Is the Cloud Secure? FedRAMP Goodrich Speaks Up

There’s a common perception in federal government circles that cloud computing is not secure.

Matt Goodrich, FedRAMP director, U.S. General Services Administration, addressed this concern and more during the recent Advanced Technology Academic Research Center’s (ATARC) Federal Cloud Computing Summit.

With witty rejoinders and unique analogies, Goodrich debunked some of common fears concerning the cloud, dissecting various concepts such as standardization, acquisition and cost effective services.

“What does the cloud do?” Goodrich asked.

“It allows you to start over. It allows you to create something new. It actually works well. But agencies have to go back and think of those standards and how they are building those applications … and how they are actually going to use the cloud – how they are going to take advantage of those services.”

To help combat concerns about cyber security in the cloud, Goodrich discussed how FedRAMP alleviates said fear, keeping accountability high and practically outlining how cloud can offer full-proof security.

“We’ve tried to continue to keep that bar high and enforce those things that are important to security,” he said. “I think that’s one thing that’s continuing to make cloud get more and more adoption across the federal government. We’ve been able to show that many times, even with security, not only are you getting better services with cloud than what you’re getting with your own services – you’re getting better security many times as well.”

The speakers on panels throughout the day echoed Goodrich’s emphasis on the current status of cloud expansion and installation.

Dan Doney, Chief Innovation Officer, Defense Intelligence Agency (DIA), said rethinking IT means adopting, in some capacity, to the cloud. Doney discussed an initiative the intelligence agency recently implemented.The task, he said, sends high-end data scientists to observe disenfranchised end users around the federal government – in other words, someone completing a mission around the agency. While observing, the DIA’s experts are able to use cloud resources and develop various IT solutions.

“It’s a completely different way of delivering IT. It’s only possible because of the cloud,” Doney said. “These approaches very seldom result in physical dollar savings but rather significant productivity savings.”

Phil Klokis, associate chief information officer, Public Building Services, U.S. General Services Administration, agreed, saying the cloud can help drive down development costs associated with vendors. And the cloud also helps with promotional models such as production or user acceptance environments, Klokis said. “The ability to shut them off when they’re not being used is a huge saving,” Klokis said.

Doney concluded the panel with a piece of advice.

“If you are a senior IT manager in the government and you have not actually used the cloud for yourself, you’ve not released an application into the cloud, done devops in the cloud, you’re doing yourself a great disservice. It’s not that hard to do. You need to experience it yourself so that you have that gut sense of what the cloud is capable of doing for you,” he said.