Home > News > featured news > White House to Rewrite Cloud Vendor Contracts for Security Liability

White House to Rewrite Cloud Vendor Contracts for Security Liability

White House | May 21, 2020

  • The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors.

  • Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

  • Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past.


The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.

“I think there is a need to update our [service level agreements] with the cloud providers and we're actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

Read More: Trump Government Moves to Cut off Huawei from Global Chip Suppliers

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past, according to a program manager speaking from the “frontlines” of the cloud migration effort during the DGI conference.

“The common themes that I heard were ‘I don’t understand security, I don’t want to have to deal with security by myself, and I’m also not a cloud expert,’” Joe Foster, cloud computing program manager at NASA’s Goddard Space Flight Center, said regarding his early days of trying to get agency components to move to the cloud.
 

In some ways, the pandemic is taking the issue out of officials’ hands.

 

Could anyone plan for what’s going on now? Probably not, but who could imagine let alone fund it? Referring to the pandemic. The situation does exactly that. Your users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story,

Thomas Santucci, the director of the Data Center at GSA.



Outside of no longer needing to run energy-intensive data centers, there are other, security-based reasons for moving to the cloud. Enabling security and development professionals to work in the same space has allowed for changes to applications to be pushed out faster, as Susie Adams, chief technology officer for Microsoft Federal, noted, for example.

But as officials at the National Institute of Standards and Technology have stressed, moving to the cloud does not make security a “set it and forget it” feature. There are a lot of configurations and other considerations that customers may be responsible for under contracts.

During an event hosted Tuesday by the Information Technology Industry Council, Rep. Doris Matsui, D-Calif., also observed the pandemic causing a rush to the cloud but expressed more trepidation than exuberance.

“This comes with an increased use of personal devices and cloud services, which may not be secure,” Matsui, co-chair of the House of Representatives’ High Tech Caucus, said.

Matsui on Tuesday sent a letter to NIST Director Walter Copan asking that the agency work to establish metrics to accompany its landmark Cybersecurity Framework. The framework allows entities to select and implement security controls based on their individual subjective needs and risks. Matsui’s letter calls for a way to evaluate the security implications of those decisions.

“As companies, nonprofits, and state and local governments work to quickly assess their cybersecurity strategies and evaluate measures to improve security during the pandemic, additional guidance from NIST could help speed the decision-making process and funnel resources to effective, proven methods,” she wrote. “With quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.”

Read More: How to secure the U.S. government’s technology supply chain

Spotlight

Qlik’s Data Integration Platform for Federal Agencies

How Federal Agencies leverage data for decision making is changing. Historical transaction reporting and static batch data analyses are giving way to predictive data science, streaming analytics, machine learning (ML), and artificial intelligence (AI). Agencies are embracing these new paradigms for more informed, real-time decisions to impact business, operations, and agency performance.

More featured news

Spotlight

Qlik’s Data Integration Platform for Federal Agencies

How Federal Agencies leverage data for decision making is changing. Historical transaction reporting and static batch data analyses are giving way to predictive data science, streaming analytics, machine learning (ML), and artificial intelligence (AI). Agencies are embracing these new paradigms for more informed, real-time decisions to impact business, operations, and agency performance.

