“Agencies should demonstrate flexibility in adapting current procurement models and existing contracts to take advantage of new cloud offerings,” according to the CLOUD2 report.
Jim Sheaffer, commission vice chair and CSC president of the North American Public Sector, said agencies should take advantage of the Federal Acquisition Regulation (FAR) to procure cloud solutions using an “as-a-service” model.
The commission called on Congress and the Office of Management and Budget to make it easier for agencies to move funds between acquisition accounts and operating and maintenance expenditure accounts when agencies implement cloud services and solutions.
The CLOUD2 report, requested by Federal Chief Information Officer Vivek Kundra, also advocates new measures to promote cloud computing as a safe investment.
“It’s absolutely essential as a first step in accelerating cloud adoption and driving U.S. leadership in cloud innovation that the cloud earn the trust of its users,” Sheaffer said. “They have to be confident in the security, the privacy and the availability of service through the cloud.”
With that aim, the commission recommended industry launch new transparency efforts to publicize information about operational aspects of cloud services, including portability, performance and reliability.
“Uncertainty about how systems not in their possession will perform and fear of being unable to access or move their data” is a primary reason federal agencies and companies do not move to the cloud, the report said.
The commission also advocated a new data breach law with the goal of setting clear requirements that cloud solution providers must follow when cyber attacks breach their systems. The law would also strengthen criminal penalties for anyone who attacks computer systems and networks.
“Cloud services, like existing IT systems, will be the target of malicious actors,” the commission wrote. “Timely notification and transparency to customers – individuals, organizations and governments – enables rapid response and the opportunity to minimize damage.”
The federal government should support the development of metrics and tools that users can use to evaluate and compare cloud services, said Dan Reed, CLOUD2 vice chair and Microsoft corporate vice president of technology policy and strategy.
“It’s really important that transparency be clear, that there be mechanisms for the consumers of those services to verify the attributes of the services being operated,” he said.
Financial incentives and praise for agencies
Fiscal incentives, rewards and support are also keys to accelerating cloud adoption, the commission said, because the transition requires significant resources, such as time and political will.
The incentives “may include allowing agencies to retain and redirect a portion of the overall budget savings realized from cloud adoption, providing seed money to agencies that help with the initial investments required in moving to the cloud, and giving public recognition and praise to agencies and individuals that enable early or innovative adoption of cloud computing,” according to the commission’s report.
Faster adoption of cloud computing is essential to reinforcing America’s position in the global marketplace, the commission said. And thus, the U.S. government should lead by example.
“The U.S. government should demonstrate its willingness to trust cloud computing environments in other countries for appropriate government workloads,” the commission wrote.
Policies and frameworks developed by in U.S. could encourage governments in other countries to develop or accelerate their own cloud computing efforts, according to the commission.
“If you want to be a leader in the worldwide economy,” Sheaffer said, “You’re going to have to reduce barriers and impediments that would prevent other countries from being willing to put their data in [clouds based in the U.S.]. We’d have to demonstrate we’re willing to put our data in clouds [that are] potentially in other countries.”