A partnership perspective on government cloud security
One of the most distinguishing things about our federal government is its broad scope of services. No other institution is responsible for doing so much for so many, so quickly, in an ever-changing landscape. No other institution must respond simultaneously to such a breadth of challenges that have only been amplified over the last few years.
In response to the COVID-19 crisis, many federal agencies kicked their digital transformations into high gear to help enhance public services, embrace a remote workforce and better secure data with trust and transparency. While positive momentum on modernization grows, so does external pressure as citizen expectations rise and new threats multiply.
However, it’s difficult for federal agencies to harness the potential of technology and data within a legacy IT infrastructure that struggles with data fragmentation, a lack of interoperability and vulnerability to cyber attacks. Uneven budget cycles and challenges focusing dollars on modernization compound these factors.
The US government’s IT modernization efforts are still lagging, especially when considering the improved productivity, speed and lowered risk that cloud computing offers to help address the security and citizen service challenges impacting trust in government today.
Congress and successive administrations have acknowledged these challenges with mandates like the recent Customer Service Executive Order. Last year’s Quantum Computing Cybersecurity Preparedness Act (P.L. 117-260), the recently released National Cybersecurity Strategy and the federal zero trust mandate require agencies to prioritize system and data security.
IBM has built a diverse ecosystem of partners to help government effectively use the cloud to address these challenges. Bringing government solutions derived from an ecosystem of partners is critical because no single IT provider can solve today’s government challenges alone. We continually evolve our partner ecosystem in response to public sector challenges, bringing forward collaborative teams from a full spectrum of industry players from global cloud service providers to small businesses.
From this perspective of partnership, IBM offers five recommendations for federal agencies to use the cloud to accelerate modernization:
- Think hybrid multi-cloud first. Hybrid cloud is the only infrastructure and application development framework that’s flexible, adaptable and elastic enough to support the variety of programs and services needed today. Therefore, agencies should not orient modernization toward a single cloud service provider, nor should they always rely entirely on the cloud.
- Support the mission out to the edge. Edge computing is a strategy for securely extending a digital environment out to the user. Americans expect to engage with government via their phones and tablets. The military needs global access to data and intelligence systems in remote locations. Government workers must deliver services in remote health clinics, far flung national parks and border control stations. Government accomplishes its mission “on the edge,” and we must secure applications and data where the mission is happening. Cybersecurity should be baked in from the initial design to maximize seamless risk mitigation and to minimize the end user burden.
- Reorient incentives to modernize business processes, not infrastructure. We must deemphasize counting data centers closed each year, or which legacy applications shift to the cloud. It’s not just about technology, it’s about improving citizen services, security and enabling the mission. Agencies should prioritize optimizing business processes that impact service and how work is done. Federal IT budgets and score cards should incentivize this.
- Apply an open ecosystem approach to improving how work is done. The challenges facing government can’t be met with just one company’s tools. Federal agencies must work with multiple cloud and infrastructure vendors to demand interoperability. Agencies should focus on solutions by challenging vendor teams to help redesign how work is done. To emphasize this, cloud infrastructure contracts should be expanded to encourage partner ecosystems to deliver cloud native solutions as services. Whenever possible, build once and use everywhere.
- Streamline FedRAMP certification. FedRAMP is the default federal information security requirement. Congress recently reaffirmed its importance by passing the FedRAMP Authorization Act (P.L. 117-263). However, it remains far too difficult to move cloud solutions needed to modernize through FedRAMP certification. In fact, some see FedRAMP and a major hurdle. FedRAMP must become fully automated, the sponsorship burden reduced or eliminated, approvals must reciprocate between agencies, and the FedRAMP Program Office must be funded on par with its role supporting modernization.
IBM looks forward to continuing to expand our collaborations within our partner ecosystem to support the digital transformation of government even better through connectivity, partnerships, and open technologies. Success is a team sport. We are confident that working together as a collaborative ecosystem of partners, there is no challenge to which we cannot rise together.
Start your segmentation journey
IBM Security Services can help you plan and execute a segmentation strategy to meet your objectives. Register for the on-demand webinar now