Building a secure cloud for government work

Chris Gorman, COO at Monkton, discusses his company's method of employing common security standards to allow government workers to work from more places and be ...

While government work gets more and more complex, and requires people to check in from a larger range of places, it’s odd to see that much of the federal space has been stuck with paper instead of moving to computer and cloud technology. The main issue is security, and fortunately, Chris Gorman, COO and co-founder at Monkton, may have a solid answer.

ABERMAN: Well it seems to me that the demands of government work just get higher and higher. How much of your technology efforts come out of seeing this from the people that you’ve been working with for the last 20 years?

GORMAN: Well, I think that the opportunity to do more, with the people who are actually doing the business of government out in the field, is really the biggest opportunity for the government to really take words like monetization, or take ideas like transformation, and now break them down to something that’s more tactical, more reasonable, to do in a shorter interval. And looking at mobility, I think that that is a term that again has been used from the standpoint of our old Blackberries, that we used to have going back 10 years ago.

And they did email, calendar, and contacts really, really well. But it wasn’t until the iPhone came out back in 2007 that this idea of the app store kind of hit everybody. And it’s really that proliferation of “is there an app for that,” and that kind of concept has really promoted the explosion of us using our phones each and every day. You know, I would venture to say, if I were ask you to pull out your phone right now, you probably have somewhere between 20 and 40 apps on that, easily.

ABERMAN: Well I would say, not only that, but more to the point, as I think about how I manage my personal life, whether it’s managing the documents that I have to sign or read, or it’s managing my financial affairs, or just keeping up with people, most of it’s now done digitally, in the cloud, or in some sort of secure environment that I interact with in my phone, or off my computer. But I’m not printing out paper, and storing paper anymore. I mean, this is really, ultimately, what you’re trying to address.

Subscribe to the What’s Working in Washington podcast on iTunes.

GORMAN: Exactly, Jonathan, it’s the whole idea that we use our mobile devices in our personal life all the time.But given a lot of the security concerns, that use really hasn’t made its way into our workplace, or specifically into the government settings. And I think there’s a good reason for that. If we take a look at all of the cyber attacks, either by sophisticated independent organizations like Anonymous and others, or even more importantly, our adversaries coming in from North Korea, and Russia, and China, and Iran, we should be concerned not only for the security of what that app is doing locally, there on the phone, but you just nailed it. It’s everything now that that app is going to connect to.

So, as the entire government is making this kind of migration to cloud based computing, how do you bring the power of the cloud safely all the way out to the people who are in the field, to do their work on those apps, rather than on clipboard and paper?

ABERMAN: So, how do you do it?

GORMAN: We took a look at how you go about really addressing those security concerns. And it’s a balancing act. How do you get the most amount of utility without compromising security? And so, it’s either throwing a lot of really smart people, and building all of the security that would be necessary to protect all the data while it’s at rest, maybe in a disconnected mode where you’re often in places where Wi-Fi is not available, or LTE hasn’t really got more than one or two bars, or as you’re connected.

How do you do that, as the data is moving from your phone, from that app, up to the intended cloud system, and back and forth? And so, looking around, back to like maybe 2013, 2014, there really wasn’t a good definition of, what is secure enough? What is reasonable risk? And so, we started Monkton back in 2016, on this notion that we could build the right level of security, not so much defined by us as a vendor, but defined by the NSA. And so, we look to what does the NSA, and really, the collective world do, who subscribes to this concept of common criteria?

And in layman’s terms, common criteria really is the gold standard, if you will, for compute and communications at a classified level. And so, we looked to bring that same level of defined security controls out of what NSA says is the minimum requirements to do classified level computing, and now bring that down into your mobile apps, so that anybody could be building mobile apps that are at a classified level.

ABERMAN: So what you’re getting at, is that this is an example of how we’ve used, in your case in starting now with DoD, you solve this challenge for the most demanding customer possible. But this now is a problem that every enterprise has. So, talk to me a bit about how you are taking this technology, and now you’re starting to commercialize it, because I think you’re up to some real interesting stuff with this consortium idea.

GORMAN: We took this idea of not just the app, and how do you build security into the app itself, but what is it going to connect to? And we worked with the Department of Defense, and specifically the Air Force, on really kind of taking a sample use case, a pathfinder if you will, and saying, could we actually go and change the way that the business was being done, where the work was being performed, with a truly kind of sensitive, or controlled on classified information, set of use cases, which bring along, again, all of those security concerns, that have prevented all of this work from being done somewhere else other than your desktop?

And so, the use case that we helped support was working with the Air Force in supporting their mission requirement of flight readiness. Think about, we’re down at Nats Stadium, and you’ve got 32 jets parked out by 1st street, out in the parking lot. And you’re working on maybe repairing a fuselage, or working on the windscreen, and as you’re working through your steps, one, two, three, four, and five, every time that you’ve completed a step, you need, by their current process in the Air Force, to walk all the way back into the stadium, go to a network secure PC, put in your CAT card, and walk all the way back.

ABERMAN: That’s really big deal. It’s clear to me that you’ve engaged in a personal war on paper, and I like that. I like that about you. But I want to get back to, before I let you go, I heard you mention Apple, Amazon, some big companies that you’re getting ready to work, to make this available to some businesses, consumers around the country.

GORMAN: Correct. So, we took the lessons learned coming out of this Air Force program, and after it had gone through all of the assessments, and gone into production, we said: what did we do right? What can we do even better? And it was this idea of secured by standards. So, how do we take the mandatory requirements for identity, how do I know Jonathan is who he claims to be, and do that to the NES Standards? How do we take the same thing for mobile? For the device, the app, the device management software, and do that to the NSA NIA level?

And then certainly for all the cloud stuff, how do we kind of leverage all of the FedRAMP, already approved pieces, and now you’re working off a collective platform, that any organization, commercial, banking, healthcare, pharma, insurance, or certainly anybody in the DoD, or indeed in the intelligence community, could come to, and they simply need to bring their business problem? What is the mission requirement I’m trying to solve?

Who are those field based workers that need to actually either capture new information, or process it there locally in the field, or transmit it back, or maybe digitally sign it so that they know that it was actually Jonathan entering this information, and do this in a way that you have predictability without sacrificing security, to standards that already exist? And now, instead of it being like a typical two year project, we can actually put out net new capability in a matter of months.

ABERMAN: Chris, this sounds compelling to me from a standpoint of cutting down on paper, but is there a dollar savings involved?

GORMAN: Well, what I can give you as a real working example is, the Air Force BRICE app, which I mentioned before. The Air Force, now that this app has gone into production, has documented the time that each mechanic or maintainer is saving, is at least an hour per shift. That might not sound like a lot, but when you start calculating that out, over the total number of mechanics working on these combat aircraft, that translates to roughly five million hours per year. If you break that down again, just looking at that labor cost, it’s over fifty million dollars, off of what was only a little more than a million dollar initial investment.

So, this type of ROI is not only possible, but is already being realized. And this was all done within a year. So, little investment gets you a big reward, if you’re starting to look at what, again, are those processes that let us get rid of paper, and allow people to do the work where they’re actually at.

ABERMAN: If you’re at enterprise, or you are interested in end to end security, and you want people to use their phones, you definitely want to check out Monkton. Chris Gorman, thanks for joining us today.

GORMAN: Thank you for having me.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories