We've covered how government procurement is evolving to meet the way agencies implement and consume technology. From agencies' use of public cloud platforms to agile development methodologies, old acquisition methods are unable to keep up with the pace and process required by modernization and digital transformation goals across government. In fact, the Modernizing Government Technology (MGT) Act was implemented to allocate funds specifically for the update of legacy IT systems to help agencies improve service delivery to the public, secure sensitive data and systems, and increase efficiency. To meet these mandates, procurement processes and technology have to change to be more in tune with the digital transformations happening at the operational level.
The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.
With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.
Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.
With the government fiscal year starting in October, our Federal government gets a head start on their New Year's resolutions. As we launch into a new year--a new decade, even--we wanted to take a quick look at government technology priorities for 2020 and beyond.
Cybersecurity - In the past decade security has transitioned from a stand-alone technology that had to be added to planning and systems, to a utility-type service that is baked into every piece of technology deployed within government. This fall, Federal CIO, Suzette Kent shared her focus areas for the next year (and beyond) to include cross-agency information sharing, improved identity management, and increased workforce cybersecurity literacy.
Reskilling - The introduction of automation into administrative functions is driving a need for employees to be re-skilled. While machines are not taking over the jobs of humans, they are improving efficiency in many roles, freeing up time for people to take on more complex (and frankly, more interesting and more important) roles within an organization. Continue reading
With the closing of the decade, we thought it would be interesting to look back at the top technology headlines of 2009 and compare them to where the market is today.
Data on the Rise
Big news was the launch of data.gov in late May of 2009. The site was championed by the country's first Federal CTO, Vivek Kundra, as a way to enable citizens to access federal data. In addition to making the government more transparent, the hope was that private sector could use the massive amount of federal data in research and to create innovative programs and solutions. The site launched with 47 data sets and as of the last reporting (June 2017) it now holds approximately 200,000 datasets, representing about 10 million data resources. Beyond these numbers, data.gov's impact has been significant.
Thousands of programs can point to the site as the basis for their development. More importantly, it launched a new way of thinking in government. Agencies stopped being as territorial about their data and slowly but surely became more open to sharing it with one another and with the public as they saw what innovation can happen with simple access. In 2019, the vision of data.gov expanded with the Open, Public, Electronic and Necessary Government Data Act, requiring that nonsensitive government data be made available in machine-readable, open formats by default. Continue reading
The phrase "Supply Chain" may make you immediately think of retail giants like Amazon and Walmart or manufacturers like GM and John Deere, but government is highly reliant on security supply chains. A supply chain is the network of all the people, organizations, resources, activities and technology involved in the creation and sale of a product. It encompasses the delivery of source materials from the supplier to the manufacturer, to its eventual delivery to the end user. In government, supply chains have come front and center with the Trump administration's rulings banning government use of products from certain Chinese manufacturers citing security concerns that products could contain ways for the Chinese to spy on the U.S. Companies selling technology to the government have to be able to trace the source of all elements of their products to ensure nothing originated with the banned distributors.
Being able to do this requires a mature supply chain process and solution. Interagency committees have been established to determine best practices in securing increasingly complex supply chains. Understanding supply chains is an expensive undertaking and one survey found that small and mid-sized businesses are opting out, counting on the fact that they will not be the ones called out to defend their supply chain to government. This mentality may not be an option for long.
DoD is getting more and more prescriptive in their security and supply chain guidance, adding the review of contractor purchasing systems as part of bid reviews. GSA has also explored banning the use of refurbished IT, since that includes products where a supply chain cannot be re-created.
The rules and regulations around supply chains can seem just as complex as the chains themselves. Luckily, it's a topic of discussion at a number of upcoming events.