Related News

EMERGING TECHNOLOGY, CYBERSECURITY

Menlo Security Achieves FedRAMP Authorization for RBI and CBII Technologies

Menlo Security | February 06, 2023

Menlo Security, a well-known cloud security provider, has recently announced that its cloud-native Menlo Security platform has acquired an Authorization to operate (ATO) under the Federal Risk and Authorization Management Program (FedRAMP) at the moderate level. This Authorization is for the usage of cloud-based internet isolation (CBII) and remote browser isolation (RBI) technologies, protecting data and humans from zero-day attacks, spyware, malware, and ransomware. With the support of the Isolation CoreTM, it will stop threats before they happen. In addition, it centralizes interfaces, removing the need for other technologies, extends integration with different interfaces, and prevents HEAT attacks. Co-Founder and Chief Product Officer of Menlo Security, Poornima DeBolle, said, "Achieving FedRAMP Authorization for the Menlo Cloud Security Platform is a true testament to the value of our Isolation Core architecture. Our ability to protect the users from sophisticated attacks while maintaining a consistent user experience will enable the government agencies to focus on their mission." She added, "Highly Evasive Adaptive Threats (HEAT) are challenging legacy security stacks with new techniques to deliver malware to the user. Our Zero Trust approach, powered by our innovative Isolation Core, has been proven by CBII in the DoD with millions of users for more than two years. We look forward to bringing the same protection to all government agencies with our FedRAMP Authorization." (Source – Business Wire) About Menlo Security Menlo Security, a leading computer and network security provider, prevents organizations from threats, eliminates cyber-attacks and provides complete protection with its isolation-powered cloud security platform. In addition, it provides the most secure Zero Trust approach, making it invisible to online end users and freeing up security operations to focus on business growth. Headquartered in Mountain View, California, it has been transforming cybersecurity against almost all threats since 2013. It specializes in Zero Trust, CASB, cloud security, remote browser isolation, secure web gateway, network security, cybersecurity, and internet isolation.

Read More

EMERGING TECHNOLOGY, CYBERSECURITY

ECS Wins $19M Contract With Defense Manpower Data Center

ECS | March 21, 2023

ECS, a leader in advanced technology, science, and digital transformation solutions, has won a five-year $19M contract with the Defense Manpower Data Center (DMDC) within the U.S. Department of Defense (DoD). A leader in DoD identity management, the DMDC maintains DoD databases, supports the information requirements of the Office of the Under Secretary of Defense for Personnel & Readiness, and oversees DoD personnel programs and research. ECS will support the digital transformation of the DMDC by optimizing existing instances of ServiceNow ― the digital workflow management platform ― and ensuring the success of new implementations. By providing operations and maintenance services, architectural design, development, and implementation services, ECS will bring new capabilities to the DMDC and transform legacy IT applications. ECS adds this DMDC project to a lengthy list of successful ServiceNow deployments it has undertaken for the DoD and federal civilian clients. These include: the Army, Air Force, Space Force, Defense Information Systems Agency, several DoD Fourth Estate agencies, Department of Commerce, Department of Homeland Security, Department of the Treasury, U.S. Postal Service, and Environmental Protection Agency. “ECS is excited to support the critical mission of the DMDC,” said John Heneghan, president of ECS. “We’ll use our ServiceNow expertise to help the agency reduce workflow complexity, boost productivity, and offer improved services to uniformed service members, veterans, and families around the world.” “As a ServiceNow Elite partner, ECS leverages the full power of the platform to support the DMDC’s digital transformation,” said Martin Burke, vice president of Integrated Solutions at ECS. “ECS will help DMDC reengineer and modernize every one of its business and IT processes, using the powerful features and flexibility of the ServiceNow platform.” About ECS ECS, ASGN’s federal government segment, delivers advanced solutions in cloud, cybersecurity, data and artificial intelligence (AI), application and IT modernization, science, and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence, and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,800 employees throughout the United States. About ASGN Incorporated ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and professional solutions, including technology, creative, and digital, across the commercial and government sectors. ASGN helps leading corporate enterprises and government organizations develop, implement, and operate critical IT and business solutions through its integrated offering of professional staffing and IT solutions.

