Exclusive: The Consensus is That FedRAMP is Broken and Confidence Lost – Avnet

Government cloud adoption is definitely showing an upward trend as federal, state and local agencies hampered by limited resources and bogged down by regulations see the cloud as a viable solution for increased agility, productivity and flexibility. Security remains the main consideration, Milo Speranzo, Director of Strategy and Compliance for Avnet Government Solutions told ITWatchIT.

Avnet’s Milo Speranzo talks about the journey so far as government agencies increase the tempo of their migration to the cloud  

Avnet is a behind-the-scenes, value-added IT distribution company, said Speranzo. We find spots in the supply chain where we can add value to our key suppliers, such as NetApp, and our thousands of value-added resellers. We play an integral role in helping develop the go-to-market strategy, in addition to compliance, visibility and marketing for our suppliers and resellers.

MeriTalk: Avenet + NetApp = Destination Cloud Report

We consistently poll the industry, both buyers and decision-makers in major technology areas. We have a strong focus on cloud, cybersecurity, IoT and converged solutions. We also consistently provide this type of feedback to our partner and reseller communities. This gives them a very robust knowledgebase to build their strategies in the applicable government fiscal year. It helps them in the delivery of their often sophisticated and complex solutions.

Cloud is the Destination, Really

We found that cloud continued to lead the way within the public sector. What we couldn’t ignore was the increase in spending on cloud computing. $205 will be spent on cloud computing worldwide, and will increase to $240 billion this year, which is a one-seventh increase that is very significant, and we couldn’t overlook it.

Vendors Have Solutions, but not Access

Our vendors have amazing solutions, but amazing solutions do not sell themselves. The key for vendors within the public sector is to make sure that your solutions are procurable. That’s where Avnet comes in, from a value standpoint. We developed the Avnet Cloud Toolset to assist our vendors in becoming compliant, making their solutions much easier to procure.

It also fills out a lot of the holes in the solutions that have to be addressed before they can be sold compliantly to the government. It’s what we call a cloud matchmaker. If there is a gap in one of our vendors’ solution portfolios, and they need to fill it with that of another company that is complementary, we fill that match via our toolset.  We see this a lot when it comes to bringing some of these amazing technologies to market because of regulatory requirements.

Main Motivators for Government Agencies Making That Cloud-Bound Move

Saving cost is the top priority for the CIOs and IT directors in each of the agencies. A very common theme we see is the ability to recognize savings, and also balancing some perceived risk. Across every agency, cost-saving is the major driver. From the perceived risk perspective, security and reliability top the list.  

Cloud Adoption Rate Among Federal Agencies

It’s a mixed bag, currently since cloud is not going away, and continues to gain favor; we see agencies that will only move specific applications to the cloud. They simply don’t have that comfort level yet. We see other agencies that will only build their own private cloud in-house, or go the hybrid cloud method. Some of them do go all-in and buy into some of the new solutions out there, and they are full speed ahead on the public cloud. More than half of the federal agencies now have integrated cloud strategies as part of their focus in fiscal year 2017, which is a significant increase over the previous years. We’ve seen significant cloud adoption in web hosting, although cloud adoption has many facets since it is specifically tailored to the particular agency in question.

If the workforce is remote, we see a lot of cloud adoption in that telecommute setting where there are a lot of development and testing going on and there is interest in bringing a lot of applications to the cloud. Security is a major concern, but we’ve seen advancements and leadership from the public sector in both hybrid and public cloud environments.

We’ve seen the medical field, pharmaceutical and banking industries really adopt these new technologies first.  They are standard-bearers who have given a lot of our federal agencies’ IT buyers and CIOs additional confidence in moving very specific applications to a cloud environment. Cloud is where we see a section of the private sector influencing the IT buys of the government. When the banking industry moves towards a specific solution, a lot of times, the financial side of the government will start to investigate whether it’s worth it, and even reach out to them to see how they migrated and benchmark it. That benchmarking and collaboration between the private sector and government is the key for the additional adoption of the cloud.

Security, Security, Security

Over the past couple of years we’ve seen highly sensitive information moved to the cloud in a very secure manner. There have been high-profile agencies, including the Department of Veteran Affairs and some of the intelligence agencies that actually took this step. Over the past 18 months, since we found solutions that have been adopted, evidence has shown that if managed properly, the cloud is as safe as an on-premises legacy structure.

Average Duration of Cloud Contracts

The government has strict opt-out clauses in all of their contracts. They do have the ability to, essentially trample the contract for no cause. There is a yearly renewable period, but what actually occurs is that the vendors and resellers have backed their solutions in to allow their cloud model be procured in a government way. This is where Avnet has come in and assisted by financing and allowing our vendors to feel comfortable when they have a long-term annuity, so they can make their margin in later years. It also allows them to feel comfortable selling to the government. It is a two-pronged issue since the government does not want to procure on a long-term basis, and sign multi-year contracts. If they do, there will be an option year where they will have the right to terminate.

