Matt Goodrich, a former executive in the federal government, explains how increased cybersecurity makes technology modernization possible for the U.S. government with the launch of the new Government Cloud Plus product.
Across all industries, our partners face upheavals to the previous way of doing business. With COVID-19 impacting all facets of life, businesses and governments have to adapt their operating models to accommodate these difficult times. This is particularly true for our public sector partners who continue to deliver essential services to keep our government running. Even as we witness this shift, the public sector cannot ignore the real cybersecurity risks the government faces, and while they must modernize and adapt to this new operating model, security continues to be paramount in their decision-making process.
As a former executive in the federal government, my career focused on modernizing the government’s legacy IT by pushing for secure, modern technologies like cloud computing. When I started in 2009, cloud computing wasn’t well known or widely recognized. Less than 11 years later, cloud computing and modern technologies are used at every federal agency, and in 2018, federal agencies spent $8.9 billion, in total contract value, on cloud computing services.
One of the biggest hurdles to cloud computing adoption in the U.S. government has been cybersecurity. The government has some of the world’s most sensitive data and the federal government alone is the largest purchaser of information technology (IT) in the world at around $80-90 billion in spend per year. As the public sector moves to the cloud, security will always be the number one roadblock to widespread adoption — and until recently — the U.S. government couldn’t modernize its most sensitive systems because there was no standard for doing so. Enter FedRAMP.
FedRAMP is the U.S. government’s program to enforce cybersecurity standards and drive cloud adoption through the reuse of security authorizations, a program I helped create and led for 5 years. FedRAMP has evolved since it’s launch in 2011 to now include standards for all levels of cybersecurity under the classified/national security level. When FedRAMP released its requirements for the highest sensitivity level in 2016, it estimated that over 50% of federal IT spend was on these systems, many of which are over 40 years old with no clear path to modernization.
We understand how important it is for our public sector partners to be able to use modern technologies to deliver on their mission, and at the same time ensure the government’s most sensitive data is actually secure. Since our number one value as a company is trust, we live and breathe cybersecurity to ensure trust with billions of secure transactions processed daily. We recently launched our latest offering for the public sector, our Government Cloud Plus environment, designed and engineered to meet the U.S. government’s highest security standard for cloud computing — FedRAMP High.
With this new environment, the U.S. government can now leverage Salesforce for its most sensitive data types. The government defines data, at this level, as information that can potentially impact the life or limb of individuals, the entire degradation of an organization, or financial catastrophe. In simple terms, this means healthcare, law enforcement, financial, and (some) defense data. While the vast majority of high impact systems are located at the federal level at agencies like the Department of Defense (DoD), Department of Homeland Security (DHS), Department of Veteran’s Affairs (VA), Department of the Treasury (USDT), and Department of Health and Human Services (HHS), almost every federal agency has high systems as well.
But this need for security isn’t restricted to the federal government, many state and local governments must follow federal laws for protecting law enforcement, healthcare, and educational data, as well. And, as many of our partners support the U.S. government, at the local, state, and federal levels, this environment grants them the reliability and security they need. Our public sector partners can now use the most modern, up-to-date technology for their most sensitive workloads.
Some of the benefits of using Government Cloud Plus include:
A fully managed PaaS/SaaS
We fully manage the Salesforce Government Cloud Plus environment, allowing our customers to focus on their mission rather than IT. Since we support everything from the latest patch updates and vulnerability scans to the three yearly updates to the platform, we can ensure government agencies (and those who work with them) always have the latest version and are never in an outdated environment.
Highest validation level
In order to achieve a FedRAMP authorization, we underwent a rigorous audit by Coalfire, a FedRAMP accredited third-party assessment organization (3PAO). Coalfire’s audit covered over 400 unique FedRAMP requirements, everything from data center backup generators to encryption capabilities to logging capabilities for access to the system, and of course, penetration tests. Additionally, the audit ensures our system meets rigorous federal standards around features like encryption and authentication. To make sure we are compliant, we will do these audits annually and any time we make major upgrades to the platform.
Provisional authorization by the FedRAMP Joint Authorization Board
The Joint Authorization Board (or JAB), composed of CIOs from DoD, DHS, and the General Services Administration, provides the highest level of FedRAMP review. With their unique perspectives on operations within the U.S. government (external and internal defense, and business), an authorization by the JAB ensures the Salesforce environment is suitable at a high-impact level for almost any federal use case. Additionally, the JAB is responsible for maintaining FedRAMP authorization, freeing up time for the public sector employees who might’ve had to do that work individually.
Fully U.S.-based operations
Additionally, all our Government Cloud Plus operations are located within the United States. Since Government Cloud Plus leverages AWS’s High GovCloud infrastructure, our offering is isolated from non-government systems. For additional peace of mind, we also have a 24×7 team of cleared-U.S. citizens maintaining the environment and responding in real time to any potential threats.
During times of crisis like public sector customers now face, Salesforce is ready to support in whatever way we can. It’s been a long journey since cloud computing began to be adopted by the U.S. government 10 years ago, but with our suite of Government Cloud offerings, we know we can continue to support public sector partners in their digital transformation efforts while maintaining the highest level of security and trust.
Visit our compliance page to learn more about Government Cloud Plus.