Read More

EMERGING TECHNOLOGY,GOVERNMENT BUSINESS

UK Government’s G-cloud 13 Supplier Network Status for Precisely

Precisely | January 11, 2023

Global leader in data integrity solutions, Precisely, is selected to be a supplier for the Crown Commercial Service's G-Cloud 13 Framework. Precisely's portfolio of data integrity solutions is now available on the G-Cloud procurement platform, further establishing the company's reputation as a trusted solutions provider to the central and local governments as well as the public sector. The G-Cloud initiative aims to make cloud-based services more accessible to the UK government and public sector organizations. The framework only includes suppliers and solution providers who meet the UK Government's highest privacy, security, and scalability standards, allowing organizations to procure the services and solutions they require more quickly and with less risk. Government and public sector services are under considerable stress, which the COVID-19 pandemic aggravated, and many organizations assigned with meeting demanding digital transformation efforts are struggling with the change. This causes data silos, inefficient resource use, a lack of understanding of citizen needs, and even regulatory compliance concerns. Data analytics continues to be the most pressing issue for central government departments, a recent Central Gov Strategy Forum study revealed, with 65% of the departments planning to increase spending in this area in 2023. "Whether organizations are looking to move from antiquated mainframes to the cloud, create data governance frameworks, build data quality for a 360° view of their citizens, or leverage powerful spatial insights, successful digital transformation programs need to be fuelled by accurate, consistent, and contextual data," said Jay Reilly, SVP - EMEA at Precisely. He further stated, "Our placement on G-Cloud 13 means public sector organizations can more easily access our portfolio of data integrity solutions, empowering them to make the confident decisions needed to improve the lives of citizens." (Source: Businesswire) About Precisely Precisely is the world's leading data integrity firm, serving 12,000 customers in over 100 countries, including 99 of the Fortune 100, by ensuring data consistency, context and accuracy in data. Precisely's data integration, quality, governance, location intelligence, and enrichment technologies help businesses make better decisions and accomplish better results.

Read More

EMERGING TECHNOLOGY, CYBERSECURITY

Menlo Security Achieves FedRAMP Authorization for RBI and CBII Technologies

Menlo Security | February 06, 2023

Menlo Security, a well-known cloud security provider, has recently announced that its cloud-native Menlo Security platform has acquired an Authorization to operate (ATO) under the Federal Risk and Authorization Management Program (FedRAMP) at the moderate level. This Authorization is for the usage of cloud-based internet isolation (CBII) and remote browser isolation (RBI) technologies, protecting data and humans from zero-day attacks, spyware, malware, and ransomware. With the support of the Isolation CoreTM, it will stop threats before they happen. In addition, it centralizes interfaces, removing the need for other technologies, extends integration with different interfaces, and prevents HEAT attacks. Co-Founder and Chief Product Officer of Menlo Security, Poornima DeBolle, said, "Achieving FedRAMP Authorization for the Menlo Cloud Security Platform is a true testament to the value of our Isolation Core architecture. Our ability to protect the users from sophisticated attacks while maintaining a consistent user experience will enable the government agencies to focus on their mission." She added, "Highly Evasive Adaptive Threats (HEAT) are challenging legacy security stacks with new techniques to deliver malware to the user. Our Zero Trust approach, powered by our innovative Isolation Core, has been proven by CBII in the DoD with millions of users for more than two years. We look forward to bringing the same protection to all government agencies with our FedRAMP Authorization." (Source – Business Wire) About Menlo Security Menlo Security, a leading computer and network security provider, prevents organizations from threats, eliminates cyber-attacks and provides complete protection with its isolation-powered cloud security platform. In addition, it provides the most secure Zero Trust approach, making it invisible to online end users and freeing up security operations to focus on business growth. Headquartered in Mountain View, California, it has been transforming cybersecurity against almost all threats since 2013. It specializes in Zero Trust, CASB, cloud security, remote browser isolation, secure web gateway, network security, cybersecurity, and internet isolation.

