While the Federal IT community is eager to embrace the benefits of cloud services, agency leaders are working to balance the transition to cloud with Federal policies and maintaining continuous operations, deputy CIOs from the Air Force and the Department of Veterans Affairs (VA) told the crowd at CES-Government on Friday in Las Vegas.
“What cloud has really brought to us isn’t just the cost perspective … it’s really speed,” said Bill Marion, deputy CIO for the Air Force. “The competitive advantage, even when you talk China and Russia, in all the technology space, it’s about speed.”
Marion described how turning to cloud service allowed the Air Force’s to modernize its 1.4 million-user human resources system in just 60 days, far faster than previous on-premises efforts. “We were 16 major releases behind, and we went 16 versions up in two months. All the other processes took another six months of approvals to operate, and accreditation, and that kind of thing, but in 60 days – we never would have done that in a legacy approach,” he said.
Working within those requirements was a recurring theme throughout the session, as moderator Ryan Jannise, vice president of U.S. defense systems at Oracle, described the regulatory framework as the “800-pound gorilla in the transformation to cloud from legacy.”
“We take our FITARA [Federal IT Acquisition Reform Act] and our FISMA [Federal Information Security Management Act] responsibilities very seriously. As a CIO and formerly a CISO, I sort of appreciate that those mandates are out there. It gets people to pay attention, and understand the stakes and importance of all this” said Dominic Cussatt, deputy CIO at VA.
He praised the FISMA standards and the National Institute of Standards and Technology (NIST) Cybersecurity Framework for being solution agnostic, and said it “gives a lot of latitude to find a service provider that provides the capability to meet that security control.” He noted the push within VA to move away from a risk-averse, checklist mentality and to embrace economies of scale.
“There’s a lot more play-space and latitude than people acknowledge – you can still be compliant, you can still meet the spirit and intent, but you can get out there and get a capability that meets the business and mission needs, because that’s what it’s all about, ultimately,” said Cussatt.