The federal CIO recently launched the Federal Risk and Authorization Management Program (FedRAMP), intended to address security concerns as government agencies look to move more of its network operations to a cloud platform.
The goal of FedRAMP is to establish baseline security procedures and measurements – a uniform security protocol to used by all agencies. It addresses “low” and “moderate” risk levels as defined by the Federal Information Security Management Act.
FedRAMP is going live, however, just as the federal budget process is strangling, caught in the partisan fighting on Capitol Hill, and with plenty of indications that debt/deficit (no, they’re not the same thing) hawks are not interested in funding new programs – even when they’re critical to (a) protecting federal information systems and (b) intended to save the government money.
Politico reported last month that VanRoekel isn’t worried about funding to implement FedRAMP, even though the E-Gov fund was slashed last year and faces new cuts this year; he believes that part of the funding will come from the cost savings realized by moving to cloud computing within the new security framework.
The new federal CIO is optimistic and I hope that VanRoekel is correct. But my concern is that there will be lots of IT programs (E-Gov and other) trying to lay claim to any savings as a way to eke out just a little more investment in them. The prospective infighting over the money is strengthened by IT program managers’ lack of control over their own priorities; will a career government techie really tell his agency’s CIO that cloud security comes before the laundry list of other IT needs?
COMMENTS