Information Technology Priorities

Transcription

1 FISCAL YEAR 2016 Federal Government Information Technology Priorities by Michael Biddick CEO Fusion PPT

2 TableofCONTENTS AuthorʼsBio AboutFusionPPT TheITJuggernaut CybersecurityGetsReal TheAgileITEnvironment BigDataGettingBigger CloudComputing TheFutureofFederalIT

3 MichaelBiddick CEOFusionPPT UnderMichaelʼsleadershipasCEO,FusionPPThasachievedtriple-digitgrowthbecomingthepremierevendorindependentsystemsintegrationandconsultingpartnerwiththeirclients.Michaelisresponsibleforthe strategicvision,marketstrategy,projectqualityandisresponsibleforthecompanyʼsoverallperformance.for nearly20years,michaelhasworkedwithhundredsofgovernmentandinternationalcommercialorganizations providingexpertiseinoursolutions.michaelhasauniqueblendofdeeptechnologyexperiencecoupledwith businessandinformationmanagementacumenthatprovideabalancedapproachtoourbusiness.priorto joiningfusionppt,michaelspent10yearswithaboutiqueconsultingfirmandboozallenhamilton,developing enterprisemanagementsolutionsforawidevarietyofbothgovernmentandcommercialclients.hepreviously servedontheacademicstaffoftheuniversityofwisconsinlawschoolasthedirectorofinformation Technology. MichaelearnedaMasterʼsofScienceinInformationSystemsfromJohnsHopkinsUniversityanddualBachelorʼs degreesinpoliticalscienceandafro-americanhistoryfromtheuniversityofwisconsin-madison. MichaelisacontributingeditoratInformationWeekandNetworkComputingMagazinesandhaspublishedover 50articlesonCloudComputing,BigDataandApplicationPerformanceManagement.Michaelisalsotheauthor ofthebook FederalCloudComputing. Michaelholdsmultiplevendortechnicalcertifications,isacertifiedITIL v3expertandacertifiedbarista. 2

4 AboutFusionPPT ABOUTFusionPPT WeSimplifyEnterpriseIT. FusionPPTisanestablishedleaderinprovidingITconsultingandsystemintegrationservicestoorganizationswith challengingtechnologyinitiatives.sinceourinceptionin2009,wehavecontributedtothesuccessofhundredsofprojects, andmosthavespannedtheglobeintheirreachandimpact.ourabilitytoperformandaddvalueincomplex,diverse,and distributedenvironmentshasearnedusasolidgrowthrateandareputationasatrusted,capable,andresults-oriented serviceprovider. DeepTechnicalKnowledge,DiverseProjectExperience. LedbyveteranITprofessionalsandthoughtleadersintheindustry,ourteamhasamassedadepthandbreadthoftechnical knowledgeandexperiencethatwearepassionateaboutsharingwithourclients.weattractandhireonlysubjectmatter expertsandprovenperformers,andourculturefosterscollaboration,innovation,andanimble,team-basedapproachtohelp ourclientsachievetheirobjectives. BigFirmExpertise,SmallerFirmService&Agility. Asaprivatelyheldsmallbusiness,FusionPPTcombinesthebestpracticesandexpertisefoundatlargeconsultingfirmswitha nimble,entrepreneurial,andclient-focusedserviceteam.werewardandencouragefreshperspectives,creativity,and intellectualrisk-taking,andthisconsistentlyproducesmoreefficientandmorecost-effectiveitsolutionsforourcustomers. MissionFocused. AtFusionPPT,wetakeapartnershipapproachinallofourengagements,andourteamfunctionsasanintegralpartofthe clientsʼorganizations.weunderstandcomplexenterprisesandtheimportanceofnetworks,applications,andsystemsin deliveringreliablemission-basedservicestostakeholders.ourstaffisfocusedatalltimesonourclientsʼmissionsand ensuringthattheservicesweprovideandtechnologysolutionswerecommendareincompletealignment. ValueBeyondIT. The PPT inourcompanynamestandsfor People,Process,andTechnology, anditrepresentsacoreaddedvaluethatour teamoffers whichisadeepunderstandingofwhatittakestomaketechnologyinvestmentspayoff.ourexpertiseextends beyondphysicalandvirtualsystems.weaddressthecriticalsuccessfactorsofpeopleandprocess,definingsuccessatthe leveloforganizationalimpactandtheincorporationofnewsystemsintodailyworkflowsandjobfunctions.thefusing togetherofpeople,process,andtechnologyiscoretoour methodologyanditiscoretotechnologyprojectsbeing abletoattaintheirfinancialandoperationalobjectives. FusionPPTCompanyandTeamhighlightsinclude: Ÿ ISO9001:2008CertifiedOrganization Ÿ PrivatelyHeldFirm Ÿ LedbyITIndustryExpertsandThoughtLeaders Ÿ CollaborativeSubjectMatterExpert(SME)Team Approach Ÿ Agile,EntrepreneurialStaff Ÿ Diverse,ComplexProjectExperience Ÿ ProvenTrackRecordofSuccessfulDeployments Ÿ Global,Enterprise-Oriented Ÿ MultipleContractVehicles Ÿ Depth&BreadthofTechnologyExpertise Ÿ CommitmenttoExcellence Ÿ QualityFocused Ÿ FusionPPTInnovationLab CorporateInformation. DUNS: CAGECode:5H6B4 PrimaryNAICS:541611,541512, Ownership:Private,100%U.S SizeStandard:SmallBusiness,under$14M Certifications:ISO9001:2008,ITILv3,PMP D&BOpenRatings:95%CustomerSatisfactionRating 3

