Tip:
Highlight text to annotate it
X
[ Music ]
[ Background noise ]
>> Good morning, everyone.
How do you follow an earthquake joke?
I don't know.
I've been in the industry for quite some time, about 20,
more than 20 years in,
in dealing with computing technology, software technology,
hardware and everything in between.
I can imagine, and I've attended a few meetings
like you're attending in the next few days
where some very instrumental things are, are being set
to seize on an inflection point that,
that the industry can really benefit from
and probably more importantly and applicable
to this conference, the government can, can,
can seize on that opportunity.
I want to thank you all for inviting me to come, thank you,
Pat, for, for, for hosting this, this event.
I have a long, as I mentioned, a long history
from also benefiting from the great work that happens
at events like this, when I led the cross industry work on XML
and web services in the private sector to my time
in the Obama Administration
at the Federal Communications Commission.
We, we were always seizing that, that opportunity
to use the great partnership that exists
between the government and private sector
to really benefit and, and move technology forward.
And I'm thrilled today to be participating
in my new role as, as federal CIO.
This is my second speech in that capacity.
So, so thank you for having that.
I've been very involved in my first 90 days with NIST.
We have a weekly meeting on Cloud.
I've met with Pat.
I've spent some time up here on the campus meeting
with the different teams and talking about the great
and important work we're doing,
and I want to echo Pat's comments regarding the work
of NIST in a very short amount of time
and cloud computing really hasn't been around a long time.
NIST has jump started critically important work
on cloud standards across the full spectrum of stakeholders,
academic, industry, and government.
And this occupies a unique technology leadership role
as it supports our government efforts
in involving the industry and government
in improving our ability to -- and agility in technology,
in this technology space, while focusing on reducing cost,
which is one of the great benefits, we think,
of, of cloud adoption.
NIST has also done incredible work
on identifying high priority interoperability
and portability requirements that must be met for agencies
to accelerate cloud deployments as well as the important work
on developing standards, guidance, and technologies
that need to be in place to support all of this.
I'm most excited, I think, today about the,
the launch of something that I've been looking
at for the last 90 days roughly in draft form, and that's the,
the Cloud Computing Technology Roadmap that's released in,
for public comment here, I think it's all in your folders
that you were handed as you came in.
I think, you know, this is going to go a long way
in helping the U.S. government increase our level
of services delivered to taxpayers and enable us
to meet our goals of doing more with less.
While the agenda in the next three days is broad
and varied I want to spend some time talking a little bit
about where cloud computing is going, and, and what we're doing
in the U.S. government around cloud computing.
First, I want
to enthusiastically reaffirm my support for cloud computing
and the federal cloud computing initiative.
Since we stood up the initiative in, in 2009,
we have really viewed cloud computing
as a once-in-a-lifetime opportunity to really transform
and reshape the way the government buys, uses, and,
and thinks about technology and delivering services in this way.
We have an incredible pressure
in the federal government right now in this fiscal environment
with cyber security pressures being greater
than ever before with, with pressure on reduced spending
across the federal landscape coupled with a set of citizens
that are really stepping up from the standpoint
of what they expect from government.
I think we all -- and I had certainly written
in the past this speech around the, the internet generation,
those people that are sort of in their mid-20s now that grew
up online their entire lives,
or virtually online their entire lives.
I think what surprised us all was, was seeing, you know,
80-year-olds, grandparents now getting on Facebook,
embarrassing their grandchildren with what they post, and,
and really coming online in a way that expects more
from their government and that interaction.
And, and that is putting incredible pressure on,
on federal IT to deliver more,
but in this fiscal environment with less.
And so, cloud computing is a way we're going to really,
I think, jump start that.
Like many things, technology is often at an inflection point
where technology is there to answer a call.
Interesting fact that I,
I talked about in my speech last week was over half
of the Fortune 500 companies that were founded, were founded
in the worst economic times in our country's history,
which is an interesting statement, I think of,
of access to people that, that come available
in those economic times, but also if you look back
and trace back to the beginnings of these companies,
technology was often there to answer that call to,
to allow those companies to,
to sort of jettison past the competition in a way that,
that helped them do more with fewer resources
to -- in, in startup mode.
And, and I think cloud really represents
that opportunity in this space.
Since this initiative has launched, we've done,
we've done many things in the cloud computing space.
