White House to Rewrite Cloud Vendor Contracts for Security Liability

White House | May 21, 2020

  • The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors.

  • Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

  • Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past.


The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.

“I think there is a need to update our [service level agreements] with the cloud providers and we're actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

Read More: Trump Government Moves to Cut off Huawei from Global Chip Suppliers

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past, according to a program manager speaking from the “frontlines” of the cloud migration effort during the DGI conference.

“The common themes that I heard were ‘I don’t understand security, I don’t want to have to deal with security by myself, and I’m also not a cloud expert,’” Joe Foster, cloud computing program manager at NASA’s Goddard Space Flight Center, said regarding his early days of trying to get agency components to move to the cloud.
 

In some ways, the pandemic is taking the issue out of officials’ hands.

 

Could anyone plan for what’s going on now? Probably not, but who could imagine let alone fund it? Referring to the pandemic. The situation does exactly that. Your users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story,

Thomas Santucci, the director of the Data Center at GSA.



Outside of no longer needing to run energy-intensive data centers, there are other, security-based reasons for moving to the cloud. Enabling security and development professionals to work in the same space has allowed for changes to applications to be pushed out faster, as Susie Adams, chief technology officer for Microsoft Federal, noted, for example.

But as officials at the National Institute of Standards and Technology have stressed, moving to the cloud does not make security a “set it and forget it” feature. There are a lot of configurations and other considerations that customers may be responsible for under contracts.

During an event hosted Tuesday by the Information Technology Industry Council, Rep. Doris Matsui, D-Calif., also observed the pandemic causing a rush to the cloud but expressed more trepidation than exuberance.

“This comes with an increased use of personal devices and cloud services, which may not be secure,” Matsui, co-chair of the House of Representatives’ High Tech Caucus, said.

Matsui on Tuesday sent a letter to NIST Director Walter Copan asking that the agency work to establish metrics to accompany its landmark Cybersecurity Framework. The framework allows entities to select and implement security controls based on their individual subjective needs and risks. Matsui’s letter calls for a way to evaluate the security implications of those decisions.

“As companies, nonprofits, and state and local governments work to quickly assess their cybersecurity strategies and evaluate measures to improve security during the pandemic, additional guidance from NIST could help speed the decision-making process and funnel resources to effective, proven methods,” she wrote. “With quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.”

Read More: How to secure the U.S. government’s technology supply chain

Spotlight

Ten months into Donald Trump’s presidency and there is a little indication as to how this administration is planning to actively pursue American Arctic interests in its foreign policy. Former President Barack Obama’s strategy had an ambitious agenda on climate change and regional governance leadership. What we have seen over the past several months in terms of foreign policy outlook has been a mixture of continuity and change. In terms of continuity, the State Department has, thus far, maintained multilateral co-operation in the areas of environmental protection, sustainable development, international scientific research, and joint military exercises.

Spotlight

Ten months into Donald Trump’s presidency and there is a little indication as to how this administration is planning to actively pursue American Arctic interests in its foreign policy. Former President Barack Obama’s strategy had an ambitious agenda on climate change and regional governance leadership. What we have seen over the past several months in terms of foreign policy outlook has been a mixture of continuity and change. In terms of continuity, the State Department has, thus far, maintained multilateral co-operation in the areas of environmental protection, sustainable development, international scientific research, and joint military exercises.

Related News

EMERGING TECHNOLOGY,GOVERNMENT BUSINESS

Esri Partners with Federal Government and State of California to Tackle Climate Change, Improve Resilience

