"The Myth That More Rules and Oversight Can Fix Government "

April 21, 2016

"When things go awry in for-profit and non-profit organizations, the operative working assumption is that responsibility lies with management. That is, management is responsible for institutional performance by definition. In government, however, the operative working assumption is altogether different. Successes and failures there cannot be blamed on management, because only tidbits of authority are vested there. Fault must lie elsewhere. Two possibilities present themselves: inadequate rule-making and insufficient political oversight. What is rarely examined is what is most often the real culprit: the authority that public-sector management should have but doesn't. It is all but a knee-jerk reaction to begin the blaming process by denouncing inadequate rules and regulations. We didn't see something coming, but should have. The remedy is clear: New rules must be written, and quickly, to make up for the lapse. When that doesn't suffice, we turn to the second target of blame, insufficient political oversight. Elected officials must hold bureaucracy to account. Hence the public sector is replete with both: rules and regulations that address long histories of organizational issues along with a vast array of oversight structures. In a static world, these approaches might serve the purpose. But our rapidly changing one generates a relentless, never-ending need for more rules and more oversight. It is impossible for the most accomplished rule-makers or the most able overseers to keep up with constantly growing demands. The U.S. House of Representatives consists of 435 members and the U.S. Senate of 100. In contrast, hundreds of federal-government departments and agencies employ nearly 2 million civilians and spend nearly $4 trillion annually. Considering the scale of that which must be overseen and the paucity of overseers and hours available for oversight, elected officials do a creditable job. Even so, elected officials rarely enter the buildings that house the institutions they oversee; representatives of those institutions come to them instead. It's a rare day in Washington when some high-ranking federal official isn't being hauled before a congressional oversight committee. Nor do the president or the governors of the 50 states or the mayors of cities large and small possess the resources necessary to make oversight effective. These elected executives face far too many problems, and have far too little talent at their disposal, to even pretend to conduct effective oversight. And it simply is not possible to write rules and regulations to cover what oversight inevitably misses. The institutions of government are far too large and complex for such a simple solution. The fact that it is all but impossible to write a new rule that clarifies more than it complicates is the well-known lament of the government professional. The interplay between overseers and rule makers and those who operate government is a vast morass. Recipients of rules and oversight accumulate long and ever-growing lists of incoming directions. Constant explanations and clarifications are required. The flow goes the other way too, as government's professionals submit proposals and recommendations to rule-makers and overseers, who also find it impossible to keep up. The inevitable result is that institutions of government are drowning in directions and rules from the top. It is all but impossible to attend to anything else. Because the kinds of initiatives that happen routinely at the lower and middle levels of private-sector institutions require the attention of the highest levels in government, few such initiatives take place in the public sector. The inevitable result is that government's institutions have become rigid and all but unmanageable, except at the very top. Hardly anyone outside government knows this, but government performs very well indeed at the top. Government's troubles lie elsewhere. Institutions require continuous re-tooling at all levels. But few institutions of government obtain it. We have created a classic ""Catch-22"": Government's failings produce more rules and oversight, which increases institutional rigidity, which produces more failings, which produces more rules and oversight, which increases institutional rigidity. ... There is only one possible way out, and that is to vest sufficient authority and responsibility in management so that the answer to the question ""Who is to blame?"" becomes: ""Management is to blame."" Government will never dispense with oversight and rules. But if we want to add accountability to the equation, the only possible way is through management. "

Spotlight

Congress is a stand-off over a funding bill that includes a provision that would DEfund ObamaCare... but what's really behind these issues?


