Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Riverbed Technology has been helping federal information technology professionals get a grip on their networks for years. They are well known for Wide Area Network monitoring systems. They have a new offering to assist in today’s multi cloud environment. As everyone reading this knows, COVID has drastically increased remote work, so it has gotten difficult to understand exactly who is on your federal network. Combine that with cheap storage and proliferation of edge devices, and you have masses and masses of data to worry about. We get to use the term “zettabyte” to describe the amazing amount. So, you may be in a situation where you have many access points on your network and are making a transition to the hybrid cloud. You may have gone from five hundred cloud services to 5,000 cloud services. However, your opps budget and your opps tools have not changed. Your staff has remained the same as well. One way to get a handle on managing the “mess” is to look at offerings that give you visibility on your network. Chances are you have Riverbed Technologies products on your network already. Why not learn about Riverbed’s new offering, Alluvio, to see if you can leverage existing equipment to help automate monitoring the complex new systems you are facing. During the interview, Craig McCullough talks about how Alluvio developed and how federal leaders can take advantage of its power to help reach the goals of digital transformation and zero trust.   

The Cybersecurity and Infrastructure Security Agency recently highlighted the five pillars of a maturity model when it comes to Zero Trust:  Identity, Device, Network, Workload, and Data. There is no accident that the first pilar is identity. Sean Frazier is a well-known expert in identity management. During this interview, he provides a perspective about this topic that ranges from compliance to assistance in proposal writing. One can argue that this is an isolated emphasis until you realize that the OMB Memo 22-09 talks about centralized identification, multifactor identification, and device signaling, It would seem reasonable to conclude that an effective identity management system is a key component in making sure today’s dynamic federal hybrid cloud is safe.

When the automobile was invented, nobody ever thought of a superhighway. After millions of cars had come off the assembly line, government leaders had to adjust and design highways that could accommodate six lanes and high-speed travel for everything from a motorcycle to an eighteen-wheeler. The same is true with cloud computing. Years ago, Vivek Kundra started to talk about taking baby steps to the cloud. Well, today we have multi-million-dollar data centers and huge cloud providers that are handing increasingly federal large amounts of data. Federal leaders have reached a point where “going to the cloud” is like driving a Model T. We have much more serious matters to consider. DataDog is a company that can help federal leaders manage the cloud as part of a digital transformation. They help improve application performance, ensure reliability, and streamline multi-account account management. The net result is a transition to a hybrid cloud that is flexible, fast, and safe.

Veeam has been serving large organizations for so long that many have categorized it as a company that only does backups. Well, times have changed, and so has the approach to making data safe.  Jeff Reinhard begins the discussion by defining the terms:  backup, replication, and snapshots. From there, he dives into more serious strategic concepts. A decade ago, a systems administrator could rely on a backup solution and feel comfortable. Today’s hybrid systems combined with malicious attacks and petabytes of data make those days look like a walk in the park. Federal systems are increasingly hybrid, meaning that protecting data must have the ability to integrate into several applications as well as legacy systems. Multiple clouds are one concept, but when you have dozens of systems with patches, upgrades, and critical data, it requires sophisticated methods to have valid backup copies.

Matt Thompson from Socure brings a wealth of experience to the topic of federal identity management. After a successful career in the military, he noticed that there was a lot of friction for veterans to get benefits from the federal government. He has been working with that issue of identification for his entire career. The company, Socure, has a similar origin story. The founder had a tough time establishing credit as a young man and noticed that there must be a better way to validate one’s credentials. Johnny Ayers launched Socure in 2012 intending to make it easier to establish identity. His goal was to verify 100% good IDs and eliminate fraud across the Internet. Socure has been a ridiculously successful company. This was a challenge that banks faced, too fast and they may not have valid identification, too slow and they may lose a customer. If an identification system holds up the process, it can be described as “friction.”

Today we sit down with John Cofrancesco from Fortress Information Security to get insights on the issues with the supply chain and the federal government. When it comes to federal technology, it is well known that bringing in chunks of software can introduce vulnerabilities. The real issue is not recognizing the code flaws, the issue is finding time in a hectic schedule to be able to remediate these problems. For example, CISA has something called the Vulnerability Exploitability Exchange that lists known software vulnerabilities. Companies like Sonatype offer surveys where they identify thousands of lines of code with structural flaws. One of the vulnerabilities (the Log4J) is well known. Rezilion announced it had scanned 90,000 servers that still had this problem. So, having a list of vulnerabilities is not the issue. The concern is cleaning up the federal code in an effective manner.

Years ago, McDonald’s had a sign in front of each restaurant that said, “Millions and millions sold.” It would be fair to appropriate this tagline to the world of your digital identity. That is because in 2017 147 million Americans in Equifax has personal data stolen. Oh, let us not forget the twenty-two million for the Office of Program Management and the fifty million from recent T-Mobile breaches. Because of this, it is important to understand some of the identification options for federal technology leaders. That is why we have Wes Turbeville from ID.me in the studio today. Traditionally, identification started with a username and password. It has gotten to the point that so much personally identifiable information is floating on the Internet that major companies have initiated programs to eliminate this old-school way of authentication.

For years people in federal information technology have been talking about “silos” of information. One of the benefits of moving to the cloud was the possibility of removing some of this isolation. There may be other silos that may not be comprised of hard drives.  For example, when you limit your technical staff to a specific profile. That just encourages sameness of thought. The Proceedings of the National Academy of Science reported that a more diverse group is more likely to outperform a more homogenous team.   https://www.packard.org/insights/perspectives/why-diversity-in-stem-matters/ We are in a world of attacks coming from every quarter. Limiting yourself to one predetermined category of technical expert will set you up for failure. Think of it this way . . . if a football team has forty quarterbacks, they will lose every game; the same is true if they have all kickers.

Today we sit down with Jason Goetz, Senior Director, Public Sector, Snyk to talk about securing software for the federal government. When most people think of a supply chain, they think of a physical item. For example, a manufacturer in China makes a router and ships it to the United States. The impact of the supply chain has been thoroughly apparent due to COVID disruptions. However, most software developers today do not start from a blank slate, they start by grabbing code from a code repository and assembling it like Legos. In many situations, they follow agile development precepts and iterate and get feedback, but what happens is that the code is completed without any consideration for a security scan. Inevitably, issues will be found, and the development team must go back to work. During the interview, Jason Goetz suggests there is a better approach, he calls it, “Shift Left.” 

Jay MacMillian, Executive Vice President at Booz Allen shares his ideas on digital transformation for the federal government. The interview covers the role of the cloud, citizen experience, and the steps to take for the federal government to move forward. When it comes to moving to the cloud, Jay Macmillan observes that many agencies get transfixed by point solutions. He suggests that a better approach is to take a comprehensive view to the issue of cloud architecture. When that is done, the concerns of ending up in a point solution silo can be avoided. Further, when an agency adopts the wider view, it gives them the ability to structure systematically. The idea here is to expect a change in future enterprise architecture renditions. That way, costs will be reduced when applications move in or out of a hybrid cloud.