Innovation in Government from the ATO and Cloud Security Summit

 

August 6, 2024 

Presented by Carahsoft

Tune in to Innovation in Government from the ATO and Cloud Security Summit! This insightful one-hour TV program, recorded on location, features key discussions on the new FedRAMP roadmap aimed at speeding up Generative AI approvals and simplifying cloud feature deployments. The show highlights the need for improved visibility into cyber threats, securing software and overcoming legacy system integration challenges. Addressing enhancing user experience, ensuring policy compliance, and fostering coordinated efforts to tackle complex security issues and advance technology were also at the forefront.
 

Accelerating AI Integration and Streamlining Cloud Deployments

Screenshot 2024-08-01 at 8.56.38 AMBethany Blackwell, Vice President of Sales at Carahsoft, discussed the implications of the new FedRAMP roadmap during the Innovation in Government event. She highlighted the enthusiastic response to recent changes, noting that the integration of Generative AI technologies has become a focal point. The Office of Management and Budget (OMB) has introduced new measures to accelerate the approval process for these advanced technologies, reflecting their critical importance to federal agencies. Blackwell also pointed out improvements in handling change requests, which should streamline the deployment of new features and functionalities for cloud solutions. This development is expected to address customer concerns and expedite the rollout of new technologies. She observed that federal agencies are increasingly engaged with cloud and AI technologies, transitioning from experimentation to practical deployment in areas like call centers and chatbots. The growing demand for these tools underscores their significant role in solving mission-critical problems and enhancing operational efficiency.

Key Takeaways:

  1. The new FedRAMP roadmap aims to accelerate the approval process for Generative AI technologies.
  2. Improvements to the change request process are expected to speed up the deployment of new cloud features.
  3. Federal agencies are moving from experimentation to practical use of cloud and AI technologies in mission-critical applications.

 

Enhancing Transparency, Cybersecurity, and Customer Experience 

Screenshot 2024-08-01 at 8.56.18 AMEric Mill, Executive Director of Cloud Security at the General Services Administration (GSA), discussed the significance of the new FedRAMP roadmap at the ATO and Cloud Security Summit. He emphasized that the roadmap represents a strategic response to common stakeholder concerns regarding time, cost and program effectiveness. Mill highlighted the importance of transparency and engagement, encouraging cloud providers and agencies to actively participate and collaborate with GSA. He also outlined four primary goals of the roadmap: enhancing customer experience, improving cybersecurity, fostering leadership and developing a trusted marketplace. Additionally, Mill discussed the introduction of new customer-oriented program metrics designed to better measure the impact of FedRAMP processes and policies. He addressed the emerging technology prioritization framework, noting that while artificial intelligence (AI) is a major focus, the framework is designed to be flexible and adaptable to other future technologies. Mill concluded by stressing the need for expanded capacity and talent acquisition to support FedRAMP's goals, including new hires in data science and machine learning.

Key Takeaways:

  1. The new FedRAMP roadmap aims to address stakeholder concerns about time, cost, and program efficiency through increased transparency and public engagement.
  2. GSA will introduce new metrics to better evaluate the impact of FedRAMP processes on customer experience and program effectiveness.
  3. The emerging technology prioritization framework is designed to be adaptable to various future technologies, not just AI, and focuses on flexible, long-term prioritization strategies.

Overcoming Legacy System Challenges in FedRAMP Cloud Integration

Screenshot 2024-08-01 at 8.57.09 AMMatt Mandrgoc, Head of Public Sector at Zoom, discussed the primary challenges faced by federal agencies when integrating legacy systems with modern FedRAMP cloud solutions at the Carahsoft ATO and Cloud Security Summit. He identified two main issues: the limitations imposed by outdated legacy systems and the potential for automation to bridge the gap between these systems and new cloud technologies. Mandrgoc explained that legacy systems often hinder scalability and innovation because they are not compatible with FedRAMP-approved cloud solutions. Additionally, he highlighted the importance of leveraging automation to enhance efficiency and address the challenges of integrating these legacy systems with secure cloud platforms. Mandrgoc emphasized the need for a strategic approach to technology replacement, focusing on workflow improvements and automation to maximize the benefits of FedRAMP authorized platforms. He also noted that collaboration between industry and government, and adopting best practices from various sectors, can provide effective solutions for these challenges.

Key Takeaways:

  1. Legacy systems hinder scalability and innovation when integrating with FedRAMP-approved cloud solutions.
  2. Automation can significantly enhance efficiency by bridging the gap between outdated systems and new cloud technologies.
  3. Agencies should focus on strategic technology replacement and workflow improvements, leveraging industry best practices and collaboration for effective solutions.

