Trends In Digitizing Citizen Services

“We're seeing examples in agencies where things that may have taken 100 hours have been reduced to a few hours in one day. It's just about thinking about what's working and how can it be done better or different,”
-- Fred Butler, Jr. the senior director for industry strategy and solutions at DocuSign

Fred Butler, Jr.

Senior Director for Industry Strategy & Solutions at DocuSign

Partnerships that Impact Citizen Services

“DocuSign really accelerates the experience across virtually any platform or device. We eliminate manual tasks with configurable and automated workflows, and we're generating value for the agencies by seamlessly connecting workflow management with the overall tools that each of their teams are using on a day to day basis,”
-- Fred Butler, Jr. the senior director for industry strategy and solutions at DocuSign

Fred Butler, Jr.

Senior Director for Industry Strategy & Solutions at DocuSign

Agencies and industry alike have talked ad nauseam about how the pandemic has changed the way they work.

But now, more than ever, agencies have an opportunity to rethink how they deliver services to citizens based on what they have learned over the past two years and, maybe more importantly, what their customers have come to expect.

From President Joe Biden’s executive order on customer service to new focus on five life experiences including retirement, recovering from a disaster and transitioning to civilian life from the military, agencies are rethinking what service need to look like.

A big piece of that reimaging federal services is moving off of paper documents, taking advantage of cloud based software and easing the burden of sharing information across the government.

Some agencies are more aggressive than others in adopting electronic services, particularly e-signatures. The General Services Administration, the IRS and the Security and Exchange Commission, to name a few, are moving toward that self-service, mobile-friendly, digital model.

The benefits of this model are clear to those who use it.

Fred Butler, the senior director for industry strategy and solutions at DocuSign, said it will take a much bigger and continuous focus on both the customer externally and internally by the workforce for others to jump on the bandwagon.

“The biggest thing is really thinking about burden and the administrative burden in terms of facilitating workflows, which is something that we do regularly in business,” Butler said on the Innovation in Government show. “This is something that the government must do actively to really think about what are those things that can be refined and replaced in a way that enables things to be streamlined to be much more efficient, generating more value internally to the operations and also improve the employees’ experience of the work that they’re doing on a daily basis.”

From hundreds of hours down to a few

A recent example of an agency doing this is the Homeland Security Department. It recently challenged its workforce to reduce the paperwork burden by 20 million hours out of 190 million hours the agency puts on the public each year.

For DHS, and other agencies for that matter, Butler said that could mean moving paper forms to digital services, which would reduce burden, errors and time to process the services.

“We’re seeing examples in agencies where things that may have taken 100 hours have been reduced to a few hours in one day. It’s just about thinking about what’s working and how can it be done better or different,” he said. “We’ve worked with one large agency who really was thinking about the inspections process and the applications that go along with inspections. The reality that the information that they had was enabling potentially two inspectors to be at the same location conducting an inspection at the same time. By modifying their process, they could capture the information that they needed with one inspector and spread that information to the various components within an agency to give each the information that they needed to do their jobs appropriately.”

Butler said this example is one that could be repeated many times over across the government. DocuSign estimates that the public sector relies on 25,000 forms and it costs an estimated $40 billion to manage and update content that is still being done in a paper format. It also costs approximately $117 billion in “time tax” to fill the paperwork out, to ensure that it’s done correctly, to send it through the workflows internal to the government and to hopefully get it back to the constituent or customer in a timely manner.

“There is a tremendous opportunity for change,” he said. “We’re seeing a lot of agencies are really taking this opportunity to address the opportunity to improve and to transform their systems. But there’s so much more that can be done.”

Improve workflows, mitigate security risks

Butler pointed to another example with an agency that manages an appeals process.

“We were able to see that agency recognized value that included a 70% reduction in email. There was an improvement from 99 to 17 days in terms of the workflow process. This generates value for both the customers and their constituents,” he said. “DocuSign really accelerates the experience across virtually any platform or device. We eliminate manual tasks with configurable and automated workflows, and we’re generating value for the agencies by seamlessly connecting workflow management with the overall tools that each of their teams are using on a day to day basis.”

Additionally, he said moving away from paper, improving the workflows and using commercial cloud services also can mitigate security and other risks.

Improving an agency’s workflow, Butler said, can have a bigger impact on constituents than just digitizing a paper form.

He said several agencies have already digitized forms, but into PDF documents that still need to be emailed.

“All of that can be done, authenticated in a more refined approach. We’re seeing examples of that occur. Some of those examples are really being magnified by multiple solutions working together in an effective way,” Butler said. “You may have a couple of different parties working with an agency to ensure that this solution that is provided is one that goes from A to Z. It’s really thinking about the whole process and how the full workflow is going to be engaged in a refined manner. That is something that we’re seeing a lot more of now.”

Butler added the overall goal is for agencies to rethink their entire workflow, understanding the chain of command, taking advantage of digital signatures and manage the entire process.

“There’s a huge value to the government to be able to look at the various different components of paper and agreements that they have across each of the components. Oftentimes, there is an ability to use analytics and be able to see where they are getting the most value. What processes are being put in place to achieve that value? Who are some of the players that are contributing and generating the most bang for the constituent or the US, and their resources in government?” he said. “I think that there’s a wealth of opportunity to think about program management across government because it’s that one variable that is consistent in every agency. To achieve the mission, you have to implement programs and to implement those programs effectively you have to streamline your processes and more effectively use partners to help achieve your goals.”

“For federal civilian executive branch agencies to maintain a complete understanding of what internet-accessible attack surface they have, they must rely not only on their internal records, but also on external scans of their infrastructure from the internet. CISA will provide data about agencies’ internet-accessible assets obtained through public and private sources. This will include performing scans of agencies’ information technology infrastructure,” the report said.

External network discovery is necessary because, according to Joe Lin, vice president of product management at Palo Alto Networks, most large enterprises, including government agencies, are only aware of a fraction of their internet-exposed assets.

This amount of unknown assets becomes a more urgent issue with two recent cybersecurity directives. The first is an emergency directive for the Log4j vulnerability, which is comprehensive but assumes that agencies have an accurate picture of their own postures. The second is Binding Operational Directive 22-01, which directs CISA to maintain a log of known exploited vulnerabilities and directs agencies to patch against them.

But no federal civilian executive branch agency can patch assets they aren’t aware of.

“The underlying problem is that for sprawling attack surfaces, organizations simply don’t know what they don’t know,” Lin said. “So even when they are trying earnestly to be in perfect compliance, the reality is that, oftentimes, there are parts of their networks that are out of compliance. Due to human error, due to the federated nature of government agency networks, these things get misconfigured, they are forgotten about, they’re overlooked, and they’re misreported.”

Lin explained sometimes the assets created outside of security processes are shadow IT, or they are misconfigured internet-of-things devices, or redundant emergency remote access servers that weren’t secured correctly.

Lin believes that the first thing agencies must do to remediate the situation is to acquire some kind of internet operations management capability. This capability would have to continuously scour the entire global internet looking for assets belonging to the agency that are accessible. Lin said that while most agencies can discover substantially more assets than they knew about, Palo Alto Networks helped one agency discover twice as many assets as they were originally tracking.

“At a high level, we’re able to communicate with every single asset that’s exposed on the entire global internet,” Lin said. “And then based on how those assets and devices communicate back to us, we’re able through machine learning to automatically attribute each of those assets to the organizations that they belong to in a hyper granular way.”

This means being able to attribute the asset beyond just the agency or department level. Lin explained that machine learning allows Palo Alto Networks to attribute the asset to a specific server, router, or device owned by subcomponent organizations. It then assigns the asset for mitigation to specific individuals in specific offices.

“The fundamental idea here is that we shouldn’t be creating more work for an already overtaxed federal workforce,” Lin said. “We hear from security operations center analysts all the time that there’s a deluge of alerts and tickets and things that they need to do. And the reality is that 95% – maybe even 99% – of all those tasks can be automated in some way, shape or form, which then frees them up to really focus on only those parts of their workflow that require human judgment and human intuition.”

This gives federal agencies the ability to exercise greater command and control over their networks. This set of capabilities allows federal agencies to create a list of machine-readable policies at one end and follow that through to an operational conclusion; namely, how can agencies get these things addressed, mitigated and cleaned up as fast as possible?

