This special report is maintained by the technology evaluation team of FedCyber.com It is a reference to key mission drivers in the federal space– drivers you must track if you are serious about serving this market. Since this content is somewhat dynamic, please check with us to ensure you are operating off the most recent version of this document. This premium content is not for public dissemination.
And with agencies in government falling under complex governance processes involving both the executive branch for guidance and the legislative branch for funding and oversight, the complexities can rapidly magnify. The acronyms alone can be a deterrent to doing business in the federal space. But we believe anyone serious about business in the federal space can learn key concepts very quickly, and produced this paper to help you do just that.
Our goal: capture everything you absolutely MUST know about federal IT in under three pages.
Federal Mission Drivers:
Today’s federal IT environment is built up on years of legacy hardware and software and a wide range of often conflicting governance processes. Agencies are seriously constrained by budgetary constraints. These challenges are made worse by the exponentially increasing cyber attacks targeting our government and their networks. Against that backdrop transformation is occurring and it is occurring in ways focused on mission drivers. Your awareness of these mission drivers can help you best serve in the federal space.
In our opinion, the top technologies/trends that are driving federal IT decision making and spending are the following;
- Consolidation and Non-Duplication → Data Center Consolidation
- Mobile/Bring Your Own Device
- Big Data
Consolidation and Non-Duplication → Data Center Consolidation – Many papers have been written on all the assorted costs of data centers, and the sprawl of federal IT. It has been directed from the executive branch of the government, and every agency is working to consolidate holdings, consolidate data centers, and get rid of excess and underperforming contracts. Whether it is combining multiple systems into one, collocating services or anything else, the federal government will not just continue to build data centers and buy up hardware. Decision makers must get every ounce of capability out of what they already have, and that is what the rest of these trends aim to do.
Mobile/Bring Your Own Device – Smartphones have saturated the US market and changed the way users interact with the internet. Likewise, mobile devices have enabled field workers at the VA, air traffic controllers at the FAA and countless GSA users to find mission success without being at a desktop or laptop. Users want to use their own devices (BYOD) but it is imperative to secure the agency data and PII. Citizens want to interact with government via mobile as well. The mix of agency mobile and BYOD will profligate and be a force multiplier. Key to this trend though is getting FIPS 140-2 compliant hardware (right now the only devices are BlackBerrys) though clever agencies are using thin-client type containers to only display data (not store it locally).
Telework – Already, GSA is using VoIP to enable telework and a vastly mobile workforce. Mobile and BYOD tie into this category in a huge way. The government is pushing telework to consolidate the (enormous) amount of office space and utilities that they pay for. Telework is a way to save money and reward employees. Tying into telework is also the use of webex’s to coordinate meetings. All of these initiatives promote cost savings and increased mission support. At the end of the day, saving money on utilities and space are two great ways to increase the capabilities an IT organization can bring to bear for the agency.
Cloud/Virtualization – Cloud and virtualization tie together in the federal environment by providing on demand computing at a specific rate (instead of providing block computing that is only used part of the time). Virtualization can provide an internal pool of usable computing capabilities, while exploiting older hardware and limiting forklift upgrades. Similarly, cloud capabilities can remove a great deal of the workload from internal servers and IT staff, enabling experts to deal with every single issue as it pops up. Cloud email has become very popular, as well the use of social tools that enable collaboration across widespread enterprises.
Big Data – It seems today that all you hear about is big data, and is it a fad/buzzword/real thing? Well in our opinion it is very real. Data is exploding all over the world, and our ability to exploit that data (or extract, transform, load) into knowledge is not growing as fast. There is a real need to exploit the vast stores of data the government creates and ingests, and to manipulate it into useful form. Big data might just be the newest word for a phenomenon that is a long time in the making, but data stores are only getting larger and our ability to manage them is strained.
Cyber Security – Security is not a trend or a technology, it is an integral role of the development lifecycle of every capability or solution. Without security, the fanciest capabilities will fall apart, and will bring down the government with them. Security must never be forgotten, and the best that industry can do is make security a concern from the inception of development throughout the final stages of service.
While there are other trends in federal government (social media comes to mind) the defining characteristics of purchase and investment focus in these mission elements.
The Three Key Concepts of FISMA, FIPS and FedRamp
FISMA – Federal Information Security Management Act – designed to increase security controls by creating auditable repeatable compliance processes. The reality? Has increased security processes, provides clear benchmarks, but creates mountains of extra work that many believe actually prevent IT professionals from doing their job.
FIPS – Federal Information Processing Standards – define key aspects of how information is used and disseminated government wide. Key standards are 140-2 (security requirements for cryptographic modules), 200 (minimum security requirements for federal information and information systems) and 201-1 (personal identity verification for federal employees and contractors). All the FIPS standards have importance, yet these three are most frequently encountered.
- FIPS 140-2 is most often referenced in terms of mobile. It defines the encryption standards necessary for any device that will connect with systems such as e-mail. It also defines the encryption necessary to protect personally identifiable information (PII) that many agencies have in abundance.
- FIPS 200 is plain and simple the federal requirements necessary for information systems. This defines security standards and more.
- FIPS 201-1 defines how personal identity verification (PIV) systems should function (and who needs them). PIV systems are tethered to Public Key Infrastructure (PKI) encryption and can really provide enhanced security capabilities.
FedRamp – The Federal Risk and Authorization Management Program is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that has goals of saving cost, time and staff for government organizations making security assessments. Information on FedRamp is provided at the CIO.gov website.
This very short introduction to the federal space should help shape your approach to this important market. As you think through your role in service to federal IT mission needs please remember the analysts at FedCyber.com and Crucial Point LLC are here to help.