FedRAMP program expected to boost cloud contracts
June 22, 2012
Grazed from Federal Times. Author: Nicole Blake Johnson.
The federal cloud computing market is projected to jump from millions to billions of dollars over the next five years, thanks in part to a new cloud security program launched this month.
Market research firm Deltek projects that agency spending on cloud computing services will increase from $734 million this year to $3.2 billion in 2017, with a compound annual growth rate of 34 percent. The projection is based on current cloud computing initiatives at the 12 largest agencies, including the Health and Human Services and Transportation departments, and their readiness and preference for cloud services…
Deltek analysts and federal chief information officers expect cloud adoption and contracting opportunities to grow under the new Federal Risk and Authorization Management Program (FedRAMP), which is designed to address security concerns of cloud computing and provide industry with set standards for developing federal cloud services.
“I really do believe this [cloud] market is starting to move and will move very quickly once FedRAMP is up and running,” Richard Spires, CIO at the Department of Homeland Security, said last month.
For vendors trying to decide where they should invest, cloud would be a good investment, said Spires, who also serves as vice chairman of the federal CIO Council.
Some companies have made strategic changes internally to better position themselves for cloud business. Last year, systems integrator QinetiQ North America consolidated some responsibility for cloud contracting under its CIO, who also supports QinetiQ’s internal technology needs and manages its security and quality certifications.
The consolidation, although unconventional, was a logical move because the corporate IT department has the highest concentration of experts who know how to manage a cloud environment, said QinetiQ North America CIO John Lambeth. Lambeth said his office can ensure early on that cloud solutions meet certification standards, such as FedRAMP.
Lambeth said QinetiQ doesn’t track cloud revenue separately because it’s embedded in many of its technology solutions. QinetiQ is, however, expecting a greater demand for cloud-based services.
“We believe and frankly hope that FedRAMP matures into what it is intended to be because it will make the ability to deliver cloud-based services a heck of a lot smoother for the customers and integration partners,” Lambeth said.
For vendors, FedRAMP could mean a more consistent stream of contracting opportunities.
Dynamics Research Corp. is one of nine independent organizations — known as third-party assessment organizations, or 3PAOs — selected to ensure that cloud products and services meet FedRAMP services. Cloud vendors must first hire an approved 3PAO to review and validate their compliance with minimum security standards.
“The calls came in very quickly in terms of companies interested in speaking to us,” said Todd Coen, vice president for DRC’s homeland security solutions division. “We think this is going to be a great opportunity for us.”
Coen said the company has provided security assessments for the past 10 years. The goal is to establish long-term relationships with vendors, as they will need 3PAOs to continuously verify the security of their products.
Coen said the company expects this will be an area of growth, and DRC is preparing some of its existing staff to be reassigned to this area, if needed.
“It is creating a new market opportunity for a lot of companies,” said Paul Nguyen, vice president of cyber solutions at Reston, Va.-based Knowledge Consulting Group. The company is one of the nine 3PAOs.
Depending on the scope of the cloud services, security assessments can range from tens of thousands to hundreds of thousands of dollars, Nguyen said. But it may be six to nine months before FedRAMP matures and has a noticeable impact on business.
Cloud providers must be committed for the long term in order to see significant benefits, Kyra Kozemchak, a senior research analyst at Deltek, said in a statement.
Companies wonder why they should invest in infrastructure and hardware as the government looks to cut costs and share services, but vendors have to buy into the cloud service model and consider the long-term benefits, said Ray Muslimani, CEO of cloud vendor GCE.
“In a cloud environment you have to be willing to make less, but you hope to get a lot more volume,” he said. “You make up for that by having a lot more customers.”