Other News
CYBERSECURITY

Keeper Security Announces FedRAMP Authorization

Keeper Security | August 25, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections, today announced that the company has obtained FedRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC). The KSGC password management and security solution has successfully completed the rigorous FedRAMP accreditation process. This highly sought-after and difficult to attain designation sets KSGC apart from its competitors as the best in class zero-trust and zero-knowledge security solution for government agencies to protect their passwords, data, and secrets. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. This alone can take organizations months or years, depending on the complexity of the system. Authorization can only be pursued by an organization through partnering with a federal agency or the Joint Authorization Board (JAB). Additionally, the system must be evaluated and assessed by an authorized independent third-party auditor prior to submitting for final review and authorization by the FedRAMP Program Management Office. "Keeper is proud to bring its password management and cybersecurity platform to FedRAMP Authorized status," said Darren Guccione, CEO and Co-Founder of Keeper Security. "This authorization demonstrates Keeper's longstanding -- and, some would say, fanatical -- commitment to the highest standards of internal security controls and encryption. Keeper is prepared to help federal agencies protect their digital assets against ransomware, data breaches and other password-related cyberattacks." "As a FedRAMP Authorized password management and security solution, KSGC will enable Carahsoft and our reseller partners to help federal agencies better secure their sensitive information and protect against password related breaches, Keeper's zero-knowledge, zero-trust architecture solves compliance and regulatory enforcement requirements, providing a trusted, reliable solution that meets government needs." -Steve Jacyna, who leads the Keeper Security team at Carahsoft. Today's attackers are advanced at using any breached username and password combination to run through analytics and bots to find any use or similar use combination. By leveraging password managers, a constant health check can be maintained for password diversification and security, said Jean-Paul Bergeaux, Federal Chief Technology Officer of GuidePoint Security. Enterprises cannot assume users are doing this and KSGC provides a way for government security teams to maintain password security while also significantly improving user experience throughout their work life. The FedRAMP Authorized KSGC follows a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data. Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC. About Keeper Security: Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyber attacks while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password and secrets management, privileged access, secure remote infrastructure access and encrypted messaging. Keeper's products are the highest-rated in the industry across G2, Trustpilot, PCMag and U.S. News & World Report. For the last several years, Keeper has received several InfoSec Awards from Cyber Defense Magazine for its cyber security enterprise software. Keeper is SOC 2 and ISO 27001 certified, and FIPS 140-2 validated, and Keeper is the only FedRAMP Authorized enterprise password management solution. Keeper is backed by Insight Partners, a leading venture capital and private equity firm with $90b AUM. About Carahsoft: Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare. As the Master Government Aggregator® for its vendor and reseller partners, Carahsoft delivers solutions for Cybersecurity, MultiCloud, DevSecOps, Big Data, Artificial Intelligence, Open Source, Customer Experience and Engagement, and more. About GuidePoint Security: GuidePoint Security provides cybersecurity solutions and services that help organizations make better decisions. GuidePoint Security's holistic approach enables organizations to identify threats, optimize resources, and integrate solutions that mitigate risk.

Read More

EMERGING TECHNOLOGY,CYBERSECURITY

GovPilot Moves to Microsoft Cloud, Enhances Cybersecurity for Local Government Customers

GovPilot | September 08, 2022

GovPilot, a provider of modern cloud-based government management software specifically designed for municipal and county governments has successfully migrated its platform to Azure, Microsoft’s cloud platform. The migration affords GovPilot and its local government customers with significant benefits including access to the latest Microsoft cloud technology and security which is already trusted by the Department of Defense, the Intelligence community, and 95% of Fortune 500 companies. GovPilot’s Azure adoption comes at a time when local governments are increasingly the target of coordinated cyber attacks and malicious ransomware code which have disrupted operations and services, jeopardized data, and caused significant financial damage to local governments across the country. According to the FBI, local governments accounted for the second-highest victimized group in 2021, trailing only the academic sector as ransomware gangs’ favorite target. “Local governments in the U.S. have often operated with a mix of paper-based processes, spreadsheets, single-use software, and older on-site server based systems. Not only is this inefficient but it is expensive to maintain and presents a significant cyber risk for local government administrators and their constituents, As a unified cloud-based government management platform, GovPilot aims to be the operating system for local government. This implementation provides our customers with best-in-class availability, reliability, and cyber resilience. GovPilot’s mission is to empower local governments to better serve their constituents and operate efficiently. Our implementation of Microsoft’s Azure Cloud is a major part of living up to and delivering on that mission.” -Michael Bonner Founder and CEO,GovPilot. With the Azure migration, GovPilot and its customers will realize significant benefits including: Enhanced Security: The GovPilot platform is secured with the latest Microsoft technology. Data Protection: All data is encrypted, and backed-up in multiple locations. Scalability & Performance: Azure provides limitless room to grow, all while preserving performance. Business Continuity: GovPilot enables users to access the platform 24/7 from anywhere. Azure allows for rapid restoration of services in the event of natural disaster or other catastrophe. “By implementing the Microsoft Azure Cloud - trusted by 95% of Fortune 500 companies and U.S government agencies - GovPilot has made a serious commitment to security. Given the current threat environment, our customers and prospective customers in local government will benefit enormously from the technology provided by Azure.” -Robin Smith, GovPilot’s Chief Operating Officer. About GovPilot: GovPilot - named a GovTech 100 company for five consecutive years - is the leader in digital transformation for local governments. GovPilot's cloud-based platform was built with the sole purpose of enabling local governments to operate at their full potential by standardizing, digitizing, and unifying more than 100 operational and constituent service processes on one operating system.

