Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: cloud

We See the Future and it is … Single Sign On

By now you’ve likely heard of Single Sign On (SSO). It’s not exactly new, and it’s currently used by just a few agencies, but it is the wave of the future as agencies move to more cloud-based apps. In fact, 6 U.S. Code § 1523(b)(1)(D), a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” This provision was created by GSA working with the Department of Homeland Security. (FedTech, May 24, 2019)

What exactly is SSO? SSO allows a user to sign in one time with one high-strength password and access all that specific user’s authorized applications. With SSO, a user need not memorize a different password for each and every application they access. SSO uses the Security Assertion Markup Language protocol that gives the user the ability to log on once for affiliated but separate websites. According to Tracy David, a cloud client executive at CDW, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.” Ultimately, this makes for a much higher level of security for each agency. (ibid)

At this time, you must log in to each app with a different password. More often than not, passwords across applications are similar (if not the same) and easily remembered. This weakens the security level of the agency as stolen credentials account for roughly 80 percent of breaches. With SSO, you have one complex, single-sign-on password protected with multi-factor authentication.  (ibid)

Many agencies are still using on-premises SSO, which will be more difficult as apps move to the cloud. Insiders believe that the Defense Department’s forthcoming Joint Enterprise Defense Infrastructure cloud contract signals cloud adoption becoming the “norm” in government.

Questions about how this affects your current government contract, or how you might work with the government on SSO Technology? Give us a call at 301-913-5000.

 

 

 

The Future is Cloud-y

In February, GSA released a draft request for proposal (RFP) to consolidate and upgrade all of the Defense Department’s back office functions into the commercial cloud. GSA’s Federal Acquisition Service is now in the early stages of doing the same for civilian agencies with Civilian Enterprise Office Solutions (CEOS). (Federal News Network, May 7, 2019)

To help ensure supply chain security, DHS took the lead on early efforts. GSA has taken over efforts to reduce the attack surface of the network. With managed service, security is already embedded in the solution, making it more secure than the currently situation. (ibid)

Alan Thomas, GSA FAS commissioner and a board member managing the Technology Modernization Fund (TMF), has recommendations/lessons learned for agencies applying for Fund loans to modernize their IT:

  • Agencies submitting proposals this year need to build incremental benchmarks into their proposal, or their funding will likely be pulled.
  • Quarterly reviews will be conducted on agencies receiving funding.
  • Agencies should make sure their proposals focus on value creation and cost savings as the agencies must pay back funding provided by TMF.
  • Agencies should coordinate internally on proposals prior to submission; otherwise, they run the risk of being turned down for funding. (ibid)

FAS is also in need of IT modernization. The FAS internal systems, FSS 19, is nearly 40 years old. It uses older programming languages (COBOL, PowerBuilder) that solved specific problems instead of approaching an integrated solution. FAS is in need of a new, updated IT solution to bring the agency out of the 1970s. (ibid)

Are you a software provider or integrator looking to bring civilian agencies into the 21st century? Let’s talk! 301-913-5000.

 

 

The Eagle (II) is Not Landing

DHS will not be recompeting their EAGLE II IT services contract when it expires in 2020. They are moving toward a strategy called EAGLE Next Gen, which allows them to rely on existing contracts in order to meet IT services needs. Agile development and special or niche mission needs will be met by smaller targeted contracts competed as necessary. (Nextgov, April 20, 2019)

The EAGLE Next Gen strategy is just that, a strategy whereby DHS would use already established governmentwide acquisition contracts or GWACs. These include:

  • the National Institutes of Health’s CIO-SP3 and CIO-SP3 Small Business
  • GSA’s Alliant 2, 8(a) STARS II
  • GSA’s VETS 2

When requirements cannot be met by this strategy, DHS will build in-house contracts.

So far, DHS is beginning to build an in-house contract for cloud and data center optimization. Over 100 responses were received from their initial RFI. Most likely, resulting RFPs will ultimately be the family of contracts under DHS Next Gen, and are expected in the Fall. (ibid)

Some Homeland Security components are still using EAGLE II to support their agile development. Work with each of the components is at various phases of the procurement process. Each component has different requirements; therefore procurements will be specialized to meet individual needs. (ibid)

The future procurement strategy is far from finalized. There may be full and open competition or a blanket purchase agreement using pre-vetted vendors.

Would you like to learn more about the EAGLE Next Gen strategy and where you might fit in? Give us a call at (301) 913-5000.