At the recent United States Public Sector user group, Dynatrace gathered government leaders and partners to discuss a range of technology topics. From FedRAMP to zero trust and artificial intelligence (AI), the group covered a range of challenges facing public sector organizations today. Luckily, they also discussed how Dynatrace is enabling government leaders to overcome these challenges and scale to new heights.
Streamlining FedRAMP certifications to empower federal IT modernization efforts
During the user group, participants considered how the “FedRAMP Moderate” classification is no longer adequate for federal organizations. To account for ever-changing IT environments, “FedRAMP High” certifications are necessary to add more controls and minimize risks. But up to now, FedRAMP has been viewed as a bottleneck process that delays the delivery of cloud services, which ultimately hurts modernization efforts.
“The Office of Management and Budget (OMB) is seeking to make certifications easier, and agencies will probably see a faster pace of authorizations in the second quarter of calendar year 2024,” said Ross Nodurft, policy expert and executive director of the Alliance for Digital Innovation. “This reinforces the idea that the government is serious about making FedRAMP work.”
The draft OMB memo released on October 27th could be a game-changer. The memo reveals that the government will work with industry to “trust” what the industry says it is doing to meet controls at a high level.
Notably, achieving FedRAMP approval serves as a gateway to seamless StateRAMP approval. Approximately one-third of U.S. states actively participate in StateRAMP. Consequently, vendors who successfully obtain FedRAMP accreditation gain the significant advantage of automatic approval in one-third of the states across the nation. This interconnected approval process opens up new avenues, allowing their products and services to flow through an expanded network of pipelines, thereby increasing accessibility and potential market reach.
For the Department of Defense’s Joint Warfighting Cloud Capability program, there are expectations for the quicker release and uptake of task orders. This too will expand the marketplace. In offering improvement points for FedRAMP, participants of the user group said authorizations must allow for the adoption of newer, emerging technologies, such as generative AI. Right now, introducing new capabilities hits bottlenecks in the FedRAMP approval process.
Embracing AI in the federal government
During the discussion, participants delved into the intricacies of the recent White House executive order on AI. Interestingly, the executive order reflects a strategic shift by the White House, emphasizing the promotion of AI adoption rather than advocating for outright bans within agencies.
The White House directive takes a nuanced approach, encouraging a risk-based framework for the adoption of AI technologies. This approach underscores the importance of evaluating and managing risks associated with large language models and generative AI outputs. The executive order seeks to strike a balance: fostering innovation while mitigating potential harms.
The user group participants emphasized the need for extensive testing in AI implementation. They underscored the crucial role of human involvement throughout the AI lifecycle to ensure ethical considerations and address potential biases. This aligns with the broader objective of responsible AI development and deployment.
Looking ahead, the OMB is expected to provide additional guidance on how to operationalize the White House executive order. This forthcoming guidance from the OMB will likely offer a roadmap for agencies and stakeholders, providing clarity on the execution of the order and further shaping the landscape of AI governance in the United States.
Adopting a zero-trust mindset
One user group participant described zero trust (ZT) as a mindset acknowledging inevitable breaches. The focus shifts to minimizing impact. Real-time visibility is essential to ZT and is crucial for understanding and responding to incidents. Dynatrace plays a pivotal role at federal agencies by providing visibility across all ZT pillars. Additionally, as part of a proactive security strategy, the platform enables security teams to monitor everything, from end users to code in development.
States are also looking to implement ZT and are taking their cue from the federal government. At a foundational level, we must understand what an ideal ZT architecture looks like. The presence of legacy environments – technology, processes, procedures, and people – also complicates the picture.
As with Star Trek, ZT will be an ongoing voyage. But agencies should build a ZT environment that doesn’t seek the “lowest price technically acceptable” pathway.
Dynatrace government customers share success stories
During this portion of the event, the former U.S. federal CISO Grant Schneider and a panel of Dynatrace federal government customers discussed the impact of all policies and directives. They also shared the challenges their agencies are facing, the solutions the panelists have seen, and how they can move forward. The panelists included representatives from the Department of Veterans Affairs (VA), the Coast Guard, and the Drug Enforcement Administration (DEA).
The panelists discussed how they make sense of the directives, create priorities, and best serve the mission. Participants also shared that it’s best to focus on not just technology, but processes and implementation. They counseled to separate various elements into individual projects instead of a huge architecture implementation all at once. Finally, they recommended identifying stakeholders and potential obstacles, as well as advocates who can accelerate program growth.
Then, participants and audience members shared the use cases and capabilities Dynatrace has enabled for agencies, including the following:
- At the DEA, Dynatrace facilitates monitoring and alerting of thousands of microservices, ensuring real-time situational awareness and issue detection before user impact. Dynatrace is also integral to the DEA’s ZT initiative.
- The U.S. Coast Guard benefits from Dynatrace’s fine-grained application-level visibility, addressing both functionality and security concerns. Additionally, Dynatrace will be integral in the Coast Guard’s future cyber operations center, emphasizing the importance of data, technology, and human oversight.
- The VA integration program relies on Dynatrace to enhance resiliency and observability across the entire network stack.
- In collaboration with Deloitte, a state government employs Dynatrace to migrate legacy apps to the cloud, ensuring thorough observation and planning for a successful transition.
- Other agencies use Dynatrace for diverse purposes, including obtaining compliance information feeds and preventing poor code from reaching production.
The future of digital transformation in the federal government
Federal agencies face many challenges in navigating future roads for FedRAMP, AI, and ZT. But, when leveraging Dynatrace observability, they find that they can monitor, analyze, and respond to activity and issues much more readily and successfully. This helps them make better decisions in terms of cloud deployment and security, AI operations and innovation, user authentication and authorization, and so much more.
To learn more about how Dynatrace can help your agency take huge steps forward in the digital transformation, then please contact us.