The first thing we did is my predecessor launched the Cloud
First Initiative, which was designed to accelerate the pace
at which government realized the value of cloud computing
and really encourage agencies to take a first approach
to these new implementations.
So when they're deploying something new,
they must consider cloud first in those implementations.
There's more we have to do besides just doing policy work,
policy is part of the puzzle, the other parts are,
are technology standards,
people and resources to get all this done.
And strategy is a big piece of that.
So we launched a -- we published the Federal Cloud Computing
Strategy that really not only talks about the benefits and,
and considerations around cloud,
but gives some really good examples of how to migrate
to the cloud, prescriptive guidance on getting there,
and it kind of starts that conversation that we need
to have on, on moving federal agencies, both across sort
of the activities, the roles they need in place, and the,
and the governance and guidance to, to catalyze this phenomenon.
Since the launch in 2009, we've also awarded 12 contracts
for vendors that provide government with the ability
to purchase cloud-based storage, computing power
through virtualization, and website hosting, and,
and that list, through other mechanisms is even going
to expand, and that expansion comes
through what we call FedRAMP.
The Federal Risk Authorization and Management Program,
it's the "on" ramp for agencies to streamline procurement
of cloud technologies, and it gives us a lot of ability
to standardize the way we look at the cloud
to give an apples-to-apples comparison, and,
and pre-checks to go in.
And I'll talk in a second about where we are in FedRAMP launch.
As we started work on this, and really, and, and thanks to NIST,
we're right now in the process
of developing cloud computing portability, interoperability,
and security standards designed to accelerate and dovetail
with all these other activities, the adoption of cloud computing.
So as we look to the future of cloud, there's four key areas
that we're really focusing on here in the near-term,
there will be many more areas.
The four key ones for us are: agencies, procurement,
international considerations, and, and cyber security.
The first one is agencies.
The -- what we want to do with agency is really ensure
that they have all the right tools and resources necessary
to migrate to the cloud.
The CIO Council, which I'm very much a part of and involved
with all the time, has been hard at work on a white paper
and some best practices work
to examine how government agencies have brought cloud
computing solutions into agencies and detail a series
of best practices and lessons learned as we,
as we pull forward, this includes things like,
things that don't come naturally when you sort
of make an infrastructure decision like cloud
or an app decision like cloud, things like FOIA (Freedom
of Information Act), eDiscovery, privacy
and other things are considerations that we want
to bring into the conversation early
so they aren't afterthought considerations as,
as people move, and so that's a,
that's an important consideration.
We're also very much focused on people.
What we've noticed in looking
at cloud deployments inside agencies,
it's very much a multidisciplinary consideration.
It's not just the CIO or the technical people involved.
The job of the CIO is to really bridge and be
that universal translator between the business
and the technology needs and implementation and, and just,
just as our IT reform and 25 Point Plan really demonstrates,
it involves, it really takes the work of a CIO, procurement,
legal department, and acquisition and program managers
that oversee both the stuff they acquire and,
and the business side of the mission of the agency
to really partner to come into, to bring these solutions
to bear, and broad buy-in on that is, is important.
We're piloting work inside, inside federal agencies,
vendor management organizations, investment review boards,
and other things that dovetail into, into creating centers
of excellence for people to consider these solutions.
Cloud will be a big part of that, and,
and how we buy cloud is part of that.
The second area, as I mentioned, is procurement,
and for procurement it's really the focus there is FedRAMP.
There's been a lot of work on FedRAMP
across multiple parties in government.
As I mentioned, we have a weekly meeting that I'm involved in,
we've made a lot of late changes in, in FedRAMP that I'm,
I'm very happy to see in place that takes in a lot
of considerations from the industry and, and NIST
and other, other people.
The launch of the, of the, the Roadmap today is no coincidence
that it leads off a set of activities
that will be quickly followed by the,
the launch of initial version of FedRAMP.
Right now, FedRAMP and the FedRAMP Guidance Memo is in the,
is in final review in the White House, and OMB, and,
and it will be out very soon.
Once the memo's signed and operationalized,
we're going to stand up a common base line for agencies to work
from as they consider the, the purchase of cloud solutions.
Eventually we plan to require agencies who want
to acquire cloud services to go through FedRAMP.
