It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.
Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.
Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network. Continue reading →
Robotic Process Automation (RPA). It may sound like a premise to a movie where robots take over the world, but it's very real and it's helping organizations realize modernization goals. Despite the name, RPA has nothing to do with robots. It is about software that uses artificial intelligence (AI) to automate high-volume, repetitive tasks. This can include queries, calculations, and maintenance of records and transactions.
In government, RPA is already being implemented in a wide variety of applications.
Inspections - As agencies look to modernize the way they perform inspections of the water we drink, the roads we travel, and the buildings we travel to, they are using RPA to move off paper-dependent processes.
Claims review -- RPA is built into an intake tool used by the Centers for Medicare and Medicaid that ingests records, automating the process and identifying potential problems.
Procurement - RPA is being used to automate and streamline the close-out process of government contracts, freeing up staff to work on actual programs, rather than spending time documenting that work.
IT asset management - Managing IT assets is a combination of automated and manual tasks. The introduction of RPA greatly reduces the need for manual intervention when it comes to enforcing governance and process, freeing up staff to work on mission-focused projects rather than tracking the technology used on those projects.
The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:
Reduce agency threat surface
Increase visibility into the federal cybersecurity posture
Improve federal cybersecurity response capabilities
Streamline Federal Information Security Modernization Act (FISMA) reporting
According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.
Fall visits to the farmers market take us back to simpler times when people lived off the land. Today's farmers may provide the same "output" of food, but how they manage the growth and distribution of it has changed dramatically.
The U.S. Department of Agriculture (USDA) was established in 1862 and was nicknamed "The People's Department" by President Lincoln because of its mission to support the farmers that feed the nation. Today, the USDA is focused on providing "leadership on food, agriculture, natural resources, rural development, nutrition, and related issues based on public policy, the best available science, and effective management."
In achieving this mission, the USDA has become a hub for innovation. It was chosen as the first host agency for a modernization Center of Excellence (CoE). Spearheaded by the General Services Administration (GSA), the CoE at USDA was established to accelerate IT modernization across government to improve the public experience and increase operational efficiency. The CoE centralizes top government tech talent and combines it with private sector experts and expertise to implement best practices to move processes and technologies ahead. The CoE is focused on five functional areas: Cloud Adoption, Contact Center, Customer Experience, Data Analytics, and Infrastructure Optimization.
The move to cloud computing in government has changed from a focus on Cloud First to Cloud Smart. The initial push to cloud encouraged agencies to look at cloud options when adding or updating technology but provided no direct guidance. This "Cloud First" push provided a way to educate agencies on what cloud is and why it is a viable option for deploying applications to the government workforce. This education worked, making even the most security-conscious agencies comfortable with moving data and applications to the cloud to gain new efficiencies in time and budget.
The Cloud Smart policy, a logical evolution of Cloud First, was introduced last year and provides more guidance surrounding security, procurement, and workforce skills to foster cloud adoption and implementation. While the value cloud can provide is widely accepted, procurement of cloud remains a stumbling block to wider, easier cloud adoption. The shift in spending from capital funds to operating funds and the fluidity of the fees based on need and usage require different language and structure in contracts. Security also continues to be a focus, creating new "shared responsibility" language in cloud agreements and plans.
To help you get smarter on how to be cloud smart, we've compiled a list of upcoming events that cover the areas related to a successful cloud deployment.