“We cannot simply rely on manual reporting for accurate situational awareness across different components of large enterprises,” Lin said. “We really need a tool capable of continuously monitoring enterprise-wide compliance against any security policy that is centrally pushed out.

Data Strategy

“We've reimagined data from being a passive asset to an active asset. Putting it in motion — where the thing that happens, whether it's at the edge or whether it's in a call center — is the catalyst for taking really specific, targeted action.”
— Jason Schick, general manager for U.S. public sector, Confluent

Jason Schick

General Manager, U.S. Public Sector at Confluent

Addressing Data Lakes

“If you bring data to that point of impact, you can have a much more rewarding experience ... and also a more cost-effective experience.”
— Jason Schick, general manager for U.S. public sector, Confluent

Jason Shick

General Manager, U.S. Public Sector at Confluent

As part of the Federal Data Strategy, agencies need to accelerate the value of their data to drive real-time decisions.

Data is the connective tissue across all agency missions. Whether serving citizens at the Social Security Administration and the IRS or defending the homeland at the departments of Defense and Homeland Security, data drives decisions.

The challenge, of course, is taking advantage of the right data at the right time — and the government is flush with data.

To help reign in this data monster, agencies have been using concepts outlined in the Federal Data Strategy. The action plan, released in the fall of 2021, outlines 11 goals for agencies to meet as part of setting a long-term foundation for using data in new and better ways.

The strategy emphasizes the need for enterprisewide data standards and coordination of data use across agencies, as well as using data to inform annual budget planning. The administration expects agencies to start addressing these enterprisewide goals beginning in 2023.

The Office of Management and Budget has directed agencies to optimize self-service data analytics capabilities starting in 2026. And by 2029, agencies are supposed to reach the final stage: making proactive, evidence-based decisions and automating data improvements.

Taking advantage of federal data now

While the strategy lays out a long-term plan to accelerate the value of data across government, there are things agencies can do today to take advantage of their information and inform decisions.

Jason Schick, general manager for U.S. public sector at Confluent, said many public and private sector organizations struggle to get their arms around their data because there is so much of it and it’s always changing. The growth of mobile computing, which has increased the push and pull of data to and from the network edge at most organizations, adds complexity to the effort, he said.

“Out there on the edge particularly, but anywhere in the real world, things are constantly changing. Data is just that digital representation of what’s happening in the real world. We want the data to change. We want the data to move to the people in the system, to the teams, that are responsible for taking action,” Schick said on the Innovation in Government show, sponsored by Carahsoft.

“We’ve reimagined data from being a passive asset to an active asset. Putting it in motion — where the thing that happens, whether it’s at the edge or whether it’s in a call center — is the catalyst for taking really specific, targeted action.”

The concept of data in motion focuses on making information the connective tissue between applications and people so that organizations can analyze the data, react and respond in real time.

Fine-tuning federal data

But too much data all at once isn’t helpful either. That is why Schick said the proactive nature of data in motion must be fine-tuned to the mission need and the user need.

That approach makes it possible for an organization to provide “a highly personalized experience for the citizen, the claimant, the call center operator, whoever it might be. The data itself is going to be a really good guide for what they care about,” he said. “If you bring data to that point of impact, you can have a much more rewarding experience. You can give them a much more personalized experience and also a more cost-effective experience.”

Schick offered the example of a civilian agency where Confluent is helping modernize claims processing.

“It requires a whole lot of steps, both internally and checking on data from other government agencies, to determine eligibility of the applicant. By modernizing and sharing that data in near real time, they’re able to offer a much better experience to the applicant. They’re able to act a lot faster. When there are fraudulent applications, they can take action,” he said.

He described it as a fairly straightforward effort that’s cool because it brings together multiple systems across different agencies. “It feels like we’re entering something of a golden age for data in the federal space, and it’s an exciting time to be here,” Schick said.

But it’s not just the ability to move and share data in real time that’s exciting. It’s also the ability to use artificial intelligence, machine learning and other capabilities to improve data analytics, which ultimately can lead to better decisions, he said.

Training models to drive decision-making

Bringing together large data lakes and databases can be difficult for any organization, but it’s necessary to develop and train AI models, Schick said.

“If you don’t have enough data to build a model, you’ve just got an opinion,” he said. “Once you’ve got those models, how do you operationalize them? How do you inject them into the business or into the mission? Well, you probably want to apply those AI and ML models to the data in motion, as it’s moving from wherever it’s captured to the people that are responsible for taking some action.”

Going forward, to achieve more data-centric and data-driven decisions, government IT teams should be injecting AI and ML models into their organizations’ data streams, Schick advised. But a key factor to make data in motion work well also requires decoupling data producers from data consumers, he added.

“By doing that, multiple agencies can share data freely, and the cost of that initial integration is a lot less,” Schick said.

It also creates an environment in which the participating organizations don’t impose restraints on one another, he explained. “They can continue to evolve as they would want to. They can continue to add other subscribers to this data service that they create, without creating this brittle interdependency between lots of different systems. We’re seeing customers start to recognize that that’s the case.”

To Learn More Contact Carahsoft or Confluent

 

Playing catchup and having partial solutions is not a great mode of operation. I think you need to be prepared for future threats as well, and I really believe that artificial intelligence technologies are one of those things that gives us a step function — ability to help fight the increased threats that are coming out.

Charles Eagan

Chief Technology Officer, BlackBerry

 

We think a solid cybersecurity strategy needs to focus on prevention because it’s much harder to contain a cyberthreat once it’s been let into the network and exposed. We use AI, for example, to detect something before it’s ever opened so it doesn’t create any of the cleanup challenges that would otherwise be needed.

Charles Eagan of BlackBerry

The impact of the BlackBerry® handheld device on agencies continues to this day. In fact, when asked about it, 73% of federal employees told Federal News Network the device had been “very impactful.”

So when BlackBerry decided to stop supporting the much-beloved device, it marked an end of an era in the federal government.

But what it didn’t mark the end of is what made the BlackBerry so popular — no not the Qwerty keyboard, which a majority of people mentioned was the best part of the device — and that is security for mobile users.

Several respondents to the survey mentioned how much they trusted the BlackBerry device. It was maybe the only device that actually worked during the September 11 attacks.

It was that security and trust that helped establish the device and company in the federal sector.

Now, BlackBerry is known as a security company.

As agencies move toward a zero trust architecture and continue to expand their networks to support remote workers and the hybrid workforce and address the challenges of connected devices, the ever-growing cybersecurity challenge becomes more complex.

Security mantra: Build in, not bolt on

Agencies must continue to figure out how to navigate the current cyber environment and find the right balance between security and accessibility, said Charles Eagan, chief technology officer at BlackBerry.

“Security is not something you want to be retrofitting,” he said on the Innovation in Government show. “You want to learn [as you go and] we have a long list of wisdom that comes from our cybersecurity background. We should be applying that so that we can react and adapt to the next level threats that are coming.”

Eagan said this is especially true as hackers are becoming more sophisticated and nation states more brazen.

“Playing catch up and having partial solutions is not a great mode of operation,” he said. “I think you need to be prepared for future threats as well, and I really believe that artificial intelligence technologies are one of those things that gives us a step function — ability to help fight the increased threats that are coming out.”

He said the remote work environment raised the cyber stakes across the public and private sector.

“As everyone went home and started working, that environment wasn’t necessarily secure, and we had to figure it out as we went along,” Eagan said. “Incidentally, I think we’ve probably built up some security backlog. There’s probably some sensitive information that is being stored and managed in insecure ways just out of necessity. There’s probably some cleanup required.”

Hope is not a cyber strategy

One way to get at that backlog is through AI and machine learning tools and capabilities.

AI can provide dynamic security modeling to detect mobile devices, desktop and laptop computers, the network and anything else that could be compromised, Eagan said.

“Certainly, artificial intelligence is an important part of building the solutions to detect when these have been compromised, but I think you first need to understand what you have in your network,” he said. “Then, you need to understand what the threats are and how you’re preventing against them today because hope is not a good plan for your cyber strategy.”