Read More

EMERGING TECHNOLOGY, CYBERSECURITY

ECS Wins $19M Contract With Defense Manpower Data Center

ECS | March 21, 2023

ECS, a leader in advanced technology, science, and digital transformation solutions, has won a five-year $19M contract with the Defense Manpower Data Center (DMDC) within the U.S. Department of Defense (DoD). A leader in DoD identity management, the DMDC maintains DoD databases, supports the information requirements of the Office of the Under Secretary of Defense for Personnel & Readiness, and oversees DoD personnel programs and research. ECS will support the digital transformation of the DMDC by optimizing existing instances of ServiceNow ― the digital workflow management platform ― and ensuring the success of new implementations. By providing operations and maintenance services, architectural design, development, and implementation services, ECS will bring new capabilities to the DMDC and transform legacy IT applications. ECS adds this DMDC project to a lengthy list of successful ServiceNow deployments it has undertaken for the DoD and federal civilian clients. These include: the Army, Air Force, Space Force, Defense Information Systems Agency, several DoD Fourth Estate agencies, Department of Commerce, Department of Homeland Security, Department of the Treasury, U.S. Postal Service, and Environmental Protection Agency. “ECS is excited to support the critical mission of the DMDC,” said John Heneghan, president of ECS. “We’ll use our ServiceNow expertise to help the agency reduce workflow complexity, boost productivity, and offer improved services to uniformed service members, veterans, and families around the world.” “As a ServiceNow Elite partner, ECS leverages the full power of the platform to support the DMDC’s digital transformation,” said Martin Burke, vice president of Integrated Solutions at ECS. “ECS will help DMDC reengineer and modernize every one of its business and IT processes, using the powerful features and flexibility of the ServiceNow platform.” About ECS ECS, ASGN’s federal government segment, delivers advanced solutions in cloud, cybersecurity, data and artificial intelligence (AI), application and IT modernization, science, and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence, and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,800 employees throughout the United States. About ASGN Incorporated ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and professional solutions, including technology, creative, and digital, across the commercial and government sectors. ASGN helps leading corporate enterprises and government organizations develop, implement, and operate critical IT and business solutions through its integrated offering of professional staffing and IT solutions.

Read More

EMERGING TECHNOLOGY,GOVERNMENT BUSINESS

UK Government’s G-cloud 13 Supplier Network Status for Precisely

Precisely | January 11, 2023

Global leader in data integrity solutions, Precisely, is selected to be a supplier for the Crown Commercial Service's G-Cloud 13 Framework. Precisely's portfolio of data integrity solutions is now available on the G-Cloud procurement platform, further establishing the company's reputation as a trusted solutions provider to the central and local governments as well as the public sector. The G-Cloud initiative aims to make cloud-based services more accessible to the UK government and public sector organizations. The framework only includes suppliers and solution providers who meet the UK Government's highest privacy, security, and scalability standards, allowing organizations to procure the services and solutions they require more quickly and with less risk. Government and public sector services are under considerable stress, which the COVID-19 pandemic aggravated, and many organizations assigned with meeting demanding digital transformation efforts are struggling with the change. This causes data silos, inefficient resource use, a lack of understanding of citizen needs, and even regulatory compliance concerns. Data analytics continues to be the most pressing issue for central government departments, a recent Central Gov Strategy Forum study revealed, with 65% of the departments planning to increase spending in this area in 2023. "Whether organizations are looking to move from antiquated mainframes to the cloud, create data governance frameworks, build data quality for a 360° view of their citizens, or leverage powerful spatial insights, successful digital transformation programs need to be fuelled by accurate, consistent, and contextual data," said Jay Reilly, SVP - EMEA at Precisely. He further stated, "Our placement on G-Cloud 13 means public sector organizations can more easily access our portfolio of data integrity solutions, empowering them to make the confident decisions needed to improve the lives of citizens." (Source: Businesswire) About Precisely Precisely is the world's leading data integrity firm, serving 12,000 customers in over 100 countries, including 99 of the Fortune 100, by ensuring data consistency, context and accuracy in data. Precisely's data integration, quality, governance, location intelligence, and enrichment technologies help businesses make better decisions and accomplish better results.

Read More

More featured news