Read More

EMERGING TECHNOLOGY

U.S. Public Sector Updates Security for New Cloud Reality

ISG | September 16, 2022

State and municipal governments in the U.S., many still burdened by legacy systems and processes, are working with service providers to secure new cloud-based IT architectures amid major technology transitions, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm. The 2022 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector finds that governments and associated public organizations know they need to quickly overhaul both IT and cybersecurity to meet growing demand for remote work and online services to constituents. Most favor wholesale migration to cloud architectures and modern cybersecurity tools, but they need to overcome long-established procurement practices to succeed. “Legacy platforms and processes have held many agencies back from offering better services and becoming more efficient, The new, more holistic approach to technology also extends to cybersecurity.” -Nathan Frey, partner, ISG Public Sector. The COVID-19 pandemic has intensified challenges governments in the U.S. have faced for decades, the report says. Lockdowns and work-from-home requirements forced agencies to offer more services online while ramping up IT support for suddenly remote workers. At the same time, a long-term exodus of older employees accelerated, making it even harder for organizations to catch up. These factors have triggered a wave of IT modernization in the U.S. public sector, including projects to update IT security systems, especially identity and access management (IAM) and data loss/leakage prevention (DLP), ISG says. Advanced IAM systems let agencies offer more workers and constituents secure access to systems, while DLP provides better control of what data users can access in those systems and how they can use the data. “Public agencies want more sophisticated security tools, with proper integration, so they can offer better services without increasing risk, Qualified service providers with public-sector experience are helping at every stage of the process.” -Jan Erik Aase, partner and global leader, ISG Provider Lens Research. More state and local governments are seeking technical security services for integration and implementation and engaging with managed security service providers for ongoing operations, ISG says. Some governments are also turning to strategic security service providers for help in developing an overall security vision spanning all departments and functions, often for the first time. The 2022 ISG Provider Lens™ Cybersecurity — Solutions and Services report for the U.S. Public Sector evaluates the capabilities of 61 providers across five quadrants: Identity and Access Management (IAM); Data Leakage /Loss Prevention (DLP) and Data Security; Technical Security Services; Strategic Security Services, and Managed Security Services. The report names IBM as a Leader in all five quadrants and Atos as a Leader in four quadrants. It names Accenture, Capgemini, Deloitte, EY and Infosys as Leaders in three quadrants each. Broadcom, Unisys and Verizon are named as Leaders in two quadrants each. ManageEngine, Microsoft, Okta, Palo Alto Networks, Proofpoint, RSA, Trend Micro, Varonis, Wipro and Zscaler are named as Leaders in one quadrant each. About ISG Provider Lens™ Research: The ISG Provider Lens™ Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. About ISG: ISG (Information Services Group) (Nasdaq: III) is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data.

Read More

EMERGING TECHNOLOGY,GOVERNMENT BUSINESS

N-Ovate Solutions Launches SmartGov Data Tech

N-Ovate Solutions | September 15, 2022

In response to the overwhelming need from government agencies and the education sector, N-Ovate Solutions announces the launch of the SmartGov Data Tech today. N-Ovate has partnered with the Black Progress Matters Black-Owned Business Incubator to create an unparalleled, purpose-built modern data stack specifically for governments and education industries. Specializing in Cybersecurity, IT Strategy & Planning, and IT Telecom & Network Services, N-Ovate Solutions is an innovative agency created by Tye Hayes -- the former CTO of the City of Atlanta, with over two decades of experience working in the public sector. Tye Hayes and her team have developed the new SmartGov Data Stack to help government agencies manage data more efficiently. Focusing on data governance, risk reduction, & compliance, N-Ovate developed SmartGov Data Tech to solve the unique challenges government entities face regarding data management. "When harnessed correctly, Big Data can empower governments to modernize faster and serve constituents more effectively by building more predictive systems that address the implications of gathered information." - Tye Hayes, Founder & CEO, N-Ovate Solutions and SmartGov Data Tech. Tye Hayes and N-Ovate Solutions' expertise in government agencies and education allows them to understand this complexity better than anyone else. This unique perspective will help SmartGov Data Tech to provide valuable insights and solutions for clients looking to improve efficiency and optimize services. The SmartGov Data Stack, powered by Tye and her innovative team, is poised to be the data management technology leader for government agencies with the ever-growing demand for data solutions.

Read More