Eagan said once agencies take that first step to understand what is on their network and where threats could be coming from, AI can help monitor and manage all the data that comes from the network.

Whether the AI tools are detecting malware or alerting security operations center workers about behavior patterns that don’t match historical precedent, agencies will be in better shape to protect themselves, he said.

Eagan offered some examples, such as a lot of files being read from the internet or sent to the internet, or a directory that’s being operated on. Using AI monitoring, agency might not specifically know that there’s malware involved, but it would know that the activity “kind of smelled bad” and offer a probability of malicious activity, he said.

“We think a solid cybersecurity strategy needs to focus on prevention because it’s much harder to contain a cyberthreat once it’s been let into the network and exposed,” he said. “We use AI, for example, to detect something before it’s ever opened so it doesn’t create any of the cleanup challenges that would otherwise be needed.”

What’s more, agencies need to take more advantage of automated detection and response tools as attack vectors continue to increase and bad actors become cleverer and more dangerous, Eagan added.

“There’s a great urgency for companies and governments to strengthen their cyber resilience because of this increased attack surface. They need to understand their supply chains and rely on vendors to publish their software bills of materials,” he said. “I think our AI-driven approach can help agencies create the right security infrastructure to help them get to that more protected state of operations within this increased threat environment.”

Listen to the full show:

About BlackBerry

BlackBerry provides intelligent security software and services to enterprises and governments worldwide. The company secures more than 500M endpoints including 195M cars on the road. By leveraging AI and machine learning, the company delivers a prevention-first security posture. BlackBerry’s vision is clear—to secure a connected future you can trust.

Workforce Transformation Trends

We really need to evaluate the processes, the technology and the people, and bring them all together in a very human centered way.

Stephen Ellis

Government Solutions Lead, Zoom

Advice for Process Reengineering

We have an opportunity to break down those siloes even more because it's just as easy to talk to someone in a different division, a different agency, as it is to the person on your team because the technology offers those opportunities. We definitely want to take advantage of them.

Stephen Ellis

Government Solutions Lead, Zoom

Last November, the General Services Administration closed sales on several high-value federal properties at the recommendation of the Public Buildings Reform Board.

This was a combination of land and office space that GSA believed were valuable, but not needed any more.

The sales marked the first of several that the board estimates will bring in about $500 million in revenue over the next year.

And this may just be the beginning as agencies reconsider what returning to the office looks like as we all learn to live with the pandemic’s ebbs and flows.

The Office of Personnel Management told agencies in new guidance to assist agencies in updating their current telework and remote work policies especially as OPM and agencies further define a broad vision for the “future of work,”

OPM told agencies they should strive to fully integrate telework into their culture, providing all employees the opportunity to telework at least occasionally.

Over the course of the next year or more, agencies will need to make a host of decisions about the future of work, both from an operational perspective like whether or not they need to reduce office space and a managerial perspective like how do they create that inclusive and collaborative environment.

Time to rethink mission delivery

Stephen Ellis, the government solutions lead at Zoom, said the change agencies have experienced over the last two years hasn’t just been extraordinary in many ways, but forced them to rethink every part of their mission delivery.

From how agencies serve citizens to how they collaborate internally and across agencies, Ellis said people have been and must continue to be at the center of these transformations.

“It takes people, process and technology together as a very coordinated approach. It is three legs of a stool, and you need all three to work together. When it doesn’t work, it’s a broken process and we can see it right away,” Ellis said on the Innovation in Government show. “We really need to evaluate the processes, the technology and the people, and bring them all together in a very human centered way. I think that is the innovation that we’ve seen, where agencies are implementing these processes, looking at technology to serve how people work.”

And employees are definitely working differently these days. Remote work continues to be a dominant approach for many federal employees. But agencies are starting to bring employees back to the office, creating a hybrid workplace for the foreseeable future.

Ellis said this is why it’s important for the technology and processes to serve the people in a way that accounts for the needs of the different generations of the workforce.

“I would challenge government purchasers to say this new IT solution that I’m deploying in whatever area that is, is it designed in a way that’s very easy or intuitive to use? Are people comfortable in how they’re using it?” he said. “Certainly a lot of thought has gone in terms of how Zoom works and how it can be used, and we continue to do that for the future and in our development. And I would imagine that my colleagues across industry are trying to do the same thing. So I would say to anyone who’s out there who’s looking at making a federal purchase of some technology to make sure that it’s intuitive and usable.”

No more silos

This means, Ellis said, IT and process modernization must happen in a way that puts people at the front and center.

“We have a fundamental need to reorganize the office in ways that are more collaborative. If you think about the silos, we say government was full of silos. One of the things the winds from COVID brought is we were able to break down a lot of silos,” he said. “We have an opportunity to break down those siloes even more because it’s just as easy to talk to someone in a different division, a different agency, as it is to the person on your team because the technology offers those opportunities. We definitely want to take advantage of them.”

He said the technology will become more important as the days of being able to walk up to an office or an in person meeting will become less typical.

“It’s not just being in a place and doing work. I think building that culture and empowering the outputs is what has to happen and that’s a big shift, but it’s one that we’re going to see a lot of going forward,” Ellis said. “There’s a lot of ways that can happen as we envision this process. We can improve IT and building that culture. That’s where I think the remote element can really help. We’ve talked about a lot of different inclusion and accessibility goals. We talked about personalities and cultures. We want our federal culture to make sure that, for example, introverted people feel like they’re valued and that they’re not overwhelmed by information. We want to make sure that we’re benefiting from a workforce that’s maybe not exclusively within commuting distance to the Capital beltway region.”

Ellis said this culture change requires coordination among the entire CXO suite. They have to recognize the changing nature of work and adjust expectations for remote and in-person employees.

Listen to the full show:

About Zoom

Zoom is for you. We help you express ideas, connect to others, and build toward a future limited only by your imagination. Our frictionless communications platform is the only one that started with video as its foundation, and we have set the standard for innovation ever since. That is why we are an intuitive, scalable, and secure choice for large enterprises, small businesses, and individuals alike. Founded in 2011, Zoom is publicly traded (NASDAQ:ZM) and headquartered in San Jose, California. Visit zoom.com and follow @zoom.

Legacy IT modernization and cloud collaboration

Gartner has this stat that says 60% of an employee’s work is self-managed, which means a large part of their job has to be accomplished using what's on their desktop, or what they can access on the cloud. Nobody tells them exactly how to do it.

Chris Aherne

Vice President of Federal, Smartsheet

Low-code/no-code platforms and protecting data

Every day, they can create workflows, they can collaborate with others and go through the big exercise of preparing reports from the boss for the big monthly meeting or those sorts of things. Because they're able to see an aggregate of all of what all their employees are doing, how they're tracking across projects and processes and those sorts of things, CWM gives you the capability to actually see what people are working on day in and day out.

Chris Aherne

Vice President of Federal, Smartsheet

Data is the fuel that is driving agency mission success. The challenge for many agencies is pulling the data out of siloes and aggregate so senior executives can make better decisions.

The thirst for this data and the need for tools to help collect and understand it is growing off the charts. Deltek, a market research firm, estimated that agencies will spend more than $4 billion by 2024 on data analytics tools. That spending is on top of other drivers like cloud and infrastructure modernization and workforce training around big data.

The benefits of breaking down the data siloes and integrating data are huge. During the pandemic, agencies saw them first hand where sharing information across the agency and the government helped improve citizen services and achieve mission goals.

A paper from the Harvard Kennedy School of Government found the benefits of using data to move toward a leading indicator instead of a lagging indicator includes financial savings, operational improvements and increased faith and trust in government.

The key to achieving these and other improvements is real-time access to the data and analysis to ensure changes can be made sooner than later and the leadership are all working from the same page.

Chris Aherne, the vice president of federal at Smartsheet, said agencies can move toward this data-driven environment by focusing on a combination of people, process and technology.

On the people side, Aherne said it’s a matter of training so employees understand how to use the tools at their disposal.

“Gartner has this stat that says 60% of an employee’s work is self-managed, which means a large part of their job has to be accomplished using what’s on their desktop, or what they can access on the cloud. Nobody tells them exactly how to do it,” Aherne said on the Innovation in Government show. “They get some training and those sorts of things, but they have to build processes, they have to build workflows and they have to integrate and get the data that they need.”

