Finding Business Continuity in the Cloud

More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.

Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.

Continue reading

For Government, It’s Already 2021

With many people in a rush to put 2020 behind us, those of us in the government market can safely say we're operating like it's 2021 (not as fun as partying like it's 1999, but anything beats 2020, right?). While the rush to meet the deadline for federal government fiscal year (GFY) spending on September 30 may have felt oddly comforting in its familiarity, there are many changes happening in government acquisition and procurement to make processes more responsive to today's workforce and technology needs.

The use of automation is expanding beyond using Robotic Process Automation (RPA) to handle rote, repetitive tasks. RPA has been incredibly beneficial for freeing up the time of acquisition professionals to focus on innately human activities, rather than administrative tasks. Now, acquisition groups are going a step further and introducing Artificial Intelligence (AI) to improve processes by tapping into all of the data available in acquisition systems. For example, GSA uses an AI-enabled bot to "track, find and change Section 508 disability clauses in contracts." This helps ensure compliance, feeding updated clauses to humans for final review.

In September, the Department of Defense (DOD) issued Directive 5000.01, an update to the 5000 series instructions that focuses on the roles and responsibilities for its acquisition process in an effort to simplify the buying process. The end goal of this simplification is to get technology in the hands of the warfighter faster. Continue reading

Do Your Part. Be CyberSmart: 2020 Cybersecurity Awareness Month

For the past 17 years, the Cybersecurity & Infrastructure Security Agency and the National Cybersecurity Alliance have led a month-long national focus on cybersecurity best practices. In coordination with a number of organizations around the country, each October features events and campaigns to help educate businesses and individuals on avoiding dangers lurking online. As with everything else, the activities for the 2020 Cybersecurity Awareness Month will look a bit different. But perhaps it is fitting that most of it will be taking place online. It's a great opportunity to practice what you preach when hosting virtual events and resources.

The theme for 2020 is "Do Your Part. #BeCyberSmart," encouraging individuals and organizations to look at their own role in protecting cyberspace and providing proactive steps to enhance cybersecurity. A big part of this is the idea of "if you connect it, protect it." Resources and speakers will focus on securing devices at home and at work, securing Internet-connected healthcare devices, and looking ahead to the future of connected devices.

In government, doing "your part" means making a transition to a zero trust security environment where access controls are maintained around data and systems even after someone has shown the proper credentials to get into the network. The name "zero trust" implies a difficult hurdle that has to be overcome to earn the trust, but that is not the case. A different way of looking at it is "context-based trust" or "variable trust" meaning that devices with network access will receive immediate entry. Other devices that are unknown to the network will be subject to additional checks and balances. Key to this is establishing what is perceived as normal behavior on the network and by users. As activity deviates from that norm, systems and data can be locked up until legitimate access is verified. Continue reading

When Telework Stopped Being a Remote Possibility

Man Working Using Laptop on Coffee TableAt the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:

  • The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.
  • The Office of Personnel Management (OPM) issued Temporary Procedures for Personnel Vetting and Appointment of New Employees During Maximum Telework Period Due to Coronavirus COVID-19. These procedures included deferring the fingerprint requirement for background checks and opened the door to PIV card alternatives like the one created by DHS.
  • Continue reading

Entering a Brave New World of Government Acquisition

We've covered how government procurement is evolving to meet the way agencies implement and consume technology. From agencies' use of public cloud platforms to agile development methodologies, old acquisition methods are unable to keep up with the pace and process required by modernization and digital transformation goals across government. In fact, the Modernizing Government Technology (MGT) Act was implemented to allocate funds specifically for the update of legacy IT systems to help agencies improve service delivery to the public, secure sensitive data and systems, and increase efficiency. To meet these mandates, procurement processes and technology have to change to be more in tune with the digital transformations happening at the operational level.

Continue reading