WashingtonExec has reached out to leading GovCon cloud executives about the latest trends in a post-pandemic world. These interviews highlight success stories that resonate, discuss how organizations are navigating current challenges and provide insight into lessons learned.
Chris Hughes, co-founder and chief information security officer for open source digital experience company Aquia, shares his thoughts below.
What were you and your team heavily focused on this year?
Some of our key focus areas included application security, threat modeling, DevSecOps, Software-as-a-Service security and governance and software supply chain security.
Did the pandemic accelerate digital transformation efforts in your organization or with customers? If so, how did you/your team approach this, and how did cloud play a role?
It is often joked that the pandemic did more to accelerate digital transformation in 18 months than CXOs did in years. Kidding aside, the pandemic forced organizations to accelerate their digital transformation efforts to ensure business continuity and mission/business outcomes for key stakeholders without disruption. This means new capabilities, processes, workflows and more.
Cloud was absolutely pivotal to enabling this acceleration, most notably software-as-a-service, which was used for everything from collaboration tools, communication, cybersecurity and more. Cloud served as the critical lynchpin as organizations scrambled to ensure continuity.
However, this also meant rapid technology changes and adoption, and without circling back to ensure proper security could have sown unforeseen cybersecurity risks which could come home to roost down the line.
Are you/your team spearheading any major digital transformation initiatives at the moment? If so, can you explain?
We are leading several key efforts for the Centers for Medicare and Medicaid along with our partners. Some of the most notable initiatives include establishing a new Platform-as-a-Service dubbed “batCAVE” to enable secure application delivery at scale. Another key effort is our work around software supply chain security, specifically software bill of materials.
Creating a platform to ingest, generate, enrich and store SBOMs from a myriad of sources and ultimately empower organizational decision-makers in key areas such as acquisition and cybersecurity. Many of these requirements are tied to things such as the cybersecurity executive order.
We’re rallying around emerging standards such as CycloneDX and SPDX, along with guidance from organizations such as the National Telecommunications and Information Administration, Cybersecurity and Infrastructure Security Agency, and commercial giants such as Google and others, to ensure we bring innovative solutions to a complex problem. Utilizing SBOMs at scale will foster better supply chain transparency, enable risk-informed procurement activities and also more granular vulnerability management that traditionally hasn’t existed before.
What are some of the biggest digital transformation trends you are anticipating for the remainder of this year, and into 2023?
One of the largest trends I anticipate continuing throughout this year and moving into 2023 and beyond is inarguably software supply chain security. Initially given momentum from the Cybersecurity Executive Order Sec. 4, we’ve seen a slew of guidance from organizations such as NIST and CISA.
Now that has matured into requirements from the Office of Management and Budget in various memos which will force federal agencies and departments to mature their cybersecurity supply chain risk management and software supply chain security. This includes how they demand secure software from suppliers, along with higher levels of transparency that typically didn’t exist in the software supplier ecosystem.
Another key trend that will certainly continue is the government’s push towards zero trust. Obviously tied to the cyber executive order, we have now seen a federal zero trust strategy from the White House and also a zero trust maturity model from CISA. Agencies are now working to codify their zero trust strategies in line with this overarching guidance and utilizing industry best practices and success stories to do so. Success on both C-SCRM and zero trust will require a cohesion of effort across government and industry.
How do you hope current or ongoing digital transformation initiatives positively impact the organization and its customers?
We hope that our current and future initiatives will empower the federal government to deliver secure and resilient digital services to their stakeholders. This may be citizens relying on critical services from federal civilian agencies or mission owners and warfighters relying on capable services to keep pace with near-peer adversaries and ensure national security. We’re a proud member of the Digital Services Coalition, which is a like-minded set of organizations striving to redefine how the government does digital.