5 TheITJuggernaut WiththeFederalGovernmentITbudgetcontinuingto hoverbelow$80billion,thisfebruary,thepresident requesteda1.8percentincreaseoverthe$78.3billion agenciesestimatethey'llspendthisfiscalyear approximatelya10%percentincreaseoverfiscal2014 spending.atthesametimethepresidentreleasedhis budgetrequest,partisangroups,legislatorsand governmentwatchdogscriticizedtheoverallspending onitandvalueobtainedfromthisspending comparedtoprivateindustries. leaderswithinthegovernmentandcontractingcommunities?criticismaroundspendingandefficiencyalso runsparalleltohigh-profilesecuritybreachesofsomeofthemostsensitivegovernmentdatareportedoverthe pastyear.ifthissecurityissueisnotaddressed,breacheswillcontinuetooccurandincreaseinfrequency. InthisannualFederalGovernmentITPrioritiesreport,we'llexaminewherefederalITleadersshouldbefocusing theirtime,thekeychallengestheymustaddressinordertomeetanincreasinglycomplexitenvironment,and howtheycandriveinnovationacrossprograms. Whilelegislationandopinionsoriginatingfromthe Value Efficiency WhiteHousehavealwaysfocusedonmoreefficient, effectiveandsecuregovernmentitspending,the thirdappointedfederalcio,tonyscott,continuedto trumpetboldvisionsandfederalittransformation. ScottwasappointedbyPresidentObamainMarchof 2015andexplainedhow drivingvalueisalsoabout drivingefficiency inhisfirstspeech.someofhis proposedideasincluded adoptionofagile technologies and creatingtherightkindsof dashboardsthatwillhelpusunderstandwhether we'remakingprogressornot. Efficiency Adoptionof agile technology Dashboards GovernmentAgencies ITLeaders Communities Security Afundamentalquestiontoansweris:Arethesebold visionstricklingdowntoagenciesandrank-and-fileit 4