Esri | September 20, 2022

Esri, the global leader in GIS and location intelligence, has partnered with agencies in the federal government and the state of California to build comprehensive and interactive climate data portals and targeted applications to better respond to climate hazards and conservation opportunities. Agencies have used GIS technology for decades to record and track authoritative data on a range of topics that can provide critical insights into complex challenges such as climate change. “Responding to climate change effectively requires a whole of government approach, By harnessing the vast data resources of federal agencies, we’re providing local communities with the information they need to make impactful, equitable decisions that will improve the lives of their citizens.” -David J Hayes, special assistant to the President for climate policy at the White House. This past week, Esri partnered with the Biden-Harris Administration, Department of Commerce’s National Oceanic and Atmospheric Administration (NOAA), and the Department of the Interior (DOI), to jointly launch the Climate Mapping for Resilience and Adaptation (CMRA) portal. This new website helps organizations plan and implement climate resiliency actions by using a new screening tool that assesses the vulnerability of counties, census tracts and tribal lands. The location-based tool can be used to evaluate projects based on exposure to climate-related hazards now and in the future and can strengthen proposals for federal funding. In July, Esri partnered with NOAA and the Biden Administration through the interagency National Integrated Heat Health Information System (NIHHIS) to launch Heat.gov. Heat.gov offers maps, data and guidance that inform operational decisions by communities on a daily basis related to heat health and its impacts. Communities can also use current and forecasted data to plan equitable mitigation measures in anticipation of future heat events, such as where to plant more trees to improve shade in urban areas. The site seamlessly integrates heat information from across federal agencies, including heat forecasts from National Oceanic and Atmospheric Administration’s (NOAA) National Weather Service, the new national Climate and Health Outlook developed by the Department of Health and Human Services, the CDC’s Heat and Health Tracker, as well as heat planning and preparedness guides. In April of 2022, Esri partnered with the California Natural Resources Agency to build CA Nature in support of Governor Newsom’s vision to conserve 30 percent of the state’s land and coastal water by 2030 to fight species loss and ecosystem destruction. CA Nature provides publicly available interactive mapping and visualization tools to identify conservation opportunities and track progress against the 30x30 goal. Powered by Esri’s ArcGIS, CA Nature explains the 30x30 mission, visualizes biodiversity throughout the state, and catalogs protected lands. “Together, these efforts reflect the will and desire of governments at all levels to use maps and data to empower communities to effectively meet our most pressing climate challenges, We are encouraged that governments are embracing the power of maps and GIS to better understand climate impacts and how to plan and build for a more resilient and sustainable future.” -Jack Dangermond president Esri. About Esri: Esri, the global market leader in geographic information system (GIS) software, location intelligence, and mapping, helps customers unlock the full potential of data to improve operational and business results. Founded in 1969 in Redlands, California, USA, Esri software is deployed in more than 350,000 organizations globally and in over 200,000 institutions in the Americas, Asia and the Pacific, Europe, Africa, and the Middle East, including Fortune 500 companies, government agencies, nonprofits, and universities. Esri has regional offices, international distributors, and partners providing local support in over 100 countries on six continents. With its pioneering commitment to geospatial information technology, Esri engineers the most innovative solutions for digital transformation, the Internet of Things (IoT), and advanced analytics.

Read More

EMERGING TECHNOLOGY

Quantexa chosen by UK government for Big Data and Analytics framework as part of supplier ecosystem

QUANTEXA | August 26, 2022

Quantexa, a global leader in helping organizations unify, contextualize, and act on their data for trusted decisions, announced that it has been chosen by the Crown Commercial Service (CCS) to be a supplier for its Big Data and Analytics procurement framework. The framework will allow government departments and local authorities to choose from a range of best-in-class specialist suppliers to help unlock the value of data and improve public sector services. The framework will cover up to £2bn of potential spending over a four-year period, from 2022 to 2026. Quantexa will respond to tenders for commercial off-the-shelf (COTS) software specifically for big data and analytics capabilities. The company’s technology will help government services use data from their legacy systems and create a better understanding and single view of citizens, businesses, or organizations across a broad range of use cases including citizen insight, counter fraud, data intelligence and data management. “We’re proud to be selected by the CCS as a potential vendor for this framework. The National Data Strategy highlighted how essential it is for the government to automate the interrogation of their data more effectively to improve public services, Quantexa’s Contextual Decision Intelligence (CDI) Platform has already been selected by the Cabinet Office to detect fraud in the COVID-19 loan schemes and assist in the fight against financial crime. We look forward to the opportunity to deliver best-in-class entity resolution, graph analytics, scoring and alerting frameworks to other departments and across the public sector to help them use their data at scale to unify their data, manage risk, ensure compliance, and identify opportunities for efficiency.” -Vishal Marria, CEO at Quantexa. ABOUT QUANTEXA: Quantexa is a global data and analytics software company pioneering Contextual Decision Intelligence that empowers organizations to make trusted operational decisions by making data meaningful. Using the latest advancements in big data and AI, Quantexa’s platform uncovers hidden risk and new opportunities by providing a contextual, connected view of internal and external data in a single place. It solves major challenges across data management, KYC, customer intelligence, financial crime, risk, fraud, and security, throughout the customer lifecycle. The Quantexa Contextual Decision Intelligence Platform enhances operational performance with over 90% more accuracy and 60 times faster analytical model resolution than traditional approaches. Founded in 2016, Quantexa now has more than 500 employees and thousands of users working with billions of transactions and data points across the world. The company has offices in London, New York, Boston, Washington DC, Brussels, Toronto, Singapore, Melbourne, and Sydney.

