Episode 77
Public Sector Tech Outlook: 2024 Predictions for AI, Cybersecurity and FedRAMP Evolution
What will 2024 have in store for technology development and regulation? Our hosts, Carolyn Ford and Mark Senell, sat down with Roger Cressey, Partner at Mountain Wave Ventures, Ross Nodurft, Executive Director of the Alliance for Digital Innovation and Willie Hicks, Public Sector Chief Technologist for Dynatrace, to discuss their 2024 predictions. Discover what the experts think will occur next year in terms of FedRAMP, AI regulation, Zero Trust and user experience.
Key Topics
- 00:00 Revamping FedRAMP in 2024 leads to changes.
- 06:40 Industry requests FedRAMP High; concerns about changes.
- 08:20 Anticipating challenges but aiming for improvement.
- 11:13 Pushing for reciprocity in government technology solutions.
- 15:15 Ensuring human control in AI military use.
- 19:06 Questioning AI use in defense and civilian sector.
- 25:25 Increased investment in security and product regulation.
- 27:21 Expect more AI news, less legislative involvement.
- 30:30 Observability key for zero trust framework implementation.
- 36:22 Prediction: Citizens will interface with AI technology.
- 37:16 Focus on user experience in government systems.
- 41:03 Election year brings unexpected black swan events.
2024 Predictions for the Public Sector
Revamping of the FedRAMP Program
Ross predicts that in 2024, FedRAMP will be completely reauthorized based on a pending OMB memo that is expected to be finalized in late 2023. This revamp is intended to streamline and improve the FedRAMP authorization process to facilitate faster adoption of cloud-based solutions in government.
However, Roger believes the changes could temporarily slow things down as agencies take time to understand the implications of the new FedRAMP structure on their systems and assess risks. This could require investments from industry as well to meet new requirements that emerge.
FedRAMP 2024: "I think it's going to have a lot of agencies take a hard look at their risk and decide where they want to elevate certain high-valued assets, high-valued systems, high-valued programs, and the authorizations themselves are gonna raise in their level." — Ross Nodurft
Shift From Moderate Baseline to Higher Baseline of Controls
As part of the FedRAMP reauthorization, Ross expects many agencies will shift their systems from a moderate baseline to a higher baseline of security controls. With more interconnected systems and datasets, agencies will want heightened protections in place.
Roger concurs that the increased scrutiny on risks coming out of the FedRAMP changes will lead organizations, especially those managing high-value assets, to pursue FedRAMP High authorizations more frequently.
Increased Demand for a FedRAMP High Environment
Given the predictions around agencies elevating their security thresholds, Willie asks Ross whether the pipeline of solutions currently pursuing FedRAMP High authorizations could face disruptions from new program requirements.
Ross believes there will be some temporary slowdowns as changes are absorbed. However, he notes that the goals of the reauthorization are to increase flexibility and accessibility of authorizations. So over time, the new structure aims to accelerate FedRAMP High adoption.
2024 Predictions: Navigating FedRAMP Changes While Maintaining Industry Momentum
As Ross highlighted, the intent of the FedRAMP reauthorization is to help industry get solutions to market faster. But in the short-term, there could be some complications as vendors have to realign to new standards and processes.
Willie notes that companies like Dynatrace have already begun working towards FedRAMP High in anticipation of rising customer demand. But sudden shifts in requirements could impact those efforts, so he hopes there will be considerations for solutions currently undergoing authorizations.
2024 Predictions on Cybersecurity Trends
Zero Trust Framework
Roger discusses how zero trust architectures are progressing forward in adoption, even though the concept has lost some of its previous buzz. The zero trust memo is still in place, people are budgeting for zero trust and funding is starting to be allocated towards implementation.
As Willie points out, every agency he works with is developing zero trust strategies and architectures. However, he notes these architectures can be extremely complex, especially when adding in cloud and containerized environments.
2024 Predictions: Observability Critical for Security in Complex Cloud Environments
Ross echoes Willie's point that there is an increasing movement towards cloud-based environments. This is driving changes to FedRAMP to accommodate the proliferation of SaaS applications.