6 5 In2013,agenciesreceivednewguidancefromthe executivebranchintheformofexecutiveorder 13636:ImprovingCriticalInfrastructureCybersecurity. ThisExecutiveOrderwarnedthat thecyberthreatto criticalinfrastructurecontinuestogrowand representsoneofthemostseriousnationalsecurity challengeswemustconfront. Despitethemandates, someofthemostsignificantcybersecurityattacks againstgovernmentdatainourtimehaveoccurred overthepastyear. InJuneof2015,theOfficeofPersonnelManagement announcedthepersonneldataofmorethantwentyonemillionamericans.theopmreportedthattensof thousandsofstandardform86s(sf-86) whichare requiredforallservicemembersandciviliansseekinga securityclearance werestolen.thesf-86,a127- pagedocument,requiresinformationaboutfamily members,friendsandpastemployment,aswellas detailsondrugandalcoholuse,mentalillness,credit ratings,bankruptcies,arrestrecordsandcourtactions. TheOPMindicatedthateverypersonwhounderwent agovernmentbackgroundcheckduringthelast15 yearswasmostlikelyaffected. OPMstatedthathackersstole sensitiveinformation thatincludedaddresses,personalhealthandfinancial recordsandotherprivatedetailsof19.7millionpeoplewhohadbeensubjectedtoagovernmentbackground check,aswellas1.8millionothers,includingthevictims'spousesandfriends.thistheftwasseparatefrom,but relatedto,abreachrevealedlastmonththatcompromisedthepersonneldataof4.2millionfederalemployees, OPMreported. Otherhigh-profileattacksreportedoverthepastyearincludetheWhiteHousenetwork,StateDepartment network,unitedstatespostalservice,gaoandthehealthcare.govwebsite.thoseareonlytheentitiesthat havebeendetectedandreported.accordingtoareportissuedbymerritalk,thenumberofcyberincidents reportedbyfederalagenciestotheu.s.computeremergencyreadinessteamrosefrom48,562infiscalyear 2012to67,168infiscalyear2014,analarming38%increaseovertwoyears. CybersecurityGetsReal Limits Technology Inadequate Intelligence Insecure Architecture Emerging CyberThreat IT Investment Increase Security WorldClass TechServices FiscalYear2016:FederalGovernmentInformationTechnologyPriorities