Addressing Cybersecurity Talent Gaps and Enhancing Workforce Quality

Screenshot 2024-08-01 at 8.57.30 AMStephen Pipino, Principal Cybersecurity Architect at Salesforce, addressed both the challenges and potential solutions in cloud security during his interview. Pipino emphasized that the cybersecurity field faces significant issues related to the skills gap and compensation, which affect both government and private sectors. He stressed the need to attract highly skilled professionals to government roles, highlighting that restrictive certification requirements and limited pay often deter talented individuals. To overcome these hurdles, he advocates for more flexible hiring practices and greater collaboration between government, academia and industry. Pipino also discussed the importance of measuring success not only by the number of new recruits but also by the quality of their skills and the diversity of the cybersecurity workforce. He noted the need for better coordination between top-level agencies and individual agencies to ensure effective cybersecurity across the government.

Key Takeaways:

  1. The cybersecurity field faces a skills and pay gap, which impacts the recruitment of top talent into government roles.
  2. Government agencies should relax stringent certification requirements and consider equivalent experience to attract skilled professionals.
  3. Success in cybersecurity workforce development should be measured by both the quantity and quality of recruits, along with improved coordination across various government levels.

Optimizing ATO Processes and Automation for Enhanced Cybersecurity

Screenshot 2024-08-01 at 8.57.49 AMAmber Pearson, Deputy Chief Information Security Officer at the Department of Veterans Affairs (VA), discussed her focus on automation to enhance cybersecurity processes, particularly regarding cloud services and the FedRAMP authorization process. One of her main goals is to optimize the Authority to Operate (ATO) process to speed up cloud service deployments while ensuring strong cybersecurity measures. Pearson highlighted the challenge of reducing the traditional ATO timeline, which can take up to 360 days and the VA’s involvement in the FedRAMP board to address these challenges. The recent use of the Open Security Control Assessment Language (OSCAL) format for system security plans represents a significant step toward automating and streamlining the ATO process. Pearson also emphasized the need for a mature FedRAMP environment that supports reuse and accelerates the deployment of new technologies to better serve veterans and their families.

Key Takeaways:

  1. The VA is focusing on automation to cut down the Authority to Operate (ATO) timeline and improve cybersecurity efficiency.
  2. Participation in the FedRAMP board and the adoption of OSCAL format submissions are key to streamlining the ATO process.
  3. A mature FedRAMP environment should prioritize reuse and speed to facilitate technology deployment across federal agencies.

 

AI's Transformative Impact on Cloud Security and Data Protection 

Screenshot 2024-08-01 at 8.58.26 AMLindsey Gillaspie, Senior Solutions Engineer at Databricks, highlighted how AI is set to revolutionize various domains, including cloud security. She emphasized that AI will impact organizations whether they're directly using it or supporting its use. AI's role encompasses detecting and analyzing cyber threats, enhancing data protection, and underpinning both shiny new applications and crucial behind-the-scenes work like data governance. Gillaspie noted that AI and cybersecurity are advancing in tandem; organizations need to balance visionary use cases with foundational planning and data readiness to succeed. For learning about AI, she recommended a variety of methods tailored to individual preferences, such as podcasts, YouTube and online courses, to stay informed and up-to-date with rapid developments.

Key Takeaways:

  1. AI will significantly impact cloud security by improving threat detection and data protection.
  2. Both visionary use of AI and foundational planning, including data governance, are crucial for success.
  3. To stay informed about AI, utilize a mix of learning methods suited to personal preferences, such as podcasts, YouTube, and online courses.

 

Adapting Federal Acquisitions: Policy Compliance and Security Challenges

Screenshot 2024-08-01 at 8.58.53 AMJoanne Woytek, Program Director for NASA SEWP, discussed the evolving needs and practices in federal acquisitions. Woytek noted that while there is less concern about FedRAMP among agency customers, the focus has shifted to ensuring compliance with policies, managing software and supply chain security. Woytek highlighted the increased importance of user experience and the growing reliance on contractors to handle technical details while emphasizing the need for coordinated efforts among various security and policy groups to enhance overall security and compliance.

Key Takeaways:

  1. Agencies are more knowledgeable about their acquisition needs and focus on ensuring policy compliance and security.
  2. The shift towards user experience and policy adherence is driving current procurement practices.
  3. Coordinated efforts among security and policy groups are crucial for addressing complex security challenges and ensuring effective acquisitions.

 

Enhancing Cloud Security: The Importance of Visibility and Proactive Threat Management 

Screenshot 2024-08-01 at 8.59.11 AMKevin Greene, CTO Public Sector at OpenText Cybersecurity, emphasized the critical need for increased visibility in cloud security to effectively combat and manage cyber threats. He stressed that with the growing complexity of cloud technologies and the proliferation of software vulnerabilities, organizations must focus on early detection of threat actors’ behavior rather than just reacting to indicators of compromise. Greene also highlighted the importance of secure software development practices and the need for a proactive approach to threat hunting and incident response.

Key Takeaways:

  1. Enhanced visibility into threat actor behavior and early warning signals is crucial for effective cyber defense.
  2. Organizations should prioritize secure software development to reduce vulnerabilities and improve resilience.
  3. Proactive threat hunting and formalized incident response are essential for staying ahead of evolving cyber threats.

Join our Newsletter

Please fill out the requested information below