CBP Plans Its Move to the Cloud

Tom O'Keefe

By Tom O’Keefe, Consultant

Customs and Border Protection (CBP) recently released an RFI seeking industry input on a comprehensive cloud solution that may lead to an RFP later this year or in early 2020. Cloud is a big topic of conversation at federal agencies, but right now, its bark is much larger than its bite. We can expect that to change over the next few years. As this new RFI shows us, agencies are looking to transition significant portions of their environment to the cloud. While traditional IT delivery models may still hold their value, cloud is the future.

CBP is the largest component within the Department of Homeland Security, and how it manages cloud may be indicative of how some of the smaller DHS agencies may also do so. Kshemendra Paul, DHS’s cloud officer, has indicated that only 10% of DHS applications are currently in the cloud. Another 30% are in process or are slated to move to the cloud. Most of what has already been migrated are easy-to-migrate applications like email. Large, mission-critical applications are still being hosted on premise and are likely to be the last of the applications to migrate. CBP will likely use the contract that results from this RFI to accomplish this migration.

Read more of this post

Are You Ready for FedRAMP? It’s Time to Get Authorized

By Ryan Gilhooley, Enterprise Cloud Solutions Manager

Over the next five years, government cloud spending will continue to escalate dramatically. To operate as a successful government business, companies have always needed desirable products and strong sales teams. Now, FedRAMP authorization is also mandatory for companies looking to sell cloud solutions to government agencies. Companies without FedRAMP authorization for their software as a service (SaaS) offerings could quickly erode their competitive edge in the market and miss out on revenue opportunities.

Attaining FedRAMP authorization is not simple. The authorization process can realistically take two years or more and cost between $1 to $3 million, but it is imperative if you want to continue to succeed in the federal space.

Why Should You Care?
Becoming FedRAMP Authorized adds credibility to – and strengthens the reputation of – your company in the eyes of government customers. FedRAMP authorizations are now officially required for all federal agency cloud deployments at the Low, Moderate and High Impact levels. Only private cloud deployments intended for single agencies and implemented fully within federal facilities are currently exempt from this requirement.

What is FedRAMP Ready vs. FedRAMP Authorized?
The FedRAMP process benefits government agencies by verifying the security of cloud-hosted offerings through a rigorous authorization process. As they undertake this process, companies are granted a designation and subsequently listed on the FedRAMP Marketplace. Three designation levels – Ready, In Process, and Authorized – indicate organizations’ progress in getting their products and services fully authorized for government use. Achieving the “FedRAMP Authorized” classification is essential for selling to government agencies. Read more of this post

States Improving Cybersecurity Posture Through NGA Partnership

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

Spending Bills Provide Clues to NEW Federal Money

Tom O'Keefe

By Tom O’Keefe, Consultant

While there’s been political grandstanding around agency funding in the last few years, the current Democratic-led House committee is steadily advancing spending bills so that the full House can vote on them. Hopefully they’ll be sent to the Senate with plenty of time for negotiations, so they are on the President’s desk no later than October 1, 2019 (the start of FY20).

It looks like the House will be pushing several minibuses, or packages of spending bills, to the full floor over the next few weeks. In most cases these bills are significantly higher than the administration’s request, so agencies won’t be as cash strapped as they have the last few years.

While appropriations bills aren’t the best places to go hunting for opportunities, they do sometimes provide us some clues to new programs and initiatives starting up at agencies. Technology vendors might want to keep on top of these:
Read more of this post

DHS CISO Talks About Authentication, Supply Chain and Internet Regulation

By Lloyd McCoy, Market Intelligence ManagerLloyd McCoy Jr.

At a recent immixGroup vendor demo day, Paul Beckman, CISO at the Department of Homeland Security, touched on several technological challenges and frustrations that concern him – topics ranging from patching to supply chain risk to the inevitability of security regulations surrounding the internet.

“I want to get out of the patching business,” Beckman noted, asking, “why can’t I go to automatic updates?” “I don’t understand why we’re still relying on the selected pushing of patches,” he continued. A decade ago a service patch might have created the “blue screen of death” on machines, Beckman said, so that even today, “the ops side of the house is telling me, ‘what are we going to do if we get a bad patch?’”

“My response to them is that restore capability has matured greatly in the last decade. Something goes bad in the machine, push a button, you’re back to where you were at midnight last night.” Beckman added that technology has advanced to the point where the bad patch argument can be discounted and end points can go to automatic patching.
Read more of this post

Mayors Reveal Visions and Goals for New Fiscal Year

By Rachel Eckert, SLED Manager

As we approach the start of a new fiscal year for many local governments, we’ve been able to catch a glimpse of the visions and goals for the upcoming year through State of the City addresses that highlight a city’s budget, goals and key issues. The importance of understanding these issues is the first step towards creating lasting relationships with local municipalities.

The National League of Cities has just released their 2019 State of the Cities Report  which analyzes the content of 153 of those State of the City speeches from around the country from cities of all sizes. Here are the top ten issues:

  1. Economic Development
  2. Infrastructure
  3. Health & Human Services
  4. Budgets & Management
  5. Energy & Environment
  6. Housing
  7. Public Safety
  8. Demographics
  9. Education
  10. Government Data & Technology

Most of the issues are not specifically technology related, however, that doesn’t mean that technology isn’t a vital component. Understanding the issues and what activities a city is planning to undertake to address them can give you insight into areas of opportunity. Read more of this post

GSA Making Headlines: Why You Need to Pay Attention

Adam Hyman, Director, Government Programs

If you haven’t noticed by now, you may have been too focused on the final season of Game of Thrones. However, it’s definitely time to turn your attention to what’s going on at the General Services Administration (GSA).

Over the course of the last year, GSA has been making headlines across the federal procurement marketspace by reaching agreement with various agencies to pull into the Schedule 70 program (via BPAs), former agency-specific requirements and IDIQs. While some may argue this is simply a grab for additional contract fees, it makes holding a schedule contract a critical prerequisite for even more federal opportunities. Recent and major opportunities have included:

  • 2nd Generation Information Technology (2GIT) BPA, formerly NETCENTS (valued at $5.5B)
  • Defense Enterprise Office Solutions (DEOS) BPA (valued at $8.2B)
  • Information Technology Supplies and Support Services (ITSSS) BPA (valued at $5B)
  • NOAA Mission Information Technology Services (NMITS) BPA (valued at $2.1B)

Approximately $20 billion in estimated business is expected to funnel through the Schedule 70 program. This doesn’t even include GSA’s plans for a DEOS sister BPA or the Civilian Enterprise Office Solutions (CEOS) BPA! Read more of this post

%d bloggers like this: