From the Carahsoft ATO and Cloud Security Summit
8/12/25
As cybersecurity threats escalate, cloud adoption accelerates, and compliance demands evolve, the conversation around Authorities to Operate (ATO) and cloud security is taking center stage. At the Carahsoft ATO and Cloud Security Summit, three leaders — Dave DeWalt, Founder and CEO of NightDragon; Gaurav Pal, Principal at stackArmor; and Zachary Zapata, Director of Assessments and Documentation at SAP NS2 — shared their perspectives on strengthening resilience, streamlining compliance, and fostering deeper industry-government collaboration.
Dave DeWalt, Founder and CEO of cybersecurity investment and advisory firm NightDragon, brought more than 25 years of frontline experience to his perspective on today’s escalating threat environment. He noted a 200% increase in Chinese-attributed nation-state attacks in just the past year, pointing to increasingly sophisticated advanced persistent threats targeting U.S. systems.
DeWalt emphasized that while cloud adoption and FedRAMP certifications can reduce the attack surface, agencies must also ensure operational resilience to withstand outages or breaches at the provider level. With AI-generated code becoming commonplace, he said, securing autonomous code delivery and implementing continuous compliance will be critical. As DeWalt put it, “The bad guys are moving really, really fast — the good guys have to move really faster.”
Gaurav Pal, Principal at stackArmor, framed ATO as a fundamental governance mechanism for ensuring the security and compliance of software and services consumed by government agencies. He pointed to recent directives, including a memo from the Secretary of Defense, as evidence of the growing priority placed on ATO, FedRAMP, and CMMC.
Pal stressed that the urgency today stems from the rapid rise of AI-enabled missions, which depend on secure and compliant cloud environments. While automation tools and large language models are helping speed documentation and decision-making, he argued that leadership commitment is the real catalyst for lasting change. “What’s really driving the change… is the sense of purpose from the leadership,” Pal said, underscoring the importance of top-down resolve in breaking down outdated compliance barriers.
Zachary Zapata, Director of Assessments and Documentation for SAP NS2, focused on the FedRAMP 20x initiative and its “do once, use many” approach to enable faster, more consistent security control implementation across agencies. He stressed the importance of understanding control inheritance between cloud service providers and agencies, ensuring both parties know their responsibilities.
Zapata also highlighted the role of governance in building trust, noting that new policy frameworks around AI, the growth of CMMC, and other emerging programs will shape future security requirements. He argued that proactive engagement between industry and government will help agencies migrate to cloud with greater confidence. “That partnership with industry really allows them to grow trust in the process,” he said.
The insights from DeWalt, Pal, and Zapata converge on a central theme: securing the future of federal missions requires the right blend of technology innovation, governance reform, and partnership. Continuous ATO, advanced automation, and cloud security advancements will help speed innovation, but leadership commitment and mutual trust will remain the foundation for safeguarding systems in an era of unprecedented change.