7 6 InareportreleasedinMarch,TheDefenseScience Board,aciviliancommitteethatprovidesscientificand technicaladvicetothepentagon,statedthatthedod isnotpreparedtodefendagainstsophisticated, internationalcyberattacks.thereportpointedto "inherentlyinsecurearchitectures,"inadequate intelligence,andthesheerlimitsoftechnologyin defendingagainstemergingcyberthreats.it encouragesthedod'sciotoworkwithbranchesof themilitarytocreateanenterprisesecurity architecturethatincludesminimumstandardsfor ensuringa"reasonable"levelofdefensibilityand increasingtheprobabilitythatattacksaredetected. Overthelastthreeyears,cybersecurityhasrocketed tothetopofallprioritiesforfederalgovernmentit leaders.nootheritaspectismoreimportantto controlthanthesecurityoffederaldataand preventingaccesstocriticalcommandandcontrol systemsofcriticalinfrastructure. Toaddressthesesignificantcybersecurityconcerns, thefy2016ombbudget,releasedbythewhitehouse infebruary,focusedonbolsteringexisting cybersecurityprogramsandincreasinginfrastructure agility,whiledecreasingwaste.thebudgetrequest included$14billiontosupportcybersecurity programs,including ContinuousDiagnosticsand MonitoringofFederalsystems,theEINSTEINintrusion detectionandpreventionsystem,andgovernment-widetestingandincidentresponsetrainingtomitigatethe impactofevolvingcyberthreats. Whileanongoingthemeinthebudgetrecommendationswasinnovating withless, someagencies,suchas theveteran'sadministration,departmentofeducationandthedepartmentofhomelandsecurity,submitted requestsforsignificantbudgetincreases.evidence-basedpolicy,promotingexperimentationandevaluation wasalsonew,butmeasuredintermsofproposedinvestments.thethreemajorfocusesofthebudgetconsisted ofincreasingvalueinitinvestments,increasingsecuritytoprotectfederalinformationandresources,and conveyingworld-classtechservices. LastDecember,Congressedpassedfournewcybersecuritybillsthatthepresidentsignedintolaw.TheNational CybersecurityProtectionActof2014,S.2519,codifiestheDepartmentofHomelandSecurity'sexistingNational CybersecurityandCommunicationsIntegrationCenter(NCCIC),whichisafocalpointforinformationsharing. TheFederalInformationSecurityModernizationActof2014,S.2521,amendsthe2002FederalInformation SecurityManagementActtocentralizeFederalGovernmentcybersecuritymanagementwithintheDepartment ofhomelandsecurity,andalsodelegatesimplementationauthorityfordefense-relatedandintelligence-related informationsecuritytothesecretaryofdefenseanddirectorofnationalintelligence.thethirdbillfocuseson strengtheningthefederalgovernment'scybersecurityworkforceandimprovinghiringproceduresand compensationrangesforcybersecuritypositionsatthedepartmentofhomelandsecurity,whilethelastbill mandatesanassessmentofitscybersecurityworkforceeverythreeyears,inadditiontodevelopingastrategy forenhancingtherecruitmentandtrainingofcybersecurityemployees. FirstintroducedinApril,theCybersecurityInformationSharingActof2015iscurrentlystuckinCongressand facesoppositionfrommanyprivacygroups.withintheprovisions,it Permitsprivateentitiestomonitorand operatedefensivemeasurestopreventormitigatecybersecuritythreatsorsecurityvulnerabilitiesontheirown informationsystemsand,withauthorizationandwrittenconsent,theinformationsystemsofotherprivateor governmententities.authorizessuchentitiestomonitorinformationthatisstoredon,processedby,or transitingsuchmonitoredsystems. Whilelegislatorsandprivacygroupstrytostrikeabalancebetweencivil libertiesandcybersecurityprotection,hackerscontinuetosucceedinpenetratinginformationsystemsand CybersecurityGetsReal FiscalYear2016:FederalGovernmentInformationTechnologyPriorities

8 7 stealinggovernmentdata.theplethoraof Congressionalbills,ExecutiveOrdersand managementprioritiesmakescybersecuritynotjust anobjective,butalsoanationalpriority.still,thisbigpicturepriorityexistsinconjunctionwithcurrent cybersecuritythreatsthatagencyciosfaceonadayto-daybasis.adisconnectremainsbetweenlofty leadershipcybersecurityobjectivesandcompliance withcurrentcertificationandaccreditationpolicies andprocedures,stillmiredinbureaucraticprocesses.it cantakeuptoayeartoreceiveauthorizationto operate(ato)fromanewsysteminthefederal network.inmostcases,theseauthorizationsarestill paper-based,withcontinuousmonitoringlayeredon top. Toeffectivelyaddressthesecybersecuritythreats, governmentitleadersneedtotakeseveralconcrete stepstopreventadditionalsecuritybreaches.first, governmentleadersmustrationalizetheirapplication anddata,andeliminateredundantapplications.thisis oftenexercisedasacomponentofanapplication inventoryprocess.withtherighttools,application discoveryanddependencymappingcanbe accomplishedinashortamountoftime.second, EnterpriseArchitectureisneededtoalignsecurityand applicationinnovation,inordertoensurethe appropriatesecuritycontrolsareinplaceatthe CybersecurityGetsReal enterpriselevel.third,investmentsareneededforcontinuousmonitoringandsecuritytoolsthattestthe infrastructure. Oneofthemostvexingareasformanyorganizationstotackleischoosingthemixandcorrectlyimplementing securitytools.wethinkaboutthreelayersoftheitenvironmentthatarecriticaltoprotect:thenetwork perimeter,enterpriseapplicationsandend-userdevices.wealsoworktoembedautomationtopreventissues, incontrasttosimplyreportingonissues. NetworkParameter Enterprise Applications EndUser Devices NetworkParameter IntrusionDetection System(IDS) FireWall NetworkAccess Control(NAC) SecuritySoftwares Anti-Malware Anti-Virus Anti-Spyware DigitalCertificate PKI Enterprise Applications Civil Liberties Cyber Security Hacker Attack FiscalYear2016:FederalGovernmentInformationTechnologyPriorities