With more enterprise environments leveraging SaaS apps, complexity is being introduced. Ross predicts that to protect, understand and maintain visibility across such complex environments with many different applications, overarching observability will become a necessity.
Impact of the Shift Towards Cloud-Based Environments and SaaS Applications
The shift towards cloud-based environments and SaaS applications ties back to the FedRAMP changes and predictions from Ross. As agencies move to the cloud and adopt more SaaS apps, they lose visibility and observability.
Willie predicts observability will become "connective tissue" across zero trust architectures to provide that much-needed visibility across various pillars like devices, networks and users.
The Rise of User Experience in Government Systems: "I think we're gonna see more and more, of a focus on user experience because I believe with all the things we're talking about, user experience could be impacted." — Willie Hicks
Importance of Observability for Visibility and Understanding
Roger concurs that visibility is crucial for security because "you can't secure what you can't see." He notes that observability and understanding where data is and what apps are doing will become a prerequisite for achieving zero trust.
The Importance of Data Visibility in Security: "Well, I think it's gonna become table stakes, if you will, when it comes to security, because you can't secure what you can't see." — Roger Cressey
Carolyn highlights how visibility has been embedded in zero trust frameworks from the beginning. However, Willie predicts its importance will be even more prominent in 2024.
AI and Technology Innovations
2024 Predictions: Navigating AI Promise and Pitfalls in the Public Sector
Roger highlighted the tremendous upside that AI-enabled customer experience solutions could provide for government agencies in improving efficiency and service delivery. However, he also noted that any negative experiences resulting from these solutions would be heavily scrutinized and amplified. This indicates there may be cautious adoption of AI in government during 2024 as agencies balance potential benefits and risks.
The Importance of Reciprocity in Government Technology: "I just hope they have the wherewithal and the focus to push the right people in the right parts of both the Department of Defense and to the federal civilian side to think about how reciprocity impacts their availability in the marketplace technology or commercial technology solutions out there." — Ross Nodurft
Willie predicted there would be carefully orchestrated success stories around AI implementations, supporting Roger's point. This suggests that while innovation will continue, government agencies will likely roll out AI solutions slowly and target opportunities where impact can be demonstrated.
Increased Investment in Security and Product Innovation
Roger predicted that defensive cyber capabilities enabled by AI will draw greater attention and interest in 2024. Willie noted that AI is also being used in more advanced cyber attacks. Together, these trends indicate there will be an increased focus on using AI responsibly to enhance security while also defending against malicious uses.
On the commercial side, Ross predicted venture capital investment into AI will accelerate in 2024, driving constant product updates across language models and other platforms. This rapid product innovation seems likely to widen the gap with public sector adoption.
2024 Predictions: Balancing AI Progress and Governance in the Public Sector
While the panelists disagreed on the likelihood of major AI regulations from Congress in 2024, Willie predicted that high-profile incidents involving AI could build pressure for new laws, even if passage takes time. He and Ross suggested implementation of AI guidance for government agencies is more likely in the near term.
The Future Impacts of AI: "I think that the developers of AI are gonna continue to set the agenda, and the deployers, in other words, all the sectors as well as industry sectors, the developers, the deployers are still gonna be playing catch up." — Roger Cressey
Roger noted that negative experiences with AI in government would also spur calls for regulation. However, he said acting prematurely without understanding the impacts could pose challenges. Together, these perspectives indicate oversight and governance guardrails for AI will increase but could slow adoption if not balanced thoughtfully.
2024 Predictions: AI Policy Progress and Global Technology Leadership
Potential Dysfunction in Congress Impacting Regulatory Progress
Roger points out the significant disagreement between the House and Senate that could prevent Congress from finding common ground on AI regulation in 2024. The divide relates to whether the focus should be on continuing innovation or implementing more safeguards and oversight. Meaningful AI legislation at a national level would require lengthy deliberation and consensus-building that likely won't occur in an election year.
Potential Motivation for U.S. Innovation by China’s Advancements in AI
According to Roger, China's rapid advances in AI development and utilization could light a fire under the U.S. administration and Congress to accelerate American innovation in this area. However, the U.S. policy community also wants to