of a cloud computing workforce
Nonetheless, we reported cloud-related workforce challenges at three federal businesses.
- The Coast Guard didn’t embody new cloud-related expertise and a expertise hole evaluation for cloud personnel in its workforce growth technique.
- The Division of Protection (DOD) didn’t strategically plan for speaking with workers to organize them for modifications that may happen as a result of transfer to cloud providers.
- The Division of State’s strategic plan didn’t embody efficiency measures, targets, or objectives to watch progress in direction of clarifying job duties and necessities wanted to assist the cloud setting.
We really useful that the Coast Guard, DOD, and the Department of State take actions by updating their strategic plans to handle the workforce points associated to cloud computing.
4. Monitoring Prices and Financial savings
Federal insurance policies and steering have burdened the significance of lowering acquisition and working prices by buying cloud providers by way of the adoption of cloud computing. Nonetheless, in April 2019, we reported that federal businesses skilled challenges in monitoring and reporting cloud spending and financial savings knowledge. For instance, federal businesses had been usually utilizing inconsistent knowledge to calculate cloud spending and weren’t clear in regards to the prices they had been required to trace. As well as, businesses had issue in systematically monitoring financial savings knowledge and expressed that OMB steering didn’t require them to explicitly report financial savings from cloud implementations. We reported that, consequently, it’s doubtless that agency-reported cloud spending and financial savings figures are inaccurate.
We really useful that OMB require businesses to explicitly report cloud savings, and that businesses set up a repeatable mechanism to trace cloud financial savings and avoidances.
Extra from GAO’s IT Portfolio
For extra info, contact Jennifer R. Franks at (404) 679-1831 or franksj@gao.gov.
Full Report
from Cloud computing – My Blog https://ift.tt/kQDx2rY
via IFTTT
0 Comments