When the Office of Management and Budget first conceived the Federal Risk Authorization Management Program (FedRAMP) back in 2010 and launched it in 2011, the concept was supposed to make it easier for agencies to move to secure cloud instances. Unfortunately for agencies and vendors alike, turning that proposal into reality has been more difficult than imagined. At the same time, the FedRAMP program management office saw and heard—sometimes quite loudly—the calls to simplify its processes without losing any security rigor. That’s why FedRAMP issued a white paper in February asking for feedback on the threat-scoring methodology with the goal of ensuring that consistency and rigor while continually reducing the burden of FedRAMP. Brian Conrad, the acting director of FedRAMP, said the latest set of initiatives strive to continually improve the government-wide program. Hear from leaders at FedRAMP, CISA, NIST, GSA, DoD and DHS on how changes such as automation and simplification are likely to impact the cloud security program in the latest Federal News Network Expert Edition report.
For Digital Communications, Cloud Meets Agency Needs for Security, Scalability
“Much has been made of the government’s pivot to a mostly telework environment last year, especially with regards to how to enable government employees to maintain their mission and collaborate effectively. But less attention has been paid to the equally important subject of how agencies interact with their constituents, across agencies and out to businesses and consumers. The journey to providing digital services has been happening for years, but much like telework, the COVID pandemic acted as an accelerator to these efforts. Agencies have multiple ways of communicating with their constituents, each with their own specific requirements. For example, agencies that publish information for public consumption need to be able to host this information on their websites, and it has to be available to and consumable from a myriad of devices to suit the needs of the public. Likewise for email newsletters, where people can sign up to hear the latest information an agency has to offer. But those are one way communication channels, agency to public. Communication also has to move the other way, to allow constituents to get in touch with agencies.”
Read more insights from Adobe’s Vice President and Public Sector CTO, John Landwehr.
How Government can Innovate at the Speed of the Private Sector
“Governments have unique security needs for a reason. No other entity has such diverse, unique missions or collects such a huge volume of data – such as scientific, medical, tax, Social Security, defense and classified intelligence. But the idea that these security needs can prevent government agencies from innovating at the speed of the private sector is a myth. Think for a moment about all of the varied ways that data collected by federal agencies can be used. Take a very simple example: GPS location data. While most people think of that data in terms of being able to use their smartphone to find the best path from point A to point B, governments may use it for a variety of missions. But Salesforce has also used that data to develop maps that allow agencies to track the locations of wildfires and the deployment of first responders, helping those agencies protect lives and prevent property damage.”
Read more insights from Salesforce’s Principal Solutions Engineer, Matt Goodrich.
Social Media is Increasingly Important to Federal Agencies. Here’s How They Can Do it Right.
“The COVID-19 pandemic forced massive changes in the way the government does business. In the beginning, all efforts were focused on enabling a primarily telework environment for federal employees, and securing that environment from outside threats. But after a year, those changes are spreading into other areas of business, forcing federal agencies to continue to adapt. Not least among those new challenges is the way agencies communicate with their constituents Many traditional brick and mortar locations are closed, shutting off that avenue for citizens to contact their government. In response, federal agencies are turning to digital communication methods to fill the gap. Websites and portals are one way citizens can find information published by agencies or access services. But the average American now spends two hours a day on social media, and federal agencies have to go where their citizens are. That means developing a strategy for communications, including new workflows and measures to ensure their security.”
Read more insights from Hootsuite’s Global Principal Solutions Consultant, Ben Cathers.
Agencies Need Better Data Intelligence – FedRAMP is Giving Them the Opportunity
“One of the biggest challenges agencies have to deal with when it comes to securing their data is their budget. Even if Congress were to increase funding for cybersecurity, that budget still has to be spent in the most efficient and effective way possible. That means agencies need to know their data inside and out: what it is, where it is, and what degree of security is appropriate to ensure its integrity and confidentiality. That’s important, because bad actors are targeting the data itself. They don’t care what infrastructure or platform it’s sitting on. They just want to exploit the data. That means agencies need a governance model. ‘Agencies are using many different types of technologies and varied database sources. And they’re operating very heterogeneous environments. They need technology that allows them to connect into all of those various data sources, and identify and understand what data exists in those locations,’ said Mike Lyons, chief information security officer at Collibra, a leading Data Intelligence software vendor. ‘Government agencies should be looking at cloud-based technologies for the purposes of securing their information, understanding their information, and frankly, trusting it.’”
Read more insights from Collibra’s Chief Information Security Officer, Myke Lyons.
Okta Can Be the Zero Trust Broker for Cloud Services
“When most people think about IT modernization, what they’re really thinking about is adopting cloud services. That’s true both for the innovation side of things and on the security side. The National Security Agency and other agencies heavily involved in cybersecurity recommend going to zero trust for modernizing identity and access management, and using cloud services to do so. That’s especially important in today’s environment, where workforces have been operating at maximum telework for almost a year. Most agencies’ network boundaries are no longer in their office buildings where they have total control, but are now in people’s homes. ‘A good friend of mine talked about this in the beginning of the lockdown. He basically said my agency went from 100 branch offices to 10,000 branch offices,’ said Sean Frazier, federal chief information security officer at Okta. ‘That’s exactly the mindset you have to take, which is now all of a sudden, I’m managing endpoints further out than I thought I was managing it. And zero trust is really the perfect security architecture for that use case.’”
Read more insights from Okta’s Federal Chief Security Officer, Sean Frazier.
Download the full Federal News Network Expert Edition report for more insights on the future of FedRAMP from Carahsoft’s technology partners and leaders at FEDRAMP, CISA, NIST, GSA, DoD and DHS.