Seventy Percent of IT Managers Say Feds Will Rely on Hybrid Cloud Environments in 10 Years

Security Lessons for Agencies’ MGT Act Modernization Plans

ALEXANDRIA, Va.--()--MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, “To Cloud or Not to Cloud? That Isn’t the Question...” The study, underwritten by Fortinet, reveals Federal agencies’ plans to maintain some on-premises data centers, while continuing to move infrastructure to the cloud – Federal IT decision makers state their ideal platform mix today is 39 percent physical servers and 61 percent cloud. In fact, 70 percent of Feds believe that in 10 years, the majority of Federal agencies will rely on hybrid cloud environments to power core applications.

According to the study, the number one challenge Feds face in the cloud journey is expanding security measures and policies to cover cloud environments. And, the percentage of Feds who consider their security to be “excellent” in these environments is very low – only 35 percent for private cloud; 21 percent for public cloud; and 27 percent for moving between physical and virtual environments.

Complicating matters, 85 percent of Federal IT managers describe their current infrastructure environment as “complex,” and just 34 percent report having a high level of visibility into that environment. Feds say this level of complexity (54 percent) and lack of visibility (53 percent) puts them at significant risk for a security breach.

In the long run, Feds say successful hybrid cloud adoption will reduce their agency’s security spending (70 percent) and strengthen their agency’s overall security posture (69 percent). But, not all are experiencing these benefits today. Agencies report split experiences on whether hybrid cloud environments have positively or negatively impacted:

  • Visibility (40 percent versus 38 percent)
  • Complexity (35 percent versus 47 percent)
  • Security (42 percent versus 42 percent)

“With a mandate from the White House to migrate to the cloud, Federal agencies are feeling the pressure for a timely, secure shift, with minimal disruption,” said Phil Quade, chief information security officer, Fortinet. “The good news is that some modern commercial security solutions enable cloud migration (hybrid cloud and non-cloud), rather than force organizations to take an all-at-once or all-or-nothing approach. In fact, there are options that can not only enable agencies to ensure their choices keep government and citizen data safe, but actually increase visibility and control, enable agile segmentation, and otherwise protect their systems at speed and scale in distributed and multi-cloud environments.”

As a step in the right direction, the majority of Feds (87 percent) employ formal governance policies while collaborating with other departments, agencies, and external cloud providers. The study finds agencies are almost twice as likely to say hybrid cloud adoption has made a positive impact on their agency’s infrastructure complexity if they employ two or more of the following governance strategies: Known systems of record, defined/identified data owners, quality, documented metadata, or well-understood data integration process.

“The keys to successful migration to the cloud can be found in FITARA,” said Congressman Gerry Connolly (D-VA) in response to the study’s findings. “If agencies empower their Chief Information Officers and establish a strategy to consolidate and optimize their data centers, they will be prepared to implement cloud solutions that will result in both savings and increased security. Agencies that fail to take those steps will find themselves in a difficult position to take advantage of the MGT Act and falling behind the curve of Federal IT management.”

Additionally, agencies with “excellent” security integration between their agency’s physical and virtual environments are significantly more likely than those without to:

  • Apply a third-party security fabric (46 percent versus 15 percent)
  • Integrate security into a SIEM or other analytic tool (46 percent versus 17 percent)
  • Centralize management to enable automation (46 percent versus 33 percent)

“Alas, poor Yorick – he didn’t think all the way through his cloud migration strategy,” says Steve O’Keeffe, founder, MeriTalk. “Agencies need to consider the lessons of this study as they build their MGT investment funding case – as every CIO and CISO knows, practical is better than theatrical.”

Moving forward, the report implores Feds to consider the words of William Shakespeare: “Every cloud engenders not a storm.”

“To Cloud or Not to Cloud? That Isn’t the Question...” is based on an online survey of 150 Federal IT managers familiar with their agency’s security efforts, both inside and outside of cloud, in September 2017. The report has a margin of error of ±7.97% at a 95% confidence level. To download the full report, please visit:

About MeriTalk

The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Focusing on government’s hot-button issues, MeriTalk hosts Big Data Exchange, Cloud Computing Exchange, Cyber Security Exchange, and Data Center Exchange – platforms dedicated to supporting public-private dialogue and collaboration. MeriTalk connects with an audience of 115,000 government community contacts. For more information, visit or follow us on Twitter, @MeriTalk. MeriTalk is a 300Brand organization.


Sarah Masuda, 703-883-9000, ext. 126

Release Summary

MeriTalk's new study reveals Federal agencies’ challenges associated with managing and securing hybrid cloud environments.


Sarah Masuda, 703-883-9000, ext. 126