Cloud-based software and applications are allowing organizations of all sorts to streamline their missions and generate insights from data. But federal agencies...
Agencies are increasingly adopting software and other applications underpinned by cloud computing infrastructure.
Before the current COVID-19 calamity and since, federal agencies have been quietly building the foundation for expanding the collection and use of data to improve their performance. This includes appointing data officers, developing learning agendas and assessing agency data-building capacity. While some treated things like this as a compliance exercise in the past, a global pandemic underscores the fact that data and collaboration have never been so critical to our ability to move forward effectively.
Meanwhile, law enforcement and security agencies are also looking to adopt mobile capabilities and other digital technologies to quickly share data across a remote and dispersed workforce.
“I think IT leaders in the public sector, and quite frankly, across industry have learned from this period, and how tremendous digital agility was critical, and now they have the space to make those decisions about the future,” Delie Minaie, vice president for civil sector at Booz Allen Hamilton, said on Federal News Network.
But agencies are not a monolith. Each one is a unique combination of independent bureaus, divisions and offices. Minaei said “governance” is a crucial component of agency cloud adoption, with executive leadership needing to coordinate adoption at the highest levels so agencies can gain the cost and collaboration benefits of cloud, instead of making duplicative and disparate investments.
“Being able to have standard, repeatable processes is going to be really important,” she said.
One process that’s already in place? The Federal Risk and Authorization Management Program, or FedRAMP, which was established by the White House Office of Management and Budget in 2011 to ensure the security of cloud services used by agencies.
Cloud service providers can obtain a FedRAMP authorization for one of its services by getting an authority-to-operate (ATO) from an agency seeking to use the service, or by getting a provisional ATO from FedRAMP’s Joint Authorization Board. The JAB is a governing body of chief information officers from several agencies. Agencies can rely on a previously granted ATO to adopt a cloud service, rather than putting the application through its own security assessment and authorization process.
In the past, gaining an ATO from the JAB has been “more art than science,” Minaie said. But the program has matured and evolved over the years, she added.
“I think we’re to the point where a lot of what FedRAMP has put in place by way of the controls, and inheritance of those controls, is making it easier to get ATOs at the application layer much faster,” Minaie said. “You think about your various CSPs or your platform providers, being able to inherit, a lot of those controls down to the application teams. And so I think we’re seeing quicker times to ATO. Things that were taking months are happening now in weeks. And a lot of that is due, I believe, to the FedRAMP control inheritance.”
FedRAMP was given another boost recently when the program was codified into law under the FedRAMP Authorization Act. Congress passed the bill as part of the broader Fiscal Year 2023 National Defense Authorization Act in December.
The law also includes a “presumption of adequacy” clause to prevent duplicative security assessments and, in theory, speed up the adoption of cloud services across agencies. It also establishes both a FedRAMP Board and a Federal Secure Cloud Advisory Committee to provide oversight and feedback on the process.
The continued evolution of FedRAMP may be just one crucial piece to agencies’ ongoing adoption of cloud-based technologies as they look to address challenges ranging from cybersecurity to climate change to improving the delivery of public services.
“I think gathering the right data and drawing real time insights can really supercharge mission outcomes and move towards solving some of the most dire challenges we face today,” Minaie said. “But the first step is you must modernize your IT infrastructure and have it capable of ingesting really high volumes of data and supporting kind of cutting edge tools that make it all make sense.”
Listen to the full show:
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Vice President, Civil Sector, Booz Allen Hamilton
Reporter, Federal News Network
Vice President, Civil Sector, Booz Allen Hamilton
Delie Minaie is a leader in digital and cloud solutions, with more than 15 years of experience deploying cloud capabilities for clients focused on citizen services and economic advancement. Her expertise is in reimagining traditional high-cost technology infrastructures so organizations can deliver modern, secure, scalable, and digital-first solutions for their end users and customers.
Today, Delie leads the cloud managed services and operations for the Department of the Treasury’s Workplace Community Cloud—the first FedRAMP high-accredited cloud owned by a federal agency. She oversees a team of cloud security engineers, network engineers, strategists, developers, and DevSecOps engineers working to deploy a modern and secure web-based service experience to advance the client mission.
Delie’s in-depth knowledge of cloud strategy, implementation and operations coupled with her shared services expertise has provided significant value over the years to federal clients. Prior to her current role, Delie directly supported numerous chief information officers in federated organizations, with a focus on designing shared services for clients to deliver more efficient, constituent-focused services. She provided IT strategic guidance ranging from organizational assessments and technology adoption strategies to mission-critical enterprise implementations.
Delie holds a B.S. in finance from the University of Maryland and is a Change Management Advanced Practitioner from Georgetown University’s McDonough School of Business. Her certifications include Amazon Web Services (AWS) Cloud Practitioner, Cloud Security Knowledge v4.1 from the Cloud Security Alliance, and ITIL® v3 Foundation.
Reporter, Federal News Network
Justin Doubleday is a defense and cybersecurity reporter for Federal News Network. He previously covered the Pentagon for Inside Defense, where he reported on emerging technologies, cyber and supply chain security. Justin is a 2013 graduate of the University of New Hampshire, where he received his B.A. in English/Journalism.