We had to opportunity to sit down with Casey Coleman, CIO of the U.S. General Services Administration. She spoke to us about the shift to cloud computing, what's next for apps.gov, telecommuting, and social media. Coleman also shared with us what she would have been doing if she had to choose a different career and didn't work at GSA.
ExecutiveBiz: What's the biggest change the new administration has planned for the GSA's IT policy?
Casey Coleman: This new Administration has a real focus on transparency and on a presumption that information ought to be shared with the public and it ought to be made available in a manner that is collaborative and open. The presumption is coming from a position that information should be shared and open rather than a presumption that information should protected. Striking the right balance is a paramount goal.
ExecutiveBiz: How does cloud computing affect cybersecurity?
Casey Coleman: Cloud computing has a lot of promise in the federal government and for our industry in general. One of the challenges is going to be information security because one of the basic tenants of cloud computing is multi-tendency and that is the notion of sharing shared services delivered over the internet to a number of users in an environment where you are not in total control of that environment. You are subscribing to a service from a service provider. The security of that is a joint arrangement between the service provider and you as the consumer or customer. We need to make sure that the federal rule, the information security compliance privacy and all of the other compliance mandates are filled even in a cloud environment where it is being delivered by a third party and make sure that the security has been elevated to the right level. We think that information security can be solved in cloud computing and in fact information security might even be improved in a cloud delivery environment.
ExecutiveBiz: How did Apps.gov take shape?
Casey Coleman: Earlier this year the new Federal CIO, Vivek Kundra, challenged GSA to be able to deliver IT capabilities in a cloud delivery model in a way that was simple and easy to use and that detracted a lot of the complexity that the customers of IT capabilities normally have to deal with. We took that challenge and in analyzing it came up with the model of a store front for cloud computing which was named Apps.gov and this has been enjoyed now across many different parts of GSA working in conjunction with OMB to make sure that we ensure compliance and we ensure that security and privacy is there and will be there while at the same time trying to create a business model that is more customer friendly.
ExecutiveBiz: How will the GSA assure data privacy in the transition to cloud computing?
Casey Coleman: We have a working group across agency representatives that is going to tackle the challenge of security and privacy under the guidance of the Federal CIO council they are going to work on the issues like what security protocols need to be in place, how do we operate in a model that is shared and still make sure that the controls of FISMA have been monitored and validated. That group is really responsible for coming up with some solutions and partnership with industry and partnership with other organizations with stakeholders and interest.
ExecutiveBiz: Vivek Kundra has referred to apps.gov as the first of several iterations to come. What's next for apps.gov, and what's the ultimate goal for apps.gov?
Casey Coleman: He is right, Apps.gov today is really intended to be a beginning of a multi-year process of realizing the value of cloud computing so it is not intended to be by any means the final solution. The solutions that are available through Apps.gov today are for situations that are low risk, that involve publicly available data that is not sensitive in nature and so that is a significant portion of our IT portfolio but it is by no means all of it. Over time we would like to add more complex solutions that address more sensitive mission requirements or enterprise cloud computing capabilities and that can be scaled across multiple organizations, even in more sensitive situations.
ExecutiveBiz: What's your take on cloud computing as a cost-cutting measure?
Casey Coleman: Most surveys of customers of cloud computing do not come up with cost cutting as the number one value proposition. It's high on the list, generally number two or thereabouts. Agility and speed and time to value really come out as the number one value proposition. I think of those however as two sides of the same coin because if you are able to do things more quickly and get to value and get to mission accomplishment more rapidly you've saved time and that saves money. I believe that cloud computing can save money but I think that it is really more about eliminating complexity and finding the processes that the federal government goes through so that we can reduce duplication and effort across agency and through a more cloud based approach we can ensure compliance in a way that reduces that duplication and saves cost in terms of staff hours to perform those processes.
ExecutiveBiz: How can our readers get involved in Apps.gov?
