Tag Archives: Security

Blockchain’s Role in Managing COVID

Posted on by

Blockchain technology is a new way of passing information from point A to point B. The data passes through a "block" that gets validated by a network of unrelated computers, and democratizes the transfer of data. This creates a transparency for the path of the data and makes that path irreversible. It also allows for computational logic to be attached to data, enabling automation around actions associated with it.

 

Organizations across government have been experimenting with ways blockchain technology could make transactions more efficient, secure, and transparent. With the COVID-19 pandemic the ability to easily, securely, and transparently share data has never been more important. In the many areas of our lives affected by the pandemic, blockchain is proving to be a tool for meeting the quickly evolving demands of public health, financial markets, and even democracy itself.

Continue reading

Finding Business Continuity in the Cloud

Posted on by

More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.

Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.

Continue reading

Making the Grade: All Agencies Receive a Passing Score on FITARA Scorecard

Posted on by

For the first time ever, every government agency received a passing score on the Federal Information Technology Acquisition Reform Act (FITARA) Scorecard. Now, this does not mean that everyone made the honor roll, rather the general GPA is around a C.

FITARA was enacted in 2014, and report cards come out twice a year to measure and track progress in meeting the modernization efforts outlined in the legislation. The scorecard has evolved over the years as deadlines have passed, and new modernization metrics have been implemented.

The coronavirus pandemic underscored the need for modernization. Agencies had to hustle to move processes fully online and make them accessible to a remote workforce and the public who could no longer visit government offices to conduct business. It reinforced the need for modernization to move from a wish list or "we'll get there" item to a critical need.

In this 10th report, The General Services Administration (GSA) received an A+ grade on the scorecard for the second time in a row. The Education Department dropped out of the A-range, falling to a B. They joined two other agencies in dropping scores, while seven agencies showed improved results, and 14 stayed the same. The majority of agencies passed in the C-range. Continue reading

FedRAMP’s Role in a Post-COVID World

Posted on by

The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.

With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.

Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.

Continue reading

Get to Know the CDO

Posted on by

Chief Data Officer (CDO) may be one of the newest C-suite designations, and it's quickly becoming one of the most important. With data-driven government becoming a mandate via the Federal Data Strategy and the Evidence Act, accountability around data management is essential. More than just a way to check a compliance box, having a CDO is a smart business decision in a world where data is critical to how government organizations interact with constituents. However, having a CDO is only a start. The CDO needs to be set up for success as well.

One report indicated that 60% of federal CDOs lack a clear understanding of their role. According to Gartner, a CDO is a senior executive who bears responsibility for enterprise-wide data and information strategy, governance, control, policy development, and effective exploitation. This role makes sure data is secured appropriately for access, as well as privacy concerns, and sets the rules and processes for managing the data lifecycle. The CDO also develops solutions to use that data to create business value.

Even if the role is defined within an organization, CDOs report they lack budget authority or insight into what budget they have to complete their jobs. This mirrors what we have seen with another "young" position, CIOs. Chief Information Officers have seen their role elevated by its measurement in the FITARA scorecard, and with that tracking, are getting more budget authority and input. In addition to budget, CDOs also need the authority to set and enforce policies and processes across their organization and, in doing so, streamline communication among related groups. Continue reading