At the same time, these desktop systems create data and application siloes that force agencies to shift between the tools they need to complete their mission.

Aherne said one solution that more and more agencies are turning to is a collaborative work management (CWM) platform.

What typifies a CWM solution, the first tenant is usability. You need to have a capability that’s out there that folks can learn in a matter of hours or days as opposed to months. That’s a big tenant,” he said. “Then the other part is cloud. So if you think about it, if I’m working on an Excels spreadsheet that only I can see, then I have to save it, then I have to email it to you. I have to report on it and get it to my boss, right, and all those sorts of things, while I’m jumping from tool to tool and place to place. The average person–I saw the study from Pegasystems–switches screens 1,100 times a day. It’s not necessarily the best way to work. And CWM is a platform where, leveraging the cloud again, you can do all that stuff in one place.”

Meanwhile, the training of people to use the tools, the applications themselves must promote and make collaboration easy, and then there are the processes.

Aherne said the CWM platform helps agencies automate processes and promote the use of low-code and no-code development tools.

“Every day, they can create workflows, they can collaborate with others and go through the big exercise of preparing reports from the boss for the big monthly meeting or those sorts of things. Because they’re able to see an aggregate of all of what all their employees are doing, how they’re tracking across projects and processes and those sorts of things, CWM gives you the capability to actually see what people are working on day in and day out,” he said.

Aherne said when agencies combine the people, process and technology under a CWM platform, they can see up to a 40% increase in productivity from the same number of staff, they can reduce their risks due to having better visibility into what was going on all their projects at all times and rely on data to drive better decisions.

Listen to the full show:

About Smartsheet

Smartsheet is the enterprise platform for dynamic work. By aligning people and technology so organizations can move faster and drive innovation, Smartsheet enables its millions of users to achieve more.

Smartsheet Gov empowers agency leaders to bridge silos across teams, gain real-time visibility across initiatives, and accelerate mission results while maintaining security. Built to meet the enhanced compliance requirements of the US Government, Smartsheet Gov is a FedRAMP and DISA IL4 authorized cloud-based collaborative work management platform that enables agencies to achieve more across every department.

Find out why federal government agencies like the DoD, GSA, and NASA trust Smartsheet with their work at help.smartsheet.com/government.

The Impact of the Cyber EO on Agencies

This is a once in a generation opportunity.  We have the pandemic as a burning platform for a lot of the modernization projects that agencies had on the shelf, but hadn't really gotten around to, but then they had people working from home and were delivering services remotely and needed to get those projects going.

Juliana Vida

Group Vice President and Chief Strategy Advisor, Splunk

 Threats that Agencies Face

There are several different value propositions of cloud. Speed so you can move faster. Agility so you can change your configurations and move things around. There's also efficiencies to be found because agencies don't have to manage the infrastructure and pay for all the data center hosting.

Juliana Vida

Group Vice President and Chief Strategy Advisor, Splunk

Since May when President Joe Biden issued his cyber executive order, the Office of Management and Budget has been busy developing implementation memos.

There was the most recent memo on end point endpoint detection response in late October. Before that OMB released the draft Zero Trust strategy and is reviewing public comments on that strategy with a final draft expected out in the coming weeks.

OMB also issued memos around securing on-premise software as well as logging incidents.
And more memos and guidance are coming as the EO detailed 23 different required actions by agencies to address systemic cybersecurity problems.

Beyond the required actions, the EO also has changed the discussion about federal cybersecurity. The urgency brought on by a spate of attacks in early 2021 and the surge of funding from Congress to the Cybersecurity and Infrastructure Security Agency is generating a once in a generation opportunity to do more to get ahead of attackers, secure data and systems, and create a modern infrastructure that can change as the threats change.

Juliana Vida, the Group Vice President and Chief Strategy Advisor for Public Sector at Splunk, said agencies can use the momentum created by the EO, the funding from CISA and the technological advancements of the market to harden their cyber resolve.

“This is a once in a generation opportunity. We have the pandemic as kind of a burning platform for a lot of the modernization projects that agencies had on the shelf but didn’t get around to. Then they had people working from home who were delivering services remotely and needed to get those [modernization] projects going,” Vida said on the Innovation in Government show. “Now with the cyber executive order, and the memoranda, those are helpful policy guidelines that not only give specifics to the agencies but it gives them some deadlines that are pretty aggressive. It allows industry to respond in a way that is truly meaningful.”

Vida and other experts lauded the cyber EO and implementation memos for being prescriptive enough, but also taking into account that each agency is different enough and starting at an assortment of points to improve their cybersecurity.

“It’s a win for each of the agencies to show some creativity, to show some innovation, and let the people come up with a solution that works best. given the domain that they have knowledge on,” she said. “I really do think it’s a win-win as we’re already seeing organizations put their plans in place based on their maturity.”

No matter where agencies are starting, Vida said the OMB memo from August on incident logging is a good place to start and/or focus initial efforts on improving.

In that memo, OMB established a maturity model around event logging and required agencies to assess their current state against the model.

“What we’re finding is that agencies don’t always know where to start to with incident event logging. Well, when you start with the logs, that’s like the ground truth,” she said. “We talk in general terms about listening to your data, or go back and look at the logs and figure out where the cybersecurity event happened. But that takes a lot of deep inspection, and it takes a lot of time. Unless you have this robust data analytics platform to do it, it can just be another burden on the agency. If agencies want to use their workforce to manually go through logs, and try to meet these requirements of the EO, but still maintain a good cybersecurity posture, that’s a losing proposition.”

Instead, Vida said using a cyber and data analytics platform like Splunk can not only get you compliant with OMB’s memo, but, more importantly, identify patterns, vulnerabilities and relieve some of the burdens on the cyber workforce through the use of automation and orchestration.

Vida added running the data analytics on a cloud infrastructure raises the value of the platform.

“There are several different value propositions of cloud. Speed so you can just move faster. Agility so you can change your configurations and move things around. There are also efficiencies to be found because agencies don’t have to manage the infrastructure and pay for all the data center hosting,” she said. “All of that drives speed and it allows the speed of the data processing and for the workforce to be able to do higher-level work, then trying to reconfigure passwords.”

About Splunk, Inc.

Splunk Inc. (NASDAQ: SPLK) turns data into doing with the Data-to-Everything Platform. Splunk technology is designed to investigate, monitor, analyze and act on data at any scale. Learn more at splunk.com/publicsector.

Even with reskilling and training employees, agencies still aren’t guaranteed success in using DevSecOps. Many agencies need to become more comfortable with automating the security controls as well as change the way these projects are funded.

This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.

Employee Engagement

[Ensuring the employee is supported and cared for] is extremely important in the federal space because, obviously, federal agencies can't outspend the private sector when it comes to talent acquisition. They actually have to elevate their experiences so that you're not making a sacrifice of quality of work life and quality of financial security to work for the federal government.

Kevin Brooks

Principal Digital Strategist, DoD & IC, ServiceNow

Culture and Technology

How do you connect and build culture through a digital platform when you have employees who are working through disparate locations? One way to do that is going to be senior leader engagement via technology, using Zoom or whatever platform you use for more than just meetings. It's really re-recruiting your talent. You have to make them feel a part of the mission or a part of the organization by raising the cultural bar through technology.

Kevin Brooks

Principal Digital Strategist, DoD & IC, ServiceNow

Over the last 20 months, every agency and every business has experienced major changes to their workplaces. We don’t have to tell you just how different your office is today than it was pre-pandemic.

The one thing agencies, and really all organizations, need to continually assess and address the well-being of employees.

The annual Federal Employee Viewpoint Survey (FEVS) found a 3.9-point increase in employee engagement scores last year. Employees collectively scored agencies 86.1 points for the support they received during the pandemic and their work units’ ability to deliver on missions.

Overall it was good news for the last few years. So as agencies move into fiscal 2022, they must find ways to improve their employee engagement scores as remote work, virtual meetings and the like remain the norm as employees work in a hybrid environment.

Researchers from the Partnership for Public Service and Boston Consulting Group found successful agencies have a culture of integration that helps employees build their skills and professional networks. Researchers also say having a defined career path and a connection to mentors helps create a successful relationship with the agency.