Casey Coleman: The process for getting on Apps.gov is and always has been an open process. The underlying vehicle, the procurement vehicle that is being used is the GSA Schedule 70, that is the IT schedule and the products on Apps.gov must be in compliance and conformance with Schedule 70 and they have to be Schedule 70 holders. From there it is a process of informing GSA through a response to an RFI on EI; what are your cloud based solutions and then reloading your catalog with the appropriate cloud computing categories that can appear on Apps.gov. It's a three step process; be on Schedule 70, respond to the RFI which cloud computing solutions you enumerated and then reload your catalog with the appropriate categories.
ExecutiveBiz: How do you plan to transform agency-level cybersecurity from a compliance-driven culture to one that is results-driven?
Casey Coleman: Again there is a group that is part of this cloud computing initiative focused on security and is focused at looking at the current guidance in FISMA which is put out by NIST (National Institute of Standards and Technology) and see if any changes in that guidance are called for. NIST itself is really working mostly with us to take into consideration the way cloud computing works and see what changes to the guidance might be necessary. Of course with cloud computing the system boundaries are no longer so clearly defined and the process of securing it will be slightly different. There is a lot of good effort underway right now to examine that guidance and come up with appropriate if necessary modifications.
ExecutiveBiz: Do you know what the modifications might be?
Casey Coleman: One of the ideas is that there could be a sharing of a FISMA authority to operate. Typically today each organization that is a customer of a particular technology will do its own security reviews. It will conduct its own security certification and accreditation. It will issue its own authority to operate so even if it is on a shared environment each agency or each department doing that work over and over on the same environment is duplicative. If there can be a process to centralize that and then make those results available to all the customers of that environment of that cloud then you can do that work once and everyone can benefit from the work that has been done from a centralized perspective.
ExecutiveBiz: Will telecommuting factor into the GSA's plan to reduce the government's carbon footprint?
Casey Coleman: Telecommuting and telework is a big priority at GSA. We have currently 43% roughly of our agency teleworking on a consistent basis, which is pretty high in the federal government. We view it as a way to attain a number of benefits; one is to reduce congestion, reduce dependence on foreign oil, reduce the pollution that results from commute that is commonplace here in the Washington, DC area ““ so we've been equipping our employees to be able to telework on a regular basis with the IT capabilities including laptops and when necessary BlackBerrys and PDAs and cell phones so that they can have a virtual office wherever they go. It's really more about being mobile and being empowered.
ExecutiveBiz: Will cloud computing help the move to telecommuting?
Casey Colman: I think it can. Cloud computing again is the ability to tap into and consume services that are delivered over the internet so with cloud computing all they need is a computing device and an internet connection and with that you can get your work done and you can use those IT tools from anywhere. It really lends itself well to a mobile workforce and a telecommuting strategy.
ExecutiveBiz: What's the GSA's plan for social media?
Casey Coleman: GSA has just completed a social media policy and handbook for our employees to help them understand an appropriate use of social media and understand what regulations already exist. There's a number of regulations and a code of conduct that is still in place, we think that social media is just one more channel of communication and that the same rules apply as when talking to the media, as when appearing in a public forum and as when speaking on the record in any capacity as an official of the agency. We view social media as complimentary to the other outreach and other communications efforts that we already have underway.
ExecutiveBiz: What was your last tweet?
Casey Coleman: My last tweet was this morning on my drive in ““ someone almost caused a wreck with me and I noted that incident on Twitter this morning.
ExecutiveBiz: What is something most people don't know about you?
Casey Coleman: If I could have picked a different career I would have been a professional bicyclist. I love bicycling. I love sports. I love competition. I used to race bikes as an amateur and I loved it but I wasn't a Lance Armstrong so here I am in the government in a different but equally fulfilling career.
To watch additional videos on Casey Coleman:
Cyber security in the Cloud click here
Origins of apps.gov click here
How to participate in apps.gov click here
What her second career choice would have been click here