FEMA sets self-imposed deadline to move more apps to the cloud

0

For FEMA, cloud services are a lifeline for disaster survivors.

There’s perhaps no better use case than when a hurricane or tornado hits and FEMA needs to expand its grant management or flood insurance program to tens of thousands of people. users within hours.

Lytwaive Hutchinson, FEMA’s director of outbound information, said the scalability and flexibility of cloud services along with vendor innovation means the agency is continuously adapting to…

READ MORE

For FEMA, cloud services are a lifeline for disaster survivors.

There’s perhaps no better use case than when a hurricane or tornado hits and FEMA needs to expand its grant management or flood insurance program to tens of thousands of people. users within hours.

Lytwaive Hutchinson, FEMA’s director of outbound information, said the scalability and flexibility of cloud services along with vendor innovation means the agency is constantly adapting to the changing needs of citizens.

“Our goal is, by the end of this year, to have at least 50% of all of our cloud systems and services ready to move to the cloud,” Hutchinson said during a recent ACT-sponsored panel. IAC, one of which an excerpt was part of the Ask the CIO program. “I’ve had conversations with some vendors and some people about lifting and shifting, lifting and shifting is my last resort. It’s not something viable. My first look is to take capabilities and modernize them and/or move them to the cloud because they’re cloud ready or if they’re not, they need to stay on-premises.

Hutchinson, who announced in March that she was retiring from federal service after 41 years, said some systems are better suited to remain in FEMA or Department of Homeland Security data centers, while others systems are ready today or could be in the short term.

Lytwaive Hutchinson is FEMA’s CIO until her retirement in the coming weeks.

“I think we have over 53 cloud-ready systems, which will be 50% of the 53 for this fiscal year. We have another set of systems that are not cloud ready and will need to go through a modernization phase,” she said. “Our goal is by FY2026 to have all of our systems and services in the cloud. This includes our financial systems. We will treat each of our systems on a case-by-case basis.

She said this IT modernization initiative must be part of how FEMA does business every day and responds to every disaster. This means that services should be less about the latest and most advanced technology and more about ensuring that citizens have access to FEMA services whether or not they have an Internet connection.

“Our goal is to ensure that our services do not become obsolete by simply adding reinforcement to current technology, but by adopting new technology as that technology arises,” Hutchinson said. “You’ve also heard us talk a bit about our theme for this year, which is to deliver digital stocks. I know that’s a really nice little tagline, but it really means something to us. It’s about provide fairness to our IT partners and our citizens to be able to access that data, not just access it, but access it securely.We also want to make sure that we care for our disability community and that we ensure that our systems, our services, our websites are ready to use We have a lot to do through FEMA in terms of the systems and services that we would like to provide to our partners and our citizens to be able to take advantage of the capacity that FEMA brings, especially during the time of need in a disaster.”

Secure software sooner

One way FEMA is addressing this challenge is by taking a “secure by design” approach to developing new services.

Greg Edwards, FEMA’s chief information security officer, said this is how the agency brings security closer to the acquisition process to address potential and actual vulnerabilities early in the development phase. .

“We have spent a lot of time in terms of zero trust with our users and thinking about how they access our services and devices in a protected and secure way. In this area, we have made some improvements in terms of controlling our mobile devices and modernizing the network and applications,” Edwards said during the panel. “As far as our network is concerned, we have modernized the assets themselves enormously. It’s all about our journey to our FEMA Enterprise Cloud. Then there’s data from a cyber perspective, where we focus very heavily on encrypted data at rest, as well as encrypted data in transit.

The shift to the cloud and focus on zero trust is forcing FEMA to rethink more than its internal protections, but also how the public should access data and applications.

Edwards said that’s where the secure-by-design framework comes in.

“What this will allow us to do is align our system development lifecycle closely with the acquisition lifecycle. So, step by step, we will look at cyber activities from software development to the time you perform critical design tests, to the time of implementation to the time of system decommissioning” , did he declare. said. “We believe this framework, secured by design, will be useful in governing our overall processes and helping us to tighten the reins in this area.”

With the secure-by-design approach, Edwards said FEMA fixes vulnerabilities faster, lowers the cost of security, and improves collaboration between technology and the agency’s mission areas.

Manage governance well

The biggest impact of security by design, however, may be in how the system operates to serve the mission and citizens.

Edwards said that by looking at issues more holistically, FEMA can ensure that changes or updates don’t have downstream effects that could make something less secure or more complex to use.

“We’re still at the governance stage, and then we want to communicate the governance framework to our governance board to get buy-in from the whole community for the concept and methodology. We want them to have a good understanding of that before they start saying we’re implementing anything in that regard,” he said. “But in our business, we always work in parallel. We will be working in partnership with our core programs to do some prototyping, to understand some of the impacts of actually implementing this, and to achieve a goal of continued authorization and things of that nature. While we’re working on governance, we’re also working with programs to prototype how it would actually work. By the end of this year, we expect to have our governance process firmly in place, and my boss has asked me to make sure I have about three processes that we have fully implemented. ‘by the end of this year as well.

Edwards said there are nine processes in secure design and FEMA is looking at three of them, from security planning to auditing.

Share.

About Author

Comments are closed.