It’s Not Enough to be First, You Have to be Smart – Cloud Smart

Over the past year, there has been a shift in the way government approaches the cloud. No longer are agencies asked to go "cloud first," they are now urged to be "cloud smart." This change is not just a matter of semantics; it is a different way of thinking. Rather than choosing a cloud solution to meet mandates, agencies are examining whether the cloud is the right platform for the application or system in question. Cloud Smart also means picking the right kind of cloud - public, private, or hybrid/multi cloud to meet user, administration, and security needs.

One way to be Cloud Smart is to follow FedRAMP guidance. While this program is not without its challenges (including the speed at which technologies get approval), it is still a valuable tool to ensure that industry standards and security protocols are met. Participation in the program is growing with 150 participating agencies and over 130 FedRAMP-authorized cloud service offerings.

While guidance around how to proceed to the cloud is evolving (along with the cloud technology), agencies are pushing forward and finding their smart path to cloud and, more importantly, creating new ways to interact with their constituents. For example, the U.S. Department of Agriculture's (USDA) Farm Production and Conservation division made the shift to a commercial platform-as-a-service (PaaS) for Farmers.gov. This site "allows farmers, ranchers, foresters and agriculture producers to register their businesses electronically and gain personalized access to the services they need to manage their operations." By using cloud technologies, USDA found they could save their developers time, enabling them to focus on configuring, rather than coding.

There are several events that feature examples of these cloud successes and discuss how to overcome technical, policy, and cultural barriers to smart cloud adoption.

  • DC CloudWeek (June 3-7, 2019; Washington, DC) -- This SXSW-style citywide festival brings together thousands of government and tech leaders from around the nation to share how the cloud is transforming government, academia, nonprofits, and the private sector. It includes dozens of community conferences, events, and parties.
  • AWS Public Sector Summit (June 11-12, 2019; Washington, DC) -- This event brings together innovators who are changing the world with cloud computing to share their successes and lessons learned to guide wider cloud adoption in government. The conference aims to send attendees back to their office with new strategies and techniques for kicking off new projects, maximizing budgets, and achieving mission goals.
  • ATARC Federal Cloud and Infrastructure Summit (June 25, 2019; Washington, DC) -- This educational, one-day symposium will examine the cloud tools and techniques being used by the Federal Government to provide agencies with greater efficiency and cost savings. The morning session will feature speakers and panels with government thought leaders, while the afternoon includes the MITRE-ATARC Cloud Collaboration Symposium, where government, academic, and industry subject matter experts will examine cloud and data center challenge topics.
  • 2019 Cyber Security Brainstorm "Cyber Strong: Cyber's New Frontier" (August 8, 2019; Washington, DC) -- This half-day program will discuss integrating cloud and other next-gen technologies, strategies for building cyber strength, and preparing the workforce for these technological changes.
  • KubeCon | CloudNativeCon (November 18-21, 2019; San Diego, CA) -- The Cloud Native Computing Foundation's flagship conference gathers adopters and technologists from leading open source and cloud native communities to further the education and advancement of cloud

Let us know your go-to events for cloud information with details in the comments.

AI is Ready for Prime Time

Artificial Intelligence (AI) is a hot buzzword being thrown around in technical as well as business circles as a way to increase the efficiency of organizations. More than just a buzzword or "next big thing," it is now official policy of the United States. This February the President issued an executive order directing federal agencies to invest more money and resources into the development of artificial intelligence technologies to ensure the U.S. keeps pace with the world in using AI (and related technology) for business, innovation, and defense.

On the heels of the executive order, the DoD outlined its AI plans which include using AI technology to improve situational awareness and decision-making, increasing the safety of operating vehicles in rapidly changing situations, implementing predictive maintenance, and streamlining business processes.

But with all of this focus and excitement around AI, there are many groups raising concerns. Paramount is the federal workforce who sees AI technology potentially taking over their work. A recent survey found that while 50 percent of workers were optimistic that AI would have a positive impact, 29 percent said they could see new technologies being implemented "without regard for how they will benefit employees' current responsibilities." Across government, technology leaders are working to ease fears, stating that technology will take on the rote, manual tasks that humans tend to dread, freeing up people to spend additional time on more strategic, meaningful work.

Another group wary of AI's broad impact are security experts who say that with new, more advanced technologies come new, more advanced threats. In an effort to get in front of these threats, DARPA has launched the Guaranteeing AI Robustness against Deception (GARD) program. This program aims to develop theories, algorithms, and testbeds to aid in the creation of ML models that will defend against a wide range of attacks. Continue reading

Agile Acquisition

Don't let the title mislead you, today we're not talking about acquiring Agile services (though, that plays a role) but rather about how government is making their procurement process more flexible and dynamic to meet the needs of federal teams and citizens alike. We've written here about the challenges in government acquisition--from the retiring workforce, to concerns of end-of-year spending, to incompatibility with modern technology. Given these challenges, we've seen a shift in recent years from the "that's the way it's always been" mentality to one of innovation.

There is some guidance on making changes to procurement including the introduction of Other Transaction Authority (OTA), a way to more quickly carry out certain prototype, research, and production projects. OTAs incorporate business practices that reflect commercial industry standards and best practices into its award instruments. But, what is having a greater effect is agencies taking risks and trying new procurement methods on a one-off basis to see what works.

Lesley Field, the deputy administrator of the Office of Federal Procurement Policy, said in an interview, "I see a lot of appetite out there for taking risks, calculated risks and bringing our industry partners along." She went on to talk about how agencies should be willing to try new ways of acquiring goods and services and be willing to learn quickly from mistakes and change course. Also communicating those lessons learned across government is crucial to government-wide procurement reform. Continue reading

The Next Step in Data Center Consolidation

Data center consolidation has been a mandated goal in the federal government for a number of years. The introduction of cloud, virtualization, and shared services means the government can run more efficiently with less hardware that no longer requires huge, physical servers to sit in buildings. Many of which were built for the sole purpose of housing servers. Consolidation saves money on technology, the support of that technology and also reduces agency real estate footprints and needs. While agencies have made some strides, the OMB sees the progress to date as going after low hanging fruit and is now challenging agencies to think bigger.

According to a drafted policy issued in November, OMB stated, "Agencies have seen little real savings from the consolidation of non-tiered facilities, small server closets, telecom closets, individual print and file servers, and single computers acting as servers." The push now should be in moving to the cloud and shared services, and looking to commercial third parties to host government data.

More than moving servers and workloads, data center consolidation relies on changing the way agencies manage data. The Data Accountability and Transparency Act was enacted to make information on government spending more transparent. Doing so requires agencies to agree to and implement data standards so that information can be shared across government and openly with the public. This implementation of standards has been a stumbling block for compliance. Continue reading

FedRAMP’s Ongoing Evolution

The Federal Risk and Automation Management Program, commonly known as FedRAMP, was introduced in 2010 and signed into policy at the end of 2011 as a "standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services." In plain English, it provides a baseline for agencies to determine if a cloud solution is secure enough for them to use. Vendors get FedRAMP certified as a way to prove their solution is ready to plug and play into federal systems.

In recent years, cloud has moved from a curiosity for most agencies to a key part of IT infrastructure. With this change in cloud acceptance and use, FedRAMP has also started to evolve to meet today's needs. Last summer, Rep. Gerry Connolly introduced the FedRAMP Reform Act of 2018 as a more stringent enforcement of the use of FedRAMP guidance. Continue reading