FEDTECH: What IT changes has GSA made to adapt to new procurement methods as IT modernization continues?
Shive: To drive IT modernization efforts, GSA is reassessing traditional processes for procuring and delivering IT services. Fixed-price contracts limit the federal government’s ability to take full advantage of the benefits of cloud technologies, Software as a Service solutions and other leading-edge technologies.
These pay-as-you-go technologies allow federal agencies to rightsize their procurements by offering the flexibility to buy services as they are consumed, instead of overbuying. They require lower upfront costs, can be scaled to meet changing customer needs and allow customers to change service providers when prices fluctuate over time.
FEDTECH: What does GSA need to do to create a zero-trust environment?
Shive: GSA recently was awarded TMF funding to modernize legacy network systems and advance our zero-trust architecture strategy. We are beginning by focusing on the three zero-trust building blocks that we believe are foundational.
For users and devices, we are seeking to modernize and redesign our 20-year-old Active Directory stack and align to a new ICAM [Identity, Credential and Access Management] target architecture to ensure secure authentication and identity validation for key personas, including GSA staff, partners and public access, using cloud-based solutions where possible.
For networks, we are aiming to break down our traditional perimeter-based approach in favor of moving security directly to the users, devices, applications, and data. Here we have two key efforts focused on achieving microsegmentation.
Deployment of a SASE [secure access service edge] solution will directly connect users everywhere, at home and in offices via broadband, to a central security stack that then achieves secure authentication, validates identities and negotiates access at the application level.
Achieving microsegmentation within our building security network in 500 GSA buildings that house operational technology and IoT devices will support the running of our buildings. This is key to addressing the nascent state of security in this area and will further our efforts to combat challenges like ransomware that target this space.
Last, we are focused on further modernizing our security operations center and expanding it to also cover our governmentwide shared services. Here we have invested heavily to achieve security for workloads in the cloud that is reciprocal to what we have on-premises. To achieve this, we are investing in security automation, custom dashboarding, detection aligned to application workflows and business functions, and ongoing curiosity hunting.
By implementing these modernization efforts, GSA will improve user experience through seamless global connections to GSA-managed environments and applications while maintaining a zero-trust architecture. We will improve cybersecurity capabilities to continually verify the security of users, devices, applications and data, and achieve broad-based visibility across the GSA ecosystem with enhanced capabilities leveraging automation to manage and respond to threats in real time.