Our vendors typically see their return on investment in the later years. We’ve focused on that over the past 18 months, and developed creative financial solutions to allow all sides to be comfortable with the cloud deal. The government can continue to procure on a yearly basis, while the vendor realizes the ROI in the same manner as selling to the public sector.

FedRAMP Certification not Necessarily a Reason to Trust Cloud Vendors

We see an overwhelming consensus among the reseller community and on the government side that FedRAMP is essentially broken. Some confidence has been lost in the FedRAMP process, both with the certification and maintenance of ongoing FedRAMP contracts. There are companies, like MeriTalk, that are out there actively attempting to fix FedRAMP. We feel that at its core, FedRAMP is something that will instill that confidence in IT buyers, if it is managed and utilized efficiently. I think we are now moving in that direction. FedRAMP doesn’t resonate with the confidence it should right now, but I do believe it is being fixed, and will continue to be the standard for cloud certification. The FedRAMP certification doesn’t give all the necessary confidence that it should to government buyers, but that will also change.

Satisfaction Level of Government Cloud Adopters

It varies widely and depends on the agency and how they are utilizing the cloud. We see an over 80 percent satisfaction rate, when we talk about private cloud. We also see varying levels of satisfaction, depending on the vendor and their particular solution. For instance, Amazon has a different level of acceptance or approval rating than other cloud providers.

Vendors Must be More Transparent

We are seeing an evolution of cloud. The initial focus of the vendor was around the pain point that the government initially expressed: cost saving, increased productivity, improved customer service, and application cost. From the federal perspective, we’ve seen more than 75 percent say that the cloud has increased their productivity, improved customer service and application cost. The next level is being peeled back now, and we are seeing new pain points, including the documentation and management of the cloud environment.

There is a lot of active work by our vendors and suppliers, and also the professional services companies that implement the cloud solutions, in building more open and transparent protocols and documentations. It is a concern of the agencies, but we see the vendors making an effort to address that. It’s a phased approach and we are reacting to what the government agency may need at the time. We’ve gone past that first layer with good success metrics, and there is a major effort at enhancing the documentation and communication between the vendors and the agencies.

Public vs. Private Cloud

It’s a perception issue. A private cloud is seen as an environment where the agency has control over their data, and that’s because their data is physically on their premises. They have a comfort level with that, and a perception that their data is more secure because it is in front of them. The technology advancements in security over the past 36 months have allowed public cloud environments to become equally as safe as private cloud environments. Advancements in firewalls and physical security have allowed public cloud vendors to state that their solutions are equally, if not more safe than private clouds.

 

Speaker: Milo Speranzo

Milo Speranzo serves as the Director of Strategy and Compliance for Avnet Government Solutions, a wholly owned subsidiary of Avnet, Inc. focusing on the U.S. public sector. Speranzo is responsible for driving the vision, strategy, revenue, profitability and ensuring the compliance of the Avnet public sector business. Speranzo has more than 17 years’ experience in the public sector, leading, consulting, maintaining compliance, developing best practices and managing procurement operations. Prior to becoming an entrepreneur, Speranzo served in the United States Air Force and as a Department of Defense (DoD) civilian as chief of command and control. He was awarded the 22nd Air Force Command NCO and USAFRES C2 NCO of the year in 2006 and 2007 and is still the only person to achieve this accolade in back-to-back years.

About Avnet Government Solutions

avnet2  Exclusive: The Consensus is That FedRAMP is Broken and Confidence Lost – Avnet avnet2Avnet Government Solutions is a wholly-owned subsidiary of Avnet, Inc., one of the largest global distributors of electronic components, computer products and embedded technology. Avnet Government Solutions delivers cost-effective services, software and hardware solutions that address the business needs of value added reseller (VAR) partners and suppliers engaged in public sector markets. Specializing in the federal, state, local and education markets, Avnet Government Solutions helps independent software vendor, systems integrator and value-added reseller partners capture IT market share with the U.S. government.

About MeriTalk

meritalk  Exclusive: The Consensus is That FedRAMP is Broken and Confidence Lost – Avnet meritalkMeriTalk is a public-private partnership that leverages an award-winning editorial team and world-class events staff to produce unmatched news, analysis, and insight that improves the outcomes of government information technology. MeriTalk’s editorial mission is to engage Federal chief information officers, along with their industry counterparts and Federal IT policymakers at the most senior levels of government, through news, feature stories, exclusive studies and reports, events, and professional multimedia productions.