9 8 Atthenetworkperimeter,intrusiondetectionsystems (IDS)detectpotentialthreatstothenetworkandcan bedeployedasnetworkorhostapplications.the primaryresponsibilityisreportingpotentialincidents tothesecurityoperationsteam.networkaccess Control(NAC)productsenforcesecuritypoliciesand handleaccessauthenticationandauthorizationbased ontheirabilitytorecognizeusers,devicesortheir specificroles.ipblacklistingcanbeeffectiveifvery broad,whiledatalossprevention(dlp)toolscan monitorandtrackissuesfrompotentialinsiderthreats. Firewalls,oneofourprimarysecuritytools,also possessadvancedcapabilitiesthatincludeapplicationawarenessfeatures. Attheserverenterpriselevel,securitysoftwareis neededtoprotectagainstawiderangeofthreats. Anti-malwaretoolshelpsecurityadministrators identify,blockandremovemalware.bothanti-virus andanti-spywaresoftwarecanbedeployedtohelpit departmentsfocustheiranti-malwarepoliciesto identifyknownandunknownmalwaresources.newer identity-basedsecuritytechnologiesmanage authenticationandauthorizationthroughsuch methodsasdigitalcertificatesandpublickey infrastructure(pki)solutions. CybersecurityGetsReal Fromanend-userdevicestandpoint,mobiledevicemanagement(MDM)monitorsandcontrolssecurity configurations,policyenforcementandpatchpushestomobiledevices.theycanalsoremotelylocklost,stolen orcompromisedmobiledevicesandwipeallstoreddata,ifneeded.fordesktopsandlaptops,webbrowsing policiesandanti-virus/anti-malwaretoolsareessential. Monitor & Control Security Configuration Policies Enforcement Patch Pushes Web Browsing Policies Anti-Virus Anti-Malware Cell Phones and Tablets Laptops and Desktops MobilDevice Management(MDM) FiscalYear2016:FederalGovernmentInformationTechnologyPriorities

10 TheAgileITEnvironment Oneaspectthatmakesaddressingsecuritymore challengingforfederalagenciesisthecomplexityof manyapplicationenvironments.thedisastrousrollout ofthehealthcare.govsitewillliveonasalasting exampleoftheseshortcomingsandcomplexities.as oneresponsetotheshortcomingsofthe Healthcare.govproject,GSAcreatedanorganization called18f(locatedon18thandfstreetin Washington,D.C.).Thisgovernmentconsulting organizationfocuseson leanstartupmethods,open sourcecode,andcontemporaryprogramming languages. Oneoftheirkeyobjectiveshasbeento promotethetransitionfromwaterfallframeworksto agileones. Overall,Agilevaluesinteractionsoverprocesses, amongotherthings,andtimetodeliveryisquicker. Becausesmallcomponentsarecompletedsoonerand stakeholderfeedbackisreceivedfaster,changescan bemadeinashortertimeframe. otherstudiesshowthatwastecouldbeashighas$40billioncomparedtoprivatesectorspending.while agencyitleadersarefacedwithbalancingthisbroadrangeofpriorities,congressisstrugglingtoprovide effectiveitgovernanceacrossthemassivefederalbureaucracy. Earlierthisyear,FederalChiefTechnologyOfficerMeganSmithhighlightedtheimportanceofbuildinglarge andcomplexprojects,oneincrementalpieceatatime.speakingtotheact-iacignitinginnovationaudience, shenoted Let'snot'spec'thewholehugethingout.Let'sdotheminimumthingandthengetitoutthereand startiteratingwiththecommunity..thegeneralservicesadministrationreleasedanagile-onlycontracting vehicletoallowagenciestobuyservicesbasedonthefasterturnaroundspeed.incontrasttotraditional proposalefforts,contractorshavebeenaskedtosubmitexamplesofcodethatcouldbeevaluatedduringthe awardprocess. Asagenciesworktomovetowardsmoreagileprojects,thekeytotheapproachisusingvitalelementsofAgile; specificallyrequirements,designandtesting,andworkingcollaborativelyandsimultaneouslysothat deliverablesareproducedinashorterperiodoftime.developmentsprintsshouldconsistofone-ortwo-week incrementsandincludeauser-functionalitytestcasedocument.meetingsshouldbeheldonadailybasisonall testsites.themostsuccessfulagencieswillimplementagileasapilotacrossasingleapplicationorprojectand furtherrefineittofitthespecificneedsoftheorganization. AttheendofJuly,theHouseOversightand GovernmentReformCommitteeberatedthelackof progressagencieshavemadeinmakinggovernment ITmoreefficient.Federalagenciesarestillover budget,behindscheduleandmakingduplicated effortsthatwastebillionsofdollars.rep.darrellissa statedexpertsestimateasmuchas$20billionin FederalITfundingiswastedeveryyear.However, 9