FedRAMP will be a, a mandatory path by which you will,
you will go to cloud, but FedRAMP and the launch
of FedRAMP in the very near future is really a,
is really a starting point.
We envision FedRAMP really as a living initiative that we,
we will get the early stage work out in FedRAMP, learn as we go,
and continue to modify FedRAMP to, to take in lots
of other considerations.
What you'll see in the way we bring vendors
through FedRAMP will be very much in that crawl, walk,
run type, type scenario, where we will, in the early stages,
FedRAMP will authorize a lot of commodity IT-type solutions,
stuff that's sort of known entity and known implementation,
and then as we get into richer considerations
around international and cyber and other things, we,
we will continue to modify really using your help to,
to go there.
And the, the Roadmap is really a great way of, of,
of kicking this off because it starts a conversation
that goes more broadly than,
than I think what FedRAMP will do initially,
even though this is a great first step.
FedRAMP's going to be, we feel, really transformational,
not only in, in cost savings,
because we're not duplicating procurement across agencies,
but it will also increase the speed
at which agencies can acquire cloud services,
an important consideration as we move to a,
a more agile future-ready and future-first type environment
in the, in the government.
I'm also really excited about the cyber coverage of FedRAMP,
the standardized methods by which the Department
of Homeland Security will start to monitor cyber security is,
is one of the, I think, the sort of hidden gem inside,
inside what we're doing in FedRAMP.
And I'm excited about the partnership with NIST and all
of you to continue to develop continuous monitoring standards
and, and other things to, to drive that forward.
The next focus area, of course, is international.
I'm not going to spend a lot of time on this
because I know Ambassador Verveer is going to,
going to have a very thoughtful panel talking about this.
But we're going to work with agencies across government
to really examine cloud computing
and the international issues and opportunities, you know,
this is, this is things like jurisdiction, security of data
in transit, data compliance, traceability, codes of conduct,
Service Level Agreements, consideration of local laws,
all of this stuff is, is very important.
Our goal here is to carefully,
very carefully strike the balance
between trade considerations, which I think is very important,
cyber security implications, which is sort
of top-of-mind for lots of people.
And, and really our innovation agenda,
moving innovation forward
and the federal government should not be held back
by considerations of, of trade and, and cyber and we want
to make sure that we, we do all we can to strike
that careful balance between all of those, so I'm excited
to hear the outcomes of the panel that,
that follows this session this morning.
The, the last and, and really most important area is,
is cyber security.
Focusing on cyber in, in cloud is, is of course very important.
As -- but as I mentioned in my, my first speech last week,
we cannot afford to make the false tradeoff
between cyber security and innovation.
A lot of people will use cyber as a blanket excuse
to not move forward, but I truly believe that moving to the cloud
and a move to the cloud of infrastructure,
application infrastructure and other systems done correctly,
following NIST guidelines, eventually using FedRAMP,
getting DHS monitoring established,
and others can really make solutions
in the government a lot more secure than we are today.
In this everything-connected world,
if we don't change our posture inside the data center inside a
building we're as insecure as if we as if we do nothing.
And, and a move to the cloud can create a tremendous opportunity
to rethink, re-architect, and, and re-firm up our ability
on the, on the cyber fronts.
We're going to continue to work with DHS, NIST and,
and people like you to ensure we bring cyber
into everything that we do.
Now, as Pat said, you know,
investing in the cloud can yield billions in savings.
We anticipate 20 billion of the,
of 80 billion U.S. portfolio moving to the cloud
and I would hope that we, as we continue to look for solutions,
look for opportunities, use our Cloud First Policy,
we even shift that up over time where a very large percentage
of our, of our infrastructure is moved to the cloud.
As we continue to do more with less,
cloud computing will continue
to be among the most critical initiatives that we do
to ensure government is yielding the highest return possible on,
on our investments.
I want to thank you all, again, for participating in this event,
in this conference, at this important time.
As I said at the top, you know, there's been many conferences
like this that were at those inflection points
and hopefully someday you'll all look back on today
and these next three days and say "I was there."
I was there at that inflection point to seize on an opportunity
to transform the way we use technology, and,
and really transform cloud computing.
You also have the opportunity to really transform the future
of the way your government uses technology,
and I'm probably most excited about that.
And I really can't wait to see what comes
out of the great work you all do here.
So.
Thank you.
[ Applause ]