Underlying this is data and technology to help drive agencies toward the overall goal creating a healthy workplace.

Kevin Brooks, the principal digital strategist for DoD and US Intelligence Community at ServiceNow, said agencies need to recognize the need to do more to care and support their employees. He said this means ensuring the employee is supported and cared for across the continuum of their career through internal and external activities and resources.

“That’s extremely important in the federal space because, obviously, federal agencies can’t outspend the private sector when it comes to talent acquisition. They actually have to elevate their experiences so that you’re not making a sacrifice of quality of work life and quality of financial security to work for the federal government,” Brooks said on the Innovation in Government show sponsored by Carahsoft. “At least if you do that, you have the opportunity to play on people’s sense of duty and call to duty. The workplace experience really matters and technology can really help because it’ll help bridge that employee and that manager relationship, which is very critical. We finally started talking about how people don’t leave bad jobs they leave bad bosses.”

As the federal workforce continues to work in an hybrid environment for the foreseeable future, Brooks said creating that connection among employees, and especially the leadership, and ensuring that collaboration is secure and easy, are among the most important considerations to maintain and expand an organization.

“How do you connect and build culture through a digital platform when you have employees who are working through disparate locations?” he said. “One way to do that is going to be senior leader engagement via technology, using Zoom or whatever platform you use for more than just meetings. It’s really re-recruiting your talent. You have to make them feel a part of the mission or a part of the organization by raising the cultural bar through technology.”

Brooks said one approach to better connect with employees is through something called journey management where a supervisor and an employee use tools to help them navigate their career.

“It starts with onboarding and having a smoother onboarding process called a journey accelerator. It’s where the manager can create a customized role-based plan for each employee, which shows that personal touch and they can use that to organize activities and tasks to personalize that employee’s experience,” he said. “Then there is something called listening posts, where we capture their feedback in a more consistent manner. Rather than just having an annual employee survey, this listening post goes out every one once in a while within a periodic cycle and you’re able to get the employees feedback. We do same thing for learning posts where we can elevate that training environment for that individual employee experience and human resources can build a set of experiences for a particular work group.”

Brooks added that these small, but important efforts keep employees connected to their job and to the culture of the organization.

All of these efforts can be summed up around three common themes:

• Employee care and support, which is focused on making sure they feel supported and cared for across the continuum of their employment.
• Communication, which is focused on your organizational values, expectation and then enabling employees to participate in those discussions and those activities that help elevate the culture and then when things do go wrong ways either poor performance or something happens interpersonally between employees, how do you reduce those things?
• Accountability, which is how you address challenges that do come up.

“We’re at an inflection point. COVID drove the federal government to make some decisions faster. Things are probably coming, but they had to get there sooner. So now, don’t go back. We have an opportunity to actually keep the pedal down and go,” Brooks said. “You have two restive generations coming into the workforce. They’re going to have different expectations. You’ve got GenXers like us who think we’re technical, so we are willing to grow with it. As we rise to more senior levels, use us and use that the opportunity that COVID provided to actually elevate your transformation and keep going.”

Listen to the full show:

About ServiceNow 

Citizens rely on government services daily. Today, agencies face rising demand, increased expectations, and constant scrutiny. Digital transformation isn’t easy when legacy technology and processes hold you back at every turn. But agencies everywhere are rising to the challenge.

With ServiceNow, government agencies empower the workforce and improve service delivery workflows, to deliver an excellent citizen experience—today and into the future. ServiceNow enables government agencies to empower their workforce and make work flow securely. With one platform, agencies can modernize their IT and processes for their workforce to deliver an excellent citizen experience.

milCloud® 2.0 Overview

For our customers, it's a hybrid cloud world. Customers will have some on-premise, like some mainframes that will probably stay put. They've got Azure and AWS and all kinds of clouds. And what we are for our customers is that one stop shop. So, if a customer needs some AWS, they can get some AWS. If they want some on-premise, they can do that, too. We're truly agnostic and we care about what the DoD needs.

Eric McGrane

Growth Leader, Defense Enterprise Services Sector, GDIT

The Transition to the Cloud

One of the things that customers didn't really grasp early on was the data transaction fees. That's a major selling point for on premise cloud. Because we sit on the DoDIN, we don't have data transaction fees. We have customers that are aware of application performance and what their app is doing on those data transfers, so they're getting smarter about what app is best for where. From an OCONUS perspective, the next thing is tactical edge and having cloud out to the warfighter overseas, we're starting to come up with how to architect a networking solution around data sovereignty. The DoD CIO is working on that right now. All of that rolls into this Joint All-Domain Command and Control (JADC2) initiative, which is going to help our warfighters have data sharing, cloud, AI at the edge and all of that.

Eric McGrane

Growth Leader, Defense Enterprise Services Sector, GDIT

The Defense Information Systems Agency launched its milCloud services in 2013. DISA upgraded it to version 2 around 2018.

As of last March,milCloud 2.0 included 4,500 workloads from 89 different defense mission partners.

Now, according to DISA, defense agencies and military services are looking to milCloud 2.0 for software-as-a-service (SaaS).

Eric McGrane, a growth leader for the defense enterprise services sector at GDIT, which manages the platform, said SaaS is one of several innovations that milCloud 2.0 is offering.

“We rearchitected our cloud to a VMware solution. So when you look at DoD 99.9%, virtualized on VMware, and so now we have a VMware Impact Level 5 and, soon to be IL6 cloud. So it makes those migrations easier, and it’s a very robust, hardy, good cloud,” McGrane said on the Innovation in Government show sponsored by Carahsoft. “The second is the announcement that we will broker Amazon Web Services (AWS) as well. We’ve all seen what’s been going on in the news to get with JEDI, and now the Joint Warfighter Cloud Capability (JWCC), so the demand for off premise cloud is real. From a contract perspective, having that option has brought a lot of other customers with interest for both on-premise and off-premise [cloud services].”

McGrane said the move to VMWare would make it easier for defense agencies and services to migrate applications to milCloud 2.0.

One example of this, McGrane said, is the Defense Contract Management Agency, which closed down its data center and moved all of its workloads to milCloud 2.0 in about 90 days.

He said another large customer with the Army moved about 100 applications to milCloud 2.0’s AWS instance.

“For our customers, it’s a hybrid cloud world. Customers will have some on-premise, like some mainframes that will probably stay put. They’ve got Azure and AWS and all kinds of clouds. And what we are for our customers is, like you said earlier, that one stop shop, right? So if a customer needs some AWS, they can get some AWS. If they want some on premise, they can do that too,” McGrane said. “We’re truly agnostic and we care about what the DoD needs.”

McGrane said another change coming to milCloud 2.0 in the near future is the approval for IL6, meaning DoD can use it for classified workloads.

He said GDIT expects there to be a “tremendous” amount of demand for IL6 access.

“Once we have that on contract, we can start rolling those workloads into milCloud 2.0 for hosting. The nice part about our contract is there’s no waiting in line. There’s no negotiating a task order negotiating a price. It’s all right there on the portal, the price is what the price is you can do it,” McGrane said. “We have customers that hit the portal and buy their cloud on their own, and it’s spun up in 24 hours. That speed and the ability to just transfer money quickly has been has been has been a major selling point for the contract.”

McGrane said DoD customers today are much more comfortable in how buy and manage cloud services than ever before.

“One of the things that customers didn’t really grasp early on was the data transaction fees. That’s a major selling point for on premise cloud, right? Because we sit on the DoDIN, we don’t have data transaction fees,” he said. “We have customers that are aware of application performance and what their app is doing on those data transfers, so they’re getting smarter about what app is best for where. From an outside the continental U. S. perspective, the next thing is tactical edge and having cloud out to the warfighter overseas. We’re starting to come up with how do we architect a networking solution around data sovereignty, right? The DoD CIO is working on that right now. All of that rolls into this Joint All-Domain Command and Control (JADC2) initiative, which is going to help our warfighters have data sharing, cloud, AI at the edge and all of that.”

