{ "id": "R46119", "type": "CRS Report", "typeId": "REPORTS", "number": "R46119", "active": true, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 621559, "date": "2020-03-25", "retrieved": "2020-04-02T22:20:26.721302", "title": "Cloud Computing: Background, Status of Adoption by Federal Agencies, and Congressional Action", "summary": "Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the internet. Utilities are also delivered through networks, whether the electric grid, water delivery systems, or other distribution infrastructure. In some ways, cloud computing is reminiscent of computing before the advent of the personal computer, where users shared the power of a central mainframe computer through video terminals or other devices. Cloud computing, however, is much more powerful and flexible, and information technology advances may permit the approach to become ubiquitous. \nAs cloud computing has developed, varied and sometimes nebulous descriptions of what it is and what it is not have been commonplace. Such ambiguity can create uncertainties that may impede innovation and adoption. The National Institute of Standards and Technology has developed standardized language describing cloud computing to help clear up that ambiguity: \nCloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.\nSince 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned, in-house data centers. This shift is intended to achieve two goals: reduce the total investment by the federal government in information technology (IT), which currently stands at about $90 billion each year, and realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. However, challenges remain as agencies shift to cloud services. According to a survey conducted in September 2018, federal IT managers expressed concerns about security in certain cloud environments, the complexity of migrating existing (\u201clegacy\u201d) applications to the cloud, a lack of skilled staff to manage certain cloud environments, and uncertain funding.\nPlanning for cloud adoption by federal agencies began with the 2010 publication of \u201cA 25-Point Implementation Plan to Reform Federal IT Management.\u201d More recently, in the 2017 \u201cReport to the President on Federal IT Modernization,\u201d the Office of Management and Budget (OMB) pledged to update the government\u2019s legacy Federal Cloud Computing Strategy (\u201cCloud First\u201d). Fulfilling this requirement, the Administration developed a new strategy, \u201cCloud Smart,\u201d which was published on September 24, 2018. The new strategy is founded on what the Administration considers the three key pillars of successful cloud adoption: security, procurement, and workforce. \nIn the 116th Congress, there has been one cloud-related bill introduced and two hearings directly related to cloud computing:\nThe Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941) was introduced on July 24, 2019, by Representative Gerald Connolly. The bill would formally establish within the General Services Administration a risk management, authorization, and continuous monitoring process consistent with the Federal Information Security Modernization Act of 2014.\u201d \nOn July 17, 2019, the House Committee on Government Reform Subcommittee on Government Operations held a hearing, \u201cTo the Cloud! The Cloudy Role of FedRAMP in IT Modernization.\u201d The purpose of the hearing was to examine the extent to which FedRAMP has reduced duplicative efforts, inconsistencies, and cost inefficiencies associated with the cloud security authorization process.\nOn October 18, 2019, the Committee on Financial Services Task Force on Artificial Intelligence (AI) held a hearing, \u201cAI and the Evolution of Cloud Computing: Evaluating How Financial Data Is Stored, Protected, and Maintained by Cloud Providers.\u201d Among other topics, the hearing explored how AI could be used to improve cloud management functions. \nAdditionally, there have been two hearings on the implementation status of the Federal Information Technology Acquisition Reform Act. These hearings provide an update on data center optimization, which is an indication of the extent of agency adoption of cloud computing.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "https://www.crs.gov/Reports/R46119", "sha1": "ad670e16e5d43388f2d0bf14c23200930dcf422c", "filename": "files/20200325_R46119_ad670e16e5d43388f2d0bf14c23200930dcf422c.html", "images": {} }, { "format": "PDF", "encoding": null, "url": "https://www.crs.gov/Reports/pdf/R46119", "sha1": "3151e1fa52d57f148233535fc9fb1a637530c19f", "filename": "files/20200325_R46119_3151e1fa52d57f148233535fc9fb1a637530c19f.pdf", "images": {} } ], "topics": [] }, { "source": "EveryCRSReport.com", "id": 615767, "date": "2019-12-12", "retrieved": "2020-02-04T23:09:17.060817", "title": "Cloud Computing: Background, Status of Adoption by Federal Agencies, and Congressional Activities", "summary": "Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the internet. Utilities are also delivered through networks, whether the electric grid, water delivery systems, or other distribution infrastructure. In some ways, cloud computing is reminiscent of computing before the advent of the personal computer, where users shared the power of a central mainframe computer through video terminals or other devices. Cloud computing, however, is much more powerful and flexible, and information technology advances may permit the approach to become ubiquitous. \nAs cloud computing has developed, varied and sometimes nebulous descriptions of what it is and what it is not have been commonplace. Such ambiguity can create uncertainties that may impede innovation and adoption. The National Institute of Standards and Technology (NIST) has developed standardized language describing cloud computing to help clear up that ambiguity: \nCloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.\nSince 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned, in-house data centers. This shift is intended to achieve two goals: reduce the total investment by the federal government in information technology (IT), which currently stands at about $90 billion each year, and realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. However, challenges remain as agencies shift to cloud services. According to a survey conducted in September 2018, federal IT managers expressed concerns about security in certain cloud environments, the complexity of migrating existing (\u201clegacy\u201d) applications to the cloud, a lack of skilled staff to manage certain cloud environments, and uncertain funding.\nPlanning for cloud adoption by federal agencies began with the 2010 publication of \u201cA 25-Point Implementation Plan to Reform Federal IT Management.\u201d More recently, in the 2017 \u201cReport to the President on Federal IT Modernization,\u201d the Office of Management and Budget (OMB) pledged to update the government\u2019s legacy Federal Cloud Computing Strategy (\u201cCloud First\u201d). Fulfilling this requirement, the Administration developed a new strategy, Cloud Smart, which was published on September 24, 2018. The new strategy is founded on what the Administration considers the three key pillars of successful cloud adoption: security, procurement, and workforce. \nIn the 116th Congress, there has been one cloud-related bill introduced and one cloud-related hearing held. The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941) was introduced on July 24, 2019, by Representative Gerald Connolly. The bill would formally establish within the General Services Administration a risk management, authorization, and continuous monitoring process to \u201cleverage cloud computing services using a risk-based approach consistent with the Federal Information Security Modernization Act of 2014.\u201d On July 17, 2019, the House Committee on Government Reform Subcommittee on Government Operations held a hearing, \u201cTo the Cloud! The Cloudy Role of FedRAMP in IT Modernization.\u201d The purpose of the hearing was to examine the extent to which FedRAMP has reduced duplicative efforts, inconsistencies, and cost inefficiencies associated with the cloud security authorization process.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "https://www.crs.gov/Reports/R46119", "sha1": "2004bc0cfaaa7f301a8aae6ca650c3507b35bb50", "filename": "files/20191212_R46119_2004bc0cfaaa7f301a8aae6ca650c3507b35bb50.html", "images": {} }, { "format": "PDF", "encoding": null, "url": "https://www.crs.gov/Reports/pdf/R46119", "sha1": "11eb45dfbe52afff45e0037a6fa529bb76b56359", "filename": "files/20191212_R46119_11eb45dfbe52afff45e0037a6fa529bb76b56359.pdf", "images": {} } ], "topics": [] } ], "topics": [ "Internet and Telecommunications Policy", "National Defense" ] }