Read More

EMERGING TECHNOLOGY,GOVERNMENT BUSINESS,GOVERNMENT FINANCE

UK Export Finance Leverages Informatica Cloud Platform to Help Businesses Scale Globally

Informatica | September 22, 2022

Informatica® (NYSE:INFA), an enterprise cloud data management leader, today announced that UK Export Finance is modernizing to the cloud with Informatica’s Intelligent Data Management Cloud (IDMC), freeing up team resources to better serve UK businesses of all sizes and sectors. UK Export Finance is the world’s first and oldest export credit agency, its mission is to advance prosperity by ensuring no viable UK export fails for lack of finance or insurance, doing that sustainably and at no net cost to the taxpayer. In the last year it supported 545 companies supporting exports in 61 countries. The small but nimble department is undertaking a digital transformation journey and selected Informatica to modernize its data architecture on a single cloud platform. Informatica’s IDMC enables enterprises to manage, own and derive insights from their data in the Cloud. UK Export Finance kicked off its digital transformation with a focus on connectivity and fast data ingestion. The IDMC enabled seamless integration with Azure DevOps and Power BI and allows UK Export Finance to manage all data pipelines from a single, browser-based tool and usage-based pricing has lowered the total cost of ownership. With a legacy integration stack, the UK Export Finance technology team was spending more and more time on maintenance and manual hand-coding to rebuild connectors to meet the specs of modern data architectures, taking time away from important projects. This, along with evolving international standards and regulatory requirements, made it the right time to modernize to the cloud. After an intensive decision-making progress, UK Export Finance chose Informatica’s cloud-native IDMC for its best-in-class capabilities, wide array of codeless connectors, and ease of implementation. With AI-powered automation and re-usable templates, IDMC has reduced data loading and build times by 40%, allowing the UK Export Finance technology team to focus on more strategic initiatives. Developers and data scientists are no longer tied down with maintenance and instead applying their expertise in building reports that unearth insights and value from the data for the UK exporters the department serves. “With a mission to better serve British businesses to enter new markets, maximize growth potential and increase the volume of export sales, our team looks to data to unearth insights and uncover new strategies, Informatica’s Intelligent Data Management Cloud has helped alleviate the maintenance and build burden, allowing our team to work on more interesting, strategic initiatives and deliver data-driven recommendations for the UK Exporters we support.” -Daniel Cozens, Senior Technical Lead, UK Export Finance. How businesses manage and innovate with data can be the decider on whether they become an industry disruptor or get left behind. With the IDMC, UK Export Finance can improve operational efficiency, eliminating inefficient hand coding and democratise data across the department to allow faster time to value and timely insights, said Jason Tooley, VP Informatica. We’re pleased to be working with UK Export Finance to unleash the power of its data to help UK businesses and industries thrive. About Informatica: Informatica (NYSE:INFA), an Enterprise Cloud Data Management leader, empowers businesses to realize the transformative power of data. We have pioneered a new category of software, the Informatica Intelligent Data Management Cloud™(IDMC), powered by AI and a cloud-first, cloud-native, end-to-end data management platform that connects, manages, and unifies data across any multi-cloud, hybrid system, empowering enterprises to modernize and advance their data strategies. Over 5,000 customers in more than 100 countries and 85 of the Fortune 100 rely on Informatica to drive data-led digital transformation. About UK Export Finance: UK Export Finance is the UK’s export credit agency and a government department, working along-side the Department for International Trade as an integral part of its strategy and operations. Established in 1919, its mission is to advance prosperity by ensuring no viable UK export fails for lack of finance or insurance, doing that sustainably and at no net cost to the taxpayer.

Read More