Listen to the full show:

Protecting Agencies from Cyber Attacks in the Current Environment

We just have to understand that everything is based on the value of the data. Everything's about access and everything's about availability. So as we extend out to the edge, we're going to have exposures. We have to understand that the critical data, the tier zero, tier one, foundational aspects of an organization is what we need to protect at the fullest.

Kevin McDonough

Advisory Systems Engineer, Dell Technologies

Attack Vectors of Focus

We have tools where, ultimately, because we've segmented the value of the data, we are preventing the adversaries from getting to command and control through isolation and through advanced mutability. At the end of the day, even if we haven't patched anything, even if one of our users clicks on the wrong thing, we can stop every single attack at that command and control phase, which means the adversaries can never take action on their objectives, and we win.

Kevin McDonough

Advisory Systems Engineer, Dell Technologies

About a third of all cyber incidents federal agencies faced last year were unknown or outside the typical spam, phishing or web authentication vectors.

The Office of Management and Budget says the prevalence of this attack vector suggests additional steps should be taken to ensure agencies appropriately categorize the vector of incidents during reporting.

While it may be a categorization issue, it also may be the variety and volume of attacks are harder to identify and characterize.

The increase of cyber attack vectors over the last year of the pandemic was stunning.

Experts say ransomware attacks alone are up by nearly 500% since March 2020.

Other experts found in 2020, 22% of data breaches involved phishing. A year later, that number increased to 36%.

And scammers are more successful, exfiltrating data or taking over systems 57% of the time, which is a 2% increase over the previous year.

In addition to the number of attacks increasing, researchers found that, on average, it takes 280 days to identify and contain a cyber attack.

All of these statistics, once again, prove just how difficult protecting systems and data continue to be.

Kevin McDonough, an advisory systems engineer at Dell Technologies, said there are things agencies can do to stay ahead of attackers starting with using the right tools as well as the ability to detect, and even predict threats, in real time.

“We just have to understand that everything is based on the value of the data. Everything’s about access and everything’s about availability. So as we extend out to the edge, we’re going to have exposures,” McDonough said on the Innovation in Government show sponsored by Carahsoft. “We have to understand that the critical data, the tier zero, tier one, foundational aspects of an organization is what we need to protect at the fullest.”

Protecting data becomes more important as the threat surface expands with remote work and devices at the edge.

McDonough said this is why agencies have to do more to protect against ransomware and the ever present phishing attacks.

“Because money is so big, that’s where the bad actors are getting innovative, and once they get in, they’re getting really good at hiding, really good at staying under the radar, really good at understanding what tools the people that they are trying to attack use,” he said. “Above and beyond that, coupled with some of the things that just came out, like REvil ransomware that basically steals Windows credentials, so they’re in and can start doing what they need to do in terms of getting command and control and taking action on their objectives. Brute force attacks are another big thing. I tell the organizations the brute force attack will be 100% successful given enough time and given enough resources. Now we have nation states backing these advanced persistent threats so they’re able to check all those boxes.”

Despite the increase in ransomware, brute force and phishing attacks, McDonough said all hope is far from lost.

He said agencies and industry are getting better at identifying and stopping attackers earlier in the process.

“We have tools where, ultimately, because we’ve segmented the value of the data, we are preventing the adversaries from getting to command and control through isolation and through advanced mutability. At the end of the day, even if we haven’t patched anything, even if one of our users clicks on the wrong thing, we can stop every single attack at that command and control phase, which means the adversaries can never take action on their objectives, and we win,” he said. “To me, that is the good news instead of getting bogged down by the absolute complexity and the size of the issue. It really comes down to isolating your critical data, separating it from the network, making it a physical separation and then a logical air gap separation, so that we know that there’s no way the adversaries can get to that critical data.”

McDonough said agencies still need disaster recovery tools, data protection tools and other capabilities to reach that level of immutability that every organization must strive for.

“Having an area that’s isolated essentially is your oxygen environment that allows organizations to forensically eradicate those attacks without affecting the production environment,” he said. “Then you also will limit dwell time by the adversary. If you understand that attackers exist, understand that they are out there, then you have a way to be able to react to them. Securing your technology is doable. It is not all doom and gloom. We just have to understand that it’s not matter if but when the attacks will come and when they do, we have to be ready.”

Listen to the full show:

About Dell Technologies

Dell Technologies services the federal government and supports their IT programs from system modernization to cloud integration. They empower countries, communities, customers and officials to serve the public with effectiveness and efficiency. Carahsoft is a Dell partner, and together they offer federal, state, and local government solutions on various contract vehicles to give you cost-effective products and services.

 

What we've seen now is the monetization of those attacks with ransomware and with the anonymization through cryptocurrency and other things, paying the ransom actually helps them advance themselves. As much as we like to get alarmed with ransomware, we should be equally alarmed with malware or any compromise because it's really up to the adversary and the human on the other side, and it's really up to their motive.

Travis Rosiek

Chief Technology and Strategy Officer, BluVector

 

The ability to detect threats without signatures, the ability to not have to wait for that time for analysis and propagation, especially in the disruptive malware world, is super critical. Trying to do better detection, without signatures, do it faster, allows cyber defenders to have a chance, especially in the destructive malware world.

Travis Rosiek

Chief Technology and Strategy Officer, BluVector

The rash of cyber attacks on agencies and private sector organizations will continue to rise. Just looking at the attack flavor of the year, ransomware…recent studies found ransomware attacks rose 62% worldwide and 158% in North America in 2020. The FBI received nearly 2,500 ransomware complaints in 2020, up about 20% from 2019.

This has led to increased costs for agencies and organizations alike. Some estimate that companies across the globe paid more than $20 billion in 2021 to deal with ransomware, which is a 57-fold increase since 2015.

Cybercrime overall costs companies across the globe an estimated $6 trillion and that cost is expected to only increase in the future.

The issue is more than just ransomware. Attacks against mobile devices are increasing. Phishing attacks are becoming more sophisticated. And new vectors like cryptojacking are becoming a more popular approach by bad actors.

To combat the ever-increasing cyber threats, agencies are spending more money than ever. In the fiscal 2022 budget request working its way through Congress, civilian agencies requested $9.8 billion, which would be a 14% increase over 2021. The Defense Department says its cybersecurity budget request in 2022 is $10.4 billion, bringing total cyber spending above $20 billion governmentwide for the first time.

But it’s more than just money that is needed. It’s also people and better data.

Travis Rosiek, the chief technology and strategy officer at BluVector, said the biggest change over the last 20 years is cyber attackers have gone from executing code and stealing data to destroying it or holding it hostage.

“What we’ve seen now is the monetization of those attacks with ransomware and with the anonymization through cryptocurrency and other things, paying the ransom actually helps them advance themselves,” Rosiek said on the Innovation in Government show sponsored by Carahsoft. “As much as we like to get alarmed with ransomware, we should be equally alarmed with malware or any compromise because it’s really up to the adversary and the human on the other side, and it’s really up to their motive.”

As the adversaries continue to improve their capabilities and become more sophisticated by cleaning up their tracks and leaving fewer traces, agency security operations centers have to accelerate their ability to triage networks. The goal, Rosiek said, is to reduce the dwell time attackers have so SOCs can prevent or better limit the impact and/or collateral damage of an incident.

Rosiek said agencies must become more predictive and less reactive to cyber attacks, which means becoming better at analyzing data from a people, process and technology perspective.

“The ability to detect threats without signatures, the ability to not have to wait for that time for analysis and propagation, especially in the disruptive malware world, is super critical. Trying to do better detection, without signatures, do it faster, allows cyber defenders to have a chance, especially in the destructive malware world,” he said. “From a process perspective, every security operation center I’ve ever been to public and private sector faces short staffs, there’s high turnover rates, and they easily burn out because they’re all drowning in events. There’s a huge big data problem in cyberspace. If you have this big mountain of data, everything is siloed or doesn’t have a lot of context from a cyber analyst’s perspective. It’s really hard to do really good correlation because you don’t have enough insight about why a specific product or tool made a determination. I probably spent 90 some percent of my time looking at false positives, which was probably one of the most unrewarding parts of my career.”

He said agency operations must become cyber resilient to address all three challenges.

