The Seismic Shift in Government: Is Cloud the Answer?

Annually, the federal government spends more than $100+ billion on IT and cyber-related investments. Of this amount, agencies have typically reported spending 80-85% on existing IT investments, including legacy systems (1)

Table of Contents

Picture of James Leach
James Leach

Government Shifts

Federal IT

Cloud Computing

Security Authorization

Technology Authorization

Government Shifts

Attention all cloud, cyber, technology, and federal system integrators! A significant shift in U.S. government policy is underway, emphasizing budget cuts and fiscal responsibility for all federal government agencies. Change is happening at an unprecedented pace, and how the technology industry responds will be critical.
While IT modernization and technology efficiency have long been priorities in the federal space, evolving policies are accelerating the need for adaptation. To stay ahead, federal technology providers must closely monitor and navigate this rapidly shifting landscape. A strong business case can be made that IT modernization, cloud and security integration can be accomplished in concert to meet the demands of the policy changes.

Federal IT

The Federal Government is one of the largest IT purchasers in the world.

Historically, Federal IT spending has been burdened by costly legacy systems, high maintenance expenses, duplication of hosting environments and inefficiencies in data management. Cloud adoption eliminates many of these challenges, allowing agencies to consolidate data centers, automate workflows, and enhance collaboration across departments. Additionally, cloud platforms provide built-in security features that align with federal compliance requirements, making them a viable alternative to traditional IT infrastructures.

(2) FY 2025 IT Budget Request Overview
(3) Published in February 2024, the 17th Federal IT Acquisition Reform Act (FITARA)

What the Federal government spends on its technology budget and how well they’ve done in implementing cloud security is outlined above.  Plenty of spend – as noted in the Deltek FY2025 Budget forecasts, not so great on the return (FITARA Cloud Security Grade).  We can do better.

Cloud Computing

Sizing up the upcoming federal budget cuts shifting landscape, the argument can be made on the opportunity for accelerated cloud transformation in government. Not a new concept, but recent policy shifts could present a revised opportunity to impact the greater good of government.

Cloud computing presents a strategic opportunity to achieve these goals by reducing infrastructure costs, improving efficiency, and increasing scalability. Rather than investing heavily in outdated on-premises systems, agencies can transition to cloud services that offer consumption-based pricing, enhanced cybersecurity, and streamlined operation.

While cloud specific spending has been rising over the past few years in federal government, much of the cloud opportunity has been stagnated by the government’s inability to modernize its infrastructure and legacy IT systems at a faster, secure pace. As noted above, if 80-85% of IT spend is on traditional IT and legacy systems – we have a business case.
Consumption of cloud services within the federal government has been growing at a consistent pace year over year but we’re still in its infancy of cloud consumption. Market intelligence reports such as Deltek, estimates that federal agency demand will grow from “$21.8B in FY 2024 to $30.3B in FY 2028”, as illustrated below (1).

The far greater business impact of federal government IT spend would be enabled by the acceleration of IT modernization and a quicker phase out of legacy IT through cloud offerings.

Not so fast everyone – security does matter. Part of a cloud first adoption and IT modernization plan requires security as a foundation to the IT transformation. In order to leverage cloud systems for government use, cloud service offerings (CSO) such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) must be authorized by the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is the federal government standard, along with the Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG), which outlines the security model for DoD’s use of cloud computing.
Just like any governance program, there is room for improvement, as noted by the
Government Accountability Office (GAO) review of FedRAMP titled “Federal Authorization Program Usage Increasing but Challenges Need to Be Fully Addressed.”
 
There is plenty of finger pointing on where the program breakdown is. Is it the government, the cloud service provider (CSP), the Agency, or the Third Party Assessment Organization (3PAO)? We’ve heard them all. Let’s just say there’s room for improvement on all sides. However, it should be noted that most welcome the change to improve the program. The foundational underpinning is that industry wants to move faster. FedRAMP has been around since 2011 – why not leverage its foundations at a much larger scale to take IT modernization and transformation to the next level?
Business velocity is where most CSP’s target – several key areas must be in place before you head down the path. Check out the FedRAMP business case video to learn more.

Why not leverage what’s already authorized? Interested in checking out the FedRAMP or DoD marketplace? If so, go to FedRAMP marketplace  or DoD marketplace to find the cloud products, agencies leveraging the offerings, and a list of accredited FedRAMP 3PAOs for you to review. As of today, the following products are listed in the FedRAMP and DoD marketplaces:

Note: Not all cloud systems make it to the marketplace (assume delta)

The truth is, there could be a lot more cloud service offerings approved if scaled appropriately.   Given the right resources to the FedRAMP and DoD programs, sponsorships and industry could easily scale to meet the demand and offer a wide range of new products and services to the federal market.

Technology Modernization

As we talk about the current policy changes, there is an opportunity to drive significant change from a technology perspective in this paradigm shift.

As noted in the recent Presidential Executive Order (January 20, 2025), Department of Government Efficiency (DOGE) was created to “implement modernizing federal technology and software to maximize governmental efficiency and productivity.” 

The administration’s change and new policy (including the creation of DOGE) is going to drive significant budget cuts and technology efficiencies across the entire government.

Love them or hate them, DOGE is here to stay for at least the next few years. Strategizing on how to align technology solutions to meet the needs of policy changes are key consideration points for federal technology providers.

Summary

As we navigate the direction of the new administration and its policy shifts, one thing is certain: change is on the horizon. These transitions present complex challenges, and we recognize and empathize with those working through them.
As the federal technology landscape evolves, policy changes will drive the need for innovation, cost efficiency, and enhanced security through transformation and scalability. For too long, federal IT spending has been weighed down by costly legacy systems and high maintenance expenses.

Adopting cloud solutions, leveraging technology providers, and leveraging a proven governance program like FedRAMP are critical steps in redefining how the government delivers services to its citizens. The policy changes are driving an environment where leveraging cloud solutions for IT transformation can have significant implications for cost savings while improving security efficiencies.

Sources:

  • (1) US GAO – Agencies Need to Continue Addressing Critical Legacy Systems – May 10, 20203
  • (2) Deltek Federal Cloud Computing Market, 2024-2028
  • (3) 17th Federal IT Acquisition Reform Act (FITARA)



+++++

Fortreum is an independent firm specializing in audit, advisory, and technical testing services, delivering cybersecurity expertise in highly regulated industries. Our mission is to simplify cloud and cybersecurity challenges for our clients. With nearly 25 years of combined experience in both the public and private sectors, Fortreum is dedicated to addressing our customers’ complex cloud and cybersecurity needs.

For more information, visit the Fortreum website or follow the company on LinkedIn at LinkedIn.com/company/fortreum.

Should you have questions about your FedRAMP, XRAMP, cloud and cybersecurity readiness, please reach out to us at Info@fortreum.com or Contact Us at https://fortreum.com/contact/

Recent Insights

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.

    Simplifying Cybersecurity Complexities

    Compliance

    Cybersecurity

    Insights

    Company

    Stay informed with our Industry Compliance Roadmaps, Technical Testing, Interviews and Resources to help you simplify cybersecurity and compliance.

      Copyright © 2025 Fortreum. All Rights Reserved.
      Facebook-f Twitter Linkedin-in