Cloud Computing: Background, Status of Adoption by Federal Agencies, and Congressional Activities
Summary
Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the internet. Utilities are also delivered through networks, whether the electric grid, water delivery systems, or other distribution infrastructure. In some ways, cloud computing is reminiscent of computing before the advent of the personal computer, where users shared the power of a central mainframe computer through video terminals or other devices. Cloud computing, however, is much more powerful and flexible, and information technology advances may permit the approach to become ubiquitous.
As cloud computing has developed, varied and sometimes nebulous descriptions of what it is and what it is not have been commonplace. Such ambiguity can create uncertainties that may impede innovation and adoption. The National Institute of Standards and Technology (NIST) has developed standardized language describing cloud computing to help clear up that ambiguity:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Since 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned, in-house data centers. This shift is intended to achieve two goals: reduce the total investment by the federal government in information technology (IT), which currently stands at about $90 billion each year, and realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. However, challenges remain as agencies shift to cloud services. According to a survey conducted in September 2018, federal IT managers expressed concerns about security in certain cloud environments, the complexity of migrating existing (“legacy”) applications to the cloud, a lack of skilled staff to manage certain cloud environments, and uncertain funding.
Planning for cloud adoption by federal agencies began with the 2010 publication of “A 25-Point Implementation Plan to Reform Federal IT Management.” More recently, in the 2017 “Report to the President on Federal IT Modernization,” the Office of Management and Budget (OMB) pledged to update the government’s legacy Federal Cloud Computing Strategy (“Cloud First”). Fulfilling this requirement, the Administration developed a new strategy, Cloud Smart, which was published on September 24, 2018. The new strategy is founded on what the Administration considers the three key pillars of successful cloud adoption: security, procurement, and workforce.
In the 116th Congress, there has been one cloud-related bill introduced and one cloud-related hearing held. The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941) was introduced on July 24, 2019, by Representative Gerald Connolly. The bill would formally establish within the General Services Administration a risk management, authorization, and continuous monitoring process to “leverage cloud computing services using a risk-based approach consistent with the Federal Information Security Modernization Act of 2014.” On July 17, 2019, the House Committee on Government Reform Subcommittee on Government Operations held a hearing, “To the Cloud! The Cloudy Role of FedRAMP in IT Modernization.” The purpose of the hearing was to examine the extent to which FedRAMP has reduced duplicative efforts, inconsistencies, and cost inefficiencies associated with the cloud security authorization process.
Note: CRS reports are prepared for Members of Congress and their staffs. This summary is provided for informational purposes and does not constitute legal advice.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.