“One aspect, and some of the things we tried to work on at BluVector, is better and faster threat detection, on a millisecond basis, through leading-edge machine learning and other non-signature based detection techniques to detect threats that have never been seen before, but also generating a lot of rich context about why we made decisions of something being malicious or benign,” he said. “Then, from a cyber workforce perspective, we try to create and visualize the data in a way that’s very intuitive so a non-novice analyst can come in and look at something and with a little bit of training can say, ‘Yep, that’s definitely bad. Or this looks pretty good.’”

Rosiek said only through AI and ML tools can detection and mitigation, even prevention, happen at a scale to keep up with the bad actors.

“For a targeted attack, a signature is only going to be able to stop that attack within the first minute or less. So they’re going to recompile their tools and have an attack profile that there is no signature that can be blocked or mitigated,” he said. “The evolution from signatures was sandboxing of non-signature based detection. But because that takes minutes or hours for cloud-based sandboxes or on premise sandboxes to return results, it still wasn’t fast enough for destructive malware. The application of machine learning allows that an analysis of unknown content to be rendered in a decision about whether it be benign or malicious can occur in milliseconds, but which is timely enough to be actionable and minimize that impact.”

Listen to the full show:

About BluVector

Deployed and actively used across global government and commercial networks, BluVector is trusted to provide comprehensive threat coverage thanks to nearly a decade of innovation in the areas of machine learning and artificial intelligence. Backed by Comcast, BluVector serves both Public Sector and Enterprise Commercial customers throughout the world.

The idea behind the map is that because Census data is what determines how much funding local governments receive from the federal government for things like infrastructure or education, local community leaders would be incentivized to encourage participation from within. And in order to make the experience as easy as possible, the U.S. Census Bureau and Tableau created a simple website with near-real time data updates.

“It was important that we found a way to connect with citizens, to be accountable and transparent,” said Gerard Valerio, solution engineering director for the public sector at Tableau. “The more data that’s collected, that results in a higher response rate, and the better it is for a community. With this visualization, residents and community leaders could see their progress and take action to increase the response rate before the collection deadline.”

But that’s not the only way it encourages responses and engagement with the Census. Accountability and transparency foster trust in the government, and the more citizens trust agencies, the more likely they are to interact with them. Publishing this response data in publicly available maps is one way to build that relationship with constituents. It becomes its own loop of self-affirmation.

“That’s the great thing about working with data and insights, there should be some sort of loop, which is how you know you’re improving,” Valerio said. “There’s the age old saying: You can’t manage what you can’t measure. And therefore, if you measure it by collecting data, then you know whether or not you’re improving, whether or not you’re hitting the target on that desired outcome.”

That’s also why the U.S. Census Bureau, spearheaded by data visualization leads Ryan Dolan and Gerson Vasquez, and Tableau started this project with the end already in mind. They began by asking what a great customer experience would look like, and then worked backward to determine what data and processes they would need to drive the desired actions and responses. Then they gauged responses from citizens to get feedback and input on how to make the experience better.

There was also the added wrinkle of the pandemic, which made online participation even more important than had been anticipated. Tableau committed to building the map for the U.S. Census Bureau in 2019, long before the pandemic began. But when COVID-19 was in full swing early in 2020, the U.S. Census Bureau became alarmed by the refresh rate of their content. The U.S. Census Bureau was on Tableau Public, and was suddenly competing for bandwidth with data scientists and enthusiasts who were tracking the pandemic and its effects with their own custom visualizations.

“So we worked together to help stand up another cluster,” Valerio said. “We added additional capacity on Tableau Public and provided a temporary license and support. And the bureau went ahead and stood up their own standalone cluster to handle and be purely focused on the incoming traffic from the 2020 U.S. Census response rate.”

Tableau helped the U.S. Census Bureau do that within a very short turnaround timeframe, taking only a couple of months for testing. Valerio said it was a seamless experience.

And this wasn’t an uncommon experience during the pandemic, Valerio said. Lots of federal, state and local governments increased their usage of Tableau Public and embedded dashboards during the pandemic in order to be more transparent about data, inform and safeguard residents, provide a better experience for their constituents, and drive specific outcomes.

Following the end of the collection period, the U.S. Census Bureau has continued their innovative and transparent approach by publicly sharing the 2020 Census data in easy-to-understand, appealing visualizations in an online gallery. The visualizations range from sales tax and business formation data to population and apportionment data, including an interactive “Historical Apportionment Data Map” which enables users to view more than 10 decades of data.

 

You're starting to see this evolution of how government's looking, embracing this around a people-centric workplace. The workplace can be anywhere that individual may be, and they're putting in the policies and procedures to actually adapt to that.

Matt Mandrgoc

Head of U.S. Public Sector, Zoom

 

There's five things that really tie into how you would look for a successful communications, collaboration solution. Cloud based and its ease of use become the number one thing I've heard from every single customer. They can turn it on and they know how to use it, and they know it's secure and it's scalable. Now Zoom has these things where you can create a room and you can have different people sitting up, playing different types of immersive things to make this even feel more of a human-to-human interaction and human connection extensibility. This becomes important because in our commercial version, we have hundreds of integrations with different solutions. We are also working on a Zoom for Government platform to actually get the integration with other FedRAMP solutions. So think about the fact that not only we do this here, but can you if I have a FedRAMP version of an investment that has another solution I use, and I can integrate two solutions together. That's automating the process and making it easier for them.

Matt Mandrgoc

Head of U.S. Public Sector, Zoom

Many agencies always prided themselves as hubs of collaboration. The open office surge in the early 2010s. The use of things like industry days to bring vendors and federal buying officials together. These are but two examples of what agencies thought was impactful collaboration.

Then the COVID-19 pandemic struck, and we all entered a new culture norm when it came to collaboration and communication.

Agencies and companies quickly adapted to video communications for staff meetings, for industry days and for providing telehealth services. Without a doubt, the pandemic’s impact on the way agencies communicate internally and externally will be felt for decades.

The ease and comfort at which agencies moved to this new online-only approach was both surprising and a precursor for the future.

Agencies found employees were more satisfied and more productive, citizens found it easier, in some cases, to work with federal offices and security of the data and communications was as rigorous as in person events.

As agencies come out of the pandemic, they must figure out how to prosper in a hybrid world where communication and collaboration will be in person and online.

Matt Mandrgoc, the head of US public sector at Zoom, said the pandemic showed three things: Incumbent technologies were not necessarily scalable to satisfy the needs of the mass remote work environment; the culture change brought on by mass telework will be permanent; and cloud services were critical to all of these successes.

“You’re starting to see this evolution of how government’s looking, embracing this around a people-centric workplace,” Mandrgoc said on the Innovation in Government show sponsored by Carahsoft. “The workplace can be anywhere that individual may be, and they’re putting in the policies and procedures to actually adapt to that.”

That concept that work is what you do, not where you do it is a major piece to the culture change.

Mandrgoc said one agency customer found their employees were as productive or more productive working from home as they were in the office. At the same time, he said the agency also realized the remote working opened the door to recruit new employees from a wider area.

“This was a very special skill set that they needed. So instead of having to be in the DC metro area, maybe they would hire somebody from Raleigh, N.C., or from Austin, Texas, or from Denver or from California, all of those places out there. They have that skill set and they don’t have to be just in DC because you are providing them the productivity tools to actually do that,” he said. “We saw FEMA doing a lot of work out there in the field, using Zoom, to get the messaging out to actually work along with the different first responders to get information. We started to talk a lot about recruiting, just bringing employees in to the government.”

He said the military and civilian agencies embraced the technology, expanded recruiting and saw their numbers actually increase during the pandemic.

Agencies also took advantage of the cloud technology and the collaboration tools to reach citizens in a new and better way.

From telehealth to remote hearings to other ways, agencies could now engage citizens in a way that was less dependent on weather or staffing.

“We saw as not just the federal, the state, local governments also transitioning. We saw hearings and meetings that were occurring, and typically people would have to go in central location to watch a hearing. Now you saw a lot of these humans going into the remote status, and there was just a tremendous growth around that piece of it, which ties in citizens and talking to customers,” Mandrgoc said. “Some states are actually mandating that going forward because they were getting more people attending these types of meetings. It’s hard that if I have the hearing is at 5 p.m. on Wednesday, and kids have events or something happens and traffic is bad, I can’t get there. I can’t be participate in that. But I can click on, pop on my Zoom, go ahead and listen, watch what was going on. So they’re we’re seeing they’re getting more citizen engagement that way.”

