In requesting from Congress $916 million in appropriated funds — up 6.5% from its FY2024 ask — and another $59.8 million in offsets and supplemental appropriations, the GAO said it intends to leverage the cloud as it moves to adopt emerging technologies more quickly. 

That leverage will come from the GAO’s plan to shift from an on-premise data center to a cloud environment, a move that the watchdog said will allow it “to grow in agility and better engage IT modernization and cybersecurity strategies.”

“GAO is implementing Zero Trust Architecture principles to enhance cloud services with access and authentication controls using the cloud-based Secure Access Security Edge,” the GAO wrote in its request. “Zero Trust allows GAO to transition from traditional perimeter-focused security models to cloud focused models with security controls throughout the infrastructure.”

The budget request also includes “small program and inflationary increases” for GAO’s Information Technology and Building and Security programs. Those budgetary boosts will go toward “enhanced cloud data management and storage solutions, as well as IT security upgrades to combat the ever-growing cybersecurity threats toward U.S. assets,” the GAO wrote, adding that funds will also support planned work from the agency’s Innovation Lab.

Beyond modernization, GAO said its budget request would support five critical areas of importance to Congress and the country at large: national security enterprise, fraud prevention, science and technology, cybersecurity, and health care costs.

The GAO said it will continue to assess the development and execution of the White House’s national cybersecurity strategy, while also paying close attention to the 16 critical infrastructure sectors and how federal information systems are secured.

“Escalating threats, including new and more destructive attacks from around the globe, highlight the critical and persistent need for effective cybersecurity,” GAO wrote. 

The post GAO budget request puts premium on modernization efforts appeared first on FedScoop.

Following a massive data breach in 2015, OPM instituted a comprehensive overhaul of its IT and security practices. However, in the years since, it became increasingly clear that without modernizing its underlying IT infrastructure, many of the remedies OPM put in place were becoming outmoded in the face of ever more sophisticated cyberattacks.

That was especially apparent to Guy Cavallo, who arrived at OPM in the fall of 2020 as principal deputy CIO after leading sweeping IT modernization initiatives at the Small Business Administration (SBA) and before that at the Transportation Security Administration (TSA). He was named OPM’s CIO in July 2021.

Recognizing new cyber challenges

“We looked at the on-premises cyber tools that OPM was running since the breach and saw while they were effective, with today’s advancements in AI and cyber capabilities, they weren’t keeping up with the attack vectors we’re facing today,” said Cavallo in a recent interview. Threat actors had shifted to identity-based attacks using more sophisticated tactics, requiring advanced detection and response solutions.

“We knew with AI coming and the Executive Order on Cybersecurity requiring logging to get visibility into your environment, investing in on-premises hardware would be a never-ending battle of running out of storage space,” he concluded.

The cloud was “the ideal elastic storage case for that,” he continued. But it also offered other critical solutions. The cloud was the ideal way to host applications to ensure “that we’re always up to date on patching and versions, leaving that to the cloud vendors to take care of — something that the federal government struggles with,” he said.

Checklist for a better solution

Cavallo wanted to avoid the mistake he had seen other organizations make, trying to weave all kinds of tools into an enterprise security blanket. “It’s incredibly difficult to integrate them and not have them attack each other — or also not have gaps between them,” he said. “I’m a believer that simpler is much better than tying together best-of-breed from multiple vendors.”

That drove Cavallo and OPM Chief Information Security Officer James Saunders to pursue a fundamental shift to a cloud-native cybersecurity platform and “making that the heart of our security apparatus,” said Saunders.  

After reviewing the options, they elected to move to Microsoft’s Azure cloud-based cybersecurity stack “so that we can take advantage of the edge of cloud, and cloud in general, to collect data logs.” Additionally, it would mean “We didn’t have to worry about software patching and ‘Do I have enough disk space?’ It also allows us to springboard into more advanced capabilities such as artificial intelligence,” Saunders said.

Because OPM exchanges data with many federal agencies that rely on different data systems, Cavallo and Saunders also implemented a cloud access security broker (CASB) — a security policy enforcement engine that monitors and manages security activity across multiple domains from a single location. It also “enables our security analysts to be more efficient and identify threats in a more holistic manner,” Saunders explained.

Added benefits

“There is a general misconception that you can only use cloud tools from the host vendor to monitor and protect that environment.  We found that leveraging cyber defenses that span multiple clouds is a better solution for us instead of having multiple different tools performing the same function,” Cavallo added.

Microsoft’s extensive threat intelligence ecosystem and the ability to reduce the number of contracts OPM has to maintain were also critical factors in their decision to move to Azure, Saunders added.

The pay-off

The migration from on-premises infrastructure to the cloud was a complex process involving the retirement of more than 50 servers and the decommissioning of multiple storage areas and SQL databases, according to Saunders. The most challenging aspect, though, was not the technology but managing the transition with the workforce. Extensive training and organizational change management were as critical as the technical migration to the success of the transition.

According to Saunders, the benefits didn’t take long to recognize:

• Enhanced visibility: OPM now has a more comprehensive view of its security posture, thanks to the centralized platform and increased log collection.
• Improved threat detection and response: AI-powered tools and Microsoft’s threat intelligence helps OPM identify and respond to threats faster and more effectively.
• Reduced costs and complexity: Cloud-native solutions eliminate the need for buying expensive on-premises hardware and software, while also simplifying management and maintenance.
• Increased scalability and agility: The cloud platform allows OPM to easily scale its security infrastructure as needed to meet evolving threats and business requirements.

Collectively, those and related cloud benefits are also helping OPM make faster headway in meeting the administration’s zero-trust security goals.

Lessons learned

Perhaps one of the most important benefits is being able to demonstrate the magnitude and nature of today’s threat landscape to the agency’s leadership and how OPM is much better prepared to defend against it, according to Cavallo.

“When James and I showed them the visibility that we have from all those logs, it was a drop-the-mic moment for them. We can say we blocked 4,000 attacks in the last hour, but until you actually show them a world map and our adversaries trying to get into OPM, then be able to click and show the real details of it — those threats get lost in the noise,” he said.

“My recommendation at the CIO level is, this is a better mousetrap. But you can’t just expect people to flock to it. You have to go show them why it’s a better mousetrap.”

Among the other lessons Cavallo recommends to fellow IT leaders:

• Focus on simplicity: Choose a single, integrated security platform to avoid the complexity of managing multiple tools.
• Invest in training: Ensure your staff is trained and familiar with new cloud-native security tools and processes.
• Start small and scale gradually: Begin with a pilot project and gradually migrate your security infrastructure to the cloud.
• Communicate effectively: Clearly explain the benefits of cloud-native security to your stakeholders and address any concerns.

This report was produced by Scoop News Group for FedScoop as part of a series on technology innovation in government, underwritten by Microsoft Federal.

The post How cloud modernization transformed OPM cybersecurity operations appeared first on FedScoop.