The Future of Government Technology: FedRAMP, AI and Compliance in Focus with Ross Nodurft

Tech Transforms, sponsored by Dynatrace

Dec 6 2023 • 41 mins

As technology rapidly innovates, it is essential we talk about technology policy. What better way to get in the know than to have an expert break it down for us? Meet Ross Nodurft, the Executive Director of the Alliance for Digital Innovation. Ross dives in, explaining the evolution of FedRAMP controls and the recent, giant, AI Executive Order (EO) from the White House. Listen in to find out what this EO means for the government, the industry and the workforce as the U.S. attempts to implement policy ahead of AI innovation.

Key Topics

  • 04:25 Increasing security controls for cloud migration
  • 07:51 Discussion about customer feedback and cloud migration.
  • 12:17 Encouraging commercial solutions into federal government securely.
  • 15:39 Artificial intelligence shaping policy for future technology.
  • 16:54 AI EO covers critical infrastructure, AI, data, immigration.
  • 22:34 Guidance on AI impact assessment and testing.
  • 27:02 AI tools adoption must not be delayed.
  • 30:03 Ensure AI technologies have fail-safe mechanisms.
  • 32:08 Concern over rapid pace of technological advances.
  • 34:29 AI and technology advancing, policy aims control.
  • 39:37 Fascinating book on technology and chip history.

The Future of Government Technology: Shifting to FedRAMP High and Accelerating Cloud Adoption

Shift from FedRAMP Moderate to High for Sensitive Workloads

When FedRAMP was established over a decade ago, the focus was on managing the accreditation of emerging cloud infrastructure providers to support the initial migration of workloads. The baseline standard was FedRAMP Moderate, which addressed a "good amount" of security controls for less risky systems. However, Ross explains that increasing volumes of more sensitive workloads have moved to the cloud over time - including mission-critical systems and personal data. Consequently, agencies want to step up from moderate to the more stringent requirements of FedRAMP High to protect higher-risk systems. This includes only allowing High-cloud services to interact with other High-cloud applications.

The Evolution of Cloud Computing: "So right now, we're at the point where people are existing in thin clients that have access to targeted applications, but the back end compute power is kept somewhere else. It's just a completely different world that we're in architecturally." — Ross Nodurft

The Future of Government Technology: Streamlining FedRAMP for the SaaS-Powered Enterprise

According to Ross, the COVID-19 pandemic massively accelerated enterprise cloud adoption and consumption of SaaS applications. With the abrupt shift to remote work, organizations rapidly deployed commercial solutions to meet new demands. In the federal government, this hastened the transition from earlier focus on cloud platforms to widespread use of SaaS. Ross argues that FedRAMP has not evolved at pace to address the volume and type of SaaS solutions now prevalent across agencies. There is a need to streamline authorization pathways attuned to this expanding ecosystem of applications relying on standardized baseline security controls.

High-level Security Controls for Sensitive Data in the Cloud

Addressing Data Related to Students and Constituents

Ross states that as agencies move more sensitive workloads to the cloud, they are stepping up security controls from FedRAMP Moderate to FedRAMP High. Sensitive data includes things like personal HR data or data that could impact markets, as with some of the work USDA does. Willie gives the example of the Department of Education or Federal Student Aid, which may have sensitive data on students that could warrant higher security controls when moved to the cloud.

Ross confirms that is absolutely the case - the trend is for agencies to increase security as they shift more...

You Might Like

The Daily
The Daily
The New York Times
The Dan Bongino Show
The Dan Bongino Show
Cumulus Podcast Network | Dan Bongino
WSJ What’s News
WSJ What’s News
The Wall Street Journal
Pod Save America
Pod Save America
Crooked Media
The Glenn Beck Program
The Glenn Beck Program
Blaze Podcast Network
Mark Levin Podcast
Mark Levin Podcast
Cumulus Podcast Network
Morning Joe
Morning Joe
Joe Scarborough and Mika Brzezinski, MSNBC
The Ben Shapiro Show
The Ben Shapiro Show
The Daily Wire
The Rachel Maddow Show
The Rachel Maddow Show
Rachel Maddow, MSNBC
Morning Wire
Morning Wire
The Daily Wire
The New Yorker Radio Hour
The New Yorker Radio Hour
WNYC Studios and The New Yorker
The Matt Walsh Show
The Matt Walsh Show
The Daily Wire