More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.
Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.
The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading →
At the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:
The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.
We've covered how government procurement is evolving to meet the way agencies implement and consume technology. From agencies' use of public cloud platforms to agile development methodologies, old acquisition methods are unable to keep up with the pace and process required by modernization and digital transformation goals across government. In fact, the Modernizing Government Technology (MGT) Act was implemented to allocate funds specifically for the update of legacy IT systems to help agencies improve service delivery to the public, secure sensitive data and systems, and increase efficiency. To meet these mandates, procurement processes and technology have to change to be more in tune with the digital transformations happening at the operational level.
We've written quite a bit about virtual events and webinars. With our new COVID reality, we thought it was an important topic to revisit.
While virtual and online events may be the only option in the short term, event organizers can benefit from a virtual mindset when they approach all events going forward. Integrating a plan to host your event virtually if circumstances demand it should be a mandatory part of the overall planning process. Organizers should have the technology in place so they can easily "turn it on" when needed. Even if the event does go off as planned, live and in-person, consider adding online aspects to increase engagement. The option to create streaming video should become an essential event utility like electricity or WiFi.
While social distancing may have accelerated the acceptance of online events, webinars, in particular, are not a new concept in the federal market. Market Connections' Federal Media & Marketing Study (FMMS) found that three-quarters of federal workers reported watching live webinars during the workday and at least one in five were watching recorded webinars on their own time (weeknights and weekends). Webinars tend to be mainly one-way communication - with a speaker presenting and time for questions at the end. Frequently, the Q&A is not done "live," rather questions are gathered via messaging, vetted, and asked by the host. However, as our collective comfort with platforms like Zoom, WebEx, and Skype grow, future webinars could become more interactive, allowing for video participation and interaction between speakers and participants.