Tag Archives: Cloud

Formalizing the Future of Cloud in Government

Posted on by

In one of its first acts, the 117th Congress passed the FedRAMP Authorization Act. This bill codifies the Federal Risk and Authorization Management Program (FedRAMP) and, in the process, speeds up the time it takes for cloud solutions to be implemented in the Federal government. Currently, cloud solutions must frequently gain separate authority to operate statuses for each agency where they are used. This bill looks to have the General Services Administration (GSA) automate processes to promote reciprocity for security validations from one agency to another.

This bill was passed at a critical time for cloud adoption within government as agencies continue to accelerate their digital plans to meet the needs of a remote workforce. While the way has been cleared for "emergency" use of cloud to keep the business of government running, laws and policy like this Act ensure that there is long term support for the move to cloud services.

Continue reading

Finding Business Continuity in the Cloud

Posted on by

More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.

Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.

Continue reading

For Government, It’s Already 2021

Posted on by

With many people in a rush to put 2020 behind us, those of us in the government market can safely say we're operating like it's 2021 (not as fun as partying like it's 1999, but anything beats 2020, right?). While the rush to meet the deadline for federal government fiscal year (GFY) spending on September 30 may have felt oddly comforting in its familiarity, there are many changes happening in government acquisition and procurement to make processes more responsive to today's workforce and technology needs.

The use of automation is expanding beyond using Robotic Process Automation (RPA) to handle rote, repetitive tasks. RPA has been incredibly beneficial for freeing up the time of acquisition professionals to focus on innately human activities, rather than administrative tasks. Now, acquisition groups are going a step further and introducing Artificial Intelligence (AI) to improve processes by tapping into all of the data available in acquisition systems. For example, GSA uses an AI-enabled bot to "track, find and change Section 508 disability clauses in contracts." This helps ensure compliance, feeding updated clauses to humans for final review.

In September, the Department of Defense (DOD) issued Directive 5000.01, an update to the 5000 series instructions that focuses on the roles and responsibilities for its acquisition process in an effort to simplify the buying process. The end goal of this simplification is to get technology in the hands of the warfighter faster. Continue reading

Do Your Part. Be CyberSmart: 2020 Cybersecurity Awareness Month

Posted on by

For the past 17 years, the Cybersecurity & Infrastructure Security Agency and the National Cybersecurity Alliance have led a month-long national focus on cybersecurity best practices. In coordination with a number of organizations around the country, each October features events and campaigns to help educate businesses and individuals on avoiding dangers lurking online. As with everything else, the activities for the 2020 Cybersecurity Awareness Month will look a bit different. But perhaps it is fitting that most of it will be taking place online. It's a great opportunity to practice what you preach when hosting virtual events and resources.

The theme for 2020 is "Do Your Part. #BeCyberSmart," encouraging individuals and organizations to look at their own role in protecting cyberspace and providing proactive steps to enhance cybersecurity. A big part of this is the idea of "if you connect it, protect it." Resources and speakers will focus on securing devices at home and at work, securing Internet-connected healthcare devices, and looking ahead to the future of connected devices.

In government, doing "your part" means making a transition to a zero trust security environment where access controls are maintained around data and systems even after someone has shown the proper credentials to get into the network. The name "zero trust" implies a difficult hurdle that has to be overcome to earn the trust, but that is not the case. A different way of looking at it is "context-based trust" or "variable trust" meaning that devices with network access will receive immediate entry. Other devices that are unknown to the network will be subject to additional checks and balances. Key to this is establishing what is perceived as normal behavior on the network and by users. As activity deviates from that norm, systems and data can be locked up until legitimate access is verified. Continue reading

When Telework Stopped Being a Remote Possibility

Posted on by

Man Working Using Laptop on Coffee TableAt the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:

  • The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.

  • The Office of Personnel Management (OPM) issued Temporary Procedures for Personnel Vetting and Appointment of New Employees During Maximum Telework Period Due to Coronavirus COVID-19. These procedures included deferring the fingerprint requirement for background checks and opened the door to PIV card alternatives like the one created by DHS.

    • Continue reading