11 BigDataGettingBigger Oneofthereasonsapplicationsneedtobedelivered fasteristodealwithanincreasingamountofdatathat isproducedwithinthefederalgovernment.dealing withmassiveamountsofdataisnotnew.allfederal agenciesareresponsibleforcreatingandmaintaining documentationontheirorganizations'functions, policies,decisions,proceduresandessential transactions.however,alargeshiftoverthepastfew yearshasbeenthedesiretomakeaportionofthis datamoreavailabletothepublic,aswellasdata producedthroughsensors,camerasandremote monitorsthatdidnotexistadecadeago. TheOpenGovernmentInitiative(data.gov)offersup datasetstothepublicthataregeneratedandheldby thefederalgovernment.data.govprovides descriptionsofthefederaldatasets(metadata), informationabouthowtoaccessthedatasets,and toolsthatleveragegovernmentdatasets.thesedata catalogswillcontinuetogrowasdatasetsareadded. Currently,over140,000datasetsexistonline.The governmentalsopublishesusageinformation.for example,over165,000peoplevisiteddata.govinjune andthesiteaveraged60,000monthlydownloadsover thepastyear. TheVeteransAffairs(VA)ResearchandDevelopment programlaunchedthemillionveteranprogram(mvp) tounderstandhowgenesaffecthealthandultimately improvehealthcareforveterans.mvpwillestablish oneofthelargestdatabasesofgenetics,militaryexposure, lifestyleandhealthinformation. Asidefromprocessingcapability,securestorageandtoolstoanalyzethistype ofdataareneededtoensurethatthesetypesofaggressiveprojectsprovidevalue. Atthesametime,theVAstruggleswithbasicclaimservices.Forexample,attheVA'sLittleRockRegionalOffice, ithad over1,000filebanksfullandoverflowingwithfilesandover102,000paperfiles."directorlisabreun stated"atthepeak,itwastakingus overeightmonthstocompleteaveteran'sclaimandalotofthatwas becauseitwaspaper.we'vegonefromovereightmonthstofinishaclaimtolessthanfourmonths."that'sstill asignificantamountoftimethatcouldbebetterspentinmorecriticalareas. MillionVetProgram(MVP) Genetic Military Exposure LifeStyle Health Information Security Storage Tools ImproveHealthCareforVeterans 10