Mandrgoc said all of these successes and experiences is leading to a hybrid workplace where in-person and online events, meetings and the like will be a standard and expected approach.

“There’s five things that really tie into how you would look for a successful communications, collaboration solution. Cloud based and its ease of use become the number one thing I’ve heard from every single customer. They can turn it on and they know how to use it, and they know it’s secure and it’s scalable,” Mandrgoc said. “Now Zoom has these things where you can create a room and you can have different people sitting up, playing different types of immersive things to make this even feel more of a human-to-human interaction and human connection extensibility. This becomes important because in our commercial version, we have hundreds of integrations with different solutions. We are also working on a Zoom for Government platform to actually get the integration with other FedRAMP solutions. So think about the fact that not only we do this here, but can you if I have a FedRAMP version of an investment that has another solution I use, and I can integrate two solutions together. That’s automating the process and making it easier for them.”

About Zoom

Zoom is for you. We help you express ideas, connect to others, and build toward a future limited only by your imagination. Our frictionless communications platform is the only one that started with video as its foundation, and we have set the standard for innovation ever since. That is why we are an intuitive, scalable, and secure choice for large enterprises, small businesses, and individuals alike. Founded in 2011, Zoom is publicly traded (NASDAQ:ZM) and headquartered in San Jose, California. Visit zoom.com and follow @zoom.

The Difference in the SolarWinds Attack

In every experience, whether it's a bug or a security breach, there is something to be learned that will fortify what we can do going forward to make it that much more difficult for a threat actor to perform their duties, so to speak. We are approaching this in exactly the same way. I also have another attitude which is one dissatisfied customer or one impacted customer is one too many. We are keeping the customer in focus and keeping the constant learning of these experiences in focus and continue to improve your processes, your tools, your training, your behaviors, to help to build a more safer set of environments.

Sudhakar Ramakrishna

President and Chief Executive Officer, SolarWinds

Working with Customers and Lessons Learned

The federal government customers are very important to us and I personally have spoken to many of them at this point. And I continue to do so. We're doing this for multiple reasons. One is touching the customers making sure that they are happy and satisfied with our performance and support. Another is articulating to them what we have learned and what we are doing because many of our federal government customers are also having complex supply chains from a software standpoint, and we are trying to drive our learnings into their environments. The third is a two-way open dialog where we can understand their requirements and their concerns better and take action. So I'm again very grateful, I would say is probably the right word to use in this context, to the government customers who have engaged with us who have helped us and who have been patient with us. And many of them actually have now turned our systems back on and are experiencing the benefits of the solutions that we deliver.

Sudhakar Ramakrishna

President and Chief Executive Officer, SolarWinds

Without a doubt, it’s been a busy 2021 for federal and private sector chief information security officers.

While the number of cyber attacks may be the same, or near the same, the severity and the impacts on every day society are not.

From the supply chain attack on SolarWinds to the Microsoft Exchange vulnerability to the PulseSecure VPN, all organizations have been reminded that their dependence on technology can both a blessing and a curse.

What these and so many attacks have taught agencies is the need to be resilient.

The most recent Federal Information Security Management Act (FISMA) report to Congress found agencies are doing a better job managing their cyber risks. In fact, their scores across the NIST Cyber frameworks around identify, protect, detect, respond and recover are among the highest in the last four years.

This means agencies are also doing a better job of communicating to their stakeholders about their planning and performance metrics around their recovery activities based on risk tolerance.

Still, one thing is clear from the last several months, no amount of planning, people or tools will stop a determined adversary.

This is why agencies, and really all organizations, must have confidence in their suppliers and ability to react and recover to threats and attacks.

Sudhakar Ramakrishna, the president and CEO at SolarWinds, said the high-profile attack his company experienced, which came to light in December but likely started a year before, is both a learning experience and an opportunity to double-down on software development approaches.

“In every experience, whether it’s a bug or a security breach, there is something to be learned that will fortify what we can do going forward to make it that much more difficult for a threat actor to perform their duties, so to speak,” Ramakrishna said on the Innovation in Government: Cyber Resiliency show sponsored by Carahsoft. “We are approaching this in exactly the same way. I also have another attitude which is one dissatisfied customer or one impacted customer is one too many. We are keeping the customer in focus and keeping the constant learning of these experiences in focus and continue to improve your processes, your tools, your training, your behaviors, to help to build a more safer set of environments.”

One of the ways SolarWinds is attempting to do just that is through an internal approach it launched after the breach came to light called “secure by design.”

Ramakrishna said this approach includes several steps.

“Security should not be an afterthought of delivering a product so we do penetration testing, we do post software analysis of the security of our software, all those are required. But I would say those are not sufficient and security needs to be planned in or designed in, and that needs to happen at the infrastructure level, that needs to happen in the build systems that need to happen in the build processes, and more broadly, in the consciousness and training of the company,” he said. “The learning, or if you want to think of it as the action that we’re taking, is how do we incorporate that across those dimensions within the entire company.”

One way SolarWinds is incorporating secure by design into its entire company is by using more red teams to more rigorously challenge the company’s plans, policies, development systems by using an approach a hacker or other bad actor would use.

“It is important for us to think like threat actors, no matter the size of the company, or the resources of the company, and provide some ability for the team to do synthetic attacks against ourselves to learn and improve on an ongoing basis. Another is that this is specific to the software bill of materials, and software development itself, we have created three parallel build systems, and the three parallel build systems are in different locations, with different permissions. The whole idea, going back to digitally signing a piece of code and delivering it to customers and giving them the confidence that it’s pristine and is coming from us, the goal is to build across three systems and create cross dependencies, and I should take cross checks across those three environments to make sure that the integrity is not compromised in any one of them,” Ramakrishna said. “If you think about a threat actor, even if they’re able to compromise in one environment, they will have to consistently compromise across three different environments in exactly the same way for us to have a compromised delivery to the field. That required a lot of innovation and that will require a lot of investment on our part. Our goal is that as we perfect it to be able to document it and publish it. This is some of the work that I’m working with some of the federal government agencies, including CISA and others, to articulate what we’re doing.”

All of these and the other actions SolarWinds has been taking over the last few months is to create the trust and confidence with its customers, particularly federal agencies.

He said despite revealing in the last few weeks that fewer than 100 customers were compromised by the attack, SolarWinds helped every customer who asked with applying the patch or rebuilding their systems.

“The federal government customers are very important to us and I personally have spoken to many of them at this point. And I continue to do so,” he said. “We’re doing this for multiple reasons. One is touching the customers making sure that they are happy and satisfied with our performance and support. Another is articulating to them what we have learned and what we are doing because many of our federal government customers are also having complex supply chains from a software standpoint, and we are trying to drive our learnings into their environments. The third is a two-way open dialog where we can understand their requirements and their concerns better and take action. So I’m again very grateful, I would say is probably the right word to use in this context, to the government customers who have engaged with us who have helped us and who have been patient with us. And many of them actually have now turned our systems back on and are experiencing the benefits of the solutions that we deliver.”

Ramakrishna said SolarWinds continues to share its lessons learned with the FBI, with CISA and many others.

He said by being transparent, he hopes others can learn from SolarWinds’ experience and not repeat the same challenges or face the same attacks.

“I noticed that some of the agencies may be restricted in what they can share with the private sector. Let’s say as we engage with the FBI, we continue to inform them of what we learn. But sometimes the relationship can be asymmetric. So the more we can make those relationships symmetric, I think the faster information flow will be and knowledge sharing will be,” he said. “If there is a broad recognition that these things can happen to anyone notwithstanding the best intentions, best practices, best tools, then the level of victim shaming goes down. In a strange way, coming out and informing proactively should be rewarded, not punished, so to speak, either by reputational damage or business damage. That’s the other thing that I think as part of awareness building, we all as a community need to do more to help engage equally accountability methods. Therefore, to the degree that we don’t come out and disclose, to the degree that you don’t come out and comply, they should mean some measures between public and private sectors where accountability is both expected and imposed.”