12 CloudComputing TheGovernment'scurrentITenvironmenthasbeen characterizedby lowassetutilization,afragmented demandforresources,duplicativesystems, environmentswhicharedifficulttomanage,andlong procurementleadtimes. Deliveredcorrectly, commodityitserviceshostedinacloudcomputing environmenthavethepotentialtoplayamajorrolein addressingtheseinefficienciesandimproving governmentitservicedelivery. Largeagencieshavemoreresources,butalsoamore complexanddiverseitenvironment.smalleragencies havesimpleritenvironments,butfarfewerresources. Thecloudcomputingmodelcansignificantlyhelp agenciesgrapplingwiththeneedtoprovidehighly reliable,innovativeservicesquicklyandefficiently, despiteresourceconstraintsandhighlycomplex environments. Nowoverfiveyearsold,TheFederalDatacenter ConsolidationInitiative's(FDCCI)goalisto reducethe costofdatacenterhardware,software,andoperation, increasetheoverallitsecuritypostureofthe government,andshiftitinvestmentstomoreefficient computingplatforms. Agenciesthatareparticipating inthefederaldatacenterconsolidationinitiative showanestimated3,800datacenterclosingsbytheendof2015.theseconsolidationswillfreeup1.7million squarefeetofland,aswellassave$3.3billion.manyagenciesarestillstrugglingtomigratelegacyapplications thatdonotsupportvirtualization,anddealingwithaskillgapintermsofoptimizingvirtualizedapplications. Thecost,complexityandpoliticalwranglingoverwhoactuallycontrolstheseapplicationshasmadetheroadto cloudcomputingabumpyone. Thethreekeybarriersthatpersistingreatercloudcomputingadoptioncontinuetobeadisconnected acquisitionmodelthatdoesn'tsupporton-demandservices,legacysecurityaccreditationandauthorization procedures,andculturalresistancetochange.thekeymechanismforaddressingthissecuritychallengehas beenthefederalriskandauthorizationmanagementprogram,orfedramp.thisprogramprovides a standardizedapproachtosecurityassessment,authorizationandcontinuousmonitoringforcloudproducts andservices. CurrentlyonlyapplicabletoFISMA-moderateworkloads,thisapproachusesa doonce,usemany times frameworkthatsavesanestimated30-40%ofgovernmentcosts,aswellastimeandstaffrequiredto conductredundantagencysecurityassessments.currently,thefedrampprogramisdraftingstandardsfor FISMA-Highworkloadstoenablemoresensitiveworkloadstoexistinpubliccloudenvironmentsin2016and beyond. Disconnected Acquisition Model NOT SUPPORT On-demand services Legacy security accreditation and authorization procedure Cultural resistance to change 1 Key Barriers FedRAMP (Federal Risk and Authorization Management) 2 Standardized approach to security assessment Authorization and continuous monitoring for cloud products and services Only applicable to FISMA-moderate workloads FISMA-moderate workload Do once, use many times 3 FISMA-High workload (2016 and beyond) 11

13 TheFutureofFederalIT Whileindividualprioritiescanbecharted,therealityis thatalloftheseinitiativesintersectintoaunifiedit strategy.fromtheuserperspective,havingaccessible data,secureapplicationsandarobustinfrastructureall arebasicfunctionsofgovernmentit.withlimited budgets,governmentitleadersneedtoinnovatejust tosurviveandhandletheincreasingrelianceonit. Becausegovernmentbusinesscan'tbeaccomplished withoutit,itisnolongeranicheforapplication developers. thecloudcanstrengthensecurity,astheresourcesarepooledwithinalargercommunityofusers.thesetypes ofinnovationarenotonlyabouttechnology,butcenteronthedeep-seatedculturalperspectivesofindividual agencies. Whilegovernmentleadersestablishpriorities,agency ITorganizationsarestillstrugglingtoprovidebasic accesstoapplications,supportforlaptopsand commodityitactivities.whilemanypocketsof innovationexistthroughoutthegovernment,theonesize-fits-allprioritylistisachallengefordiverse agenciesthathavedifferentmissions,budgetsand objectivestoservecitizensandtheirusers. Amuchmoreaggressivestanceisneededonsecurity, especiallyintheuseofheuristictools.asthe complexityofthesecuritytoolenvironmentincreases, CISSOsneedtoconsiderhowthecorrelationofthese dataelementscanbecombinedandautomatedto preventhacks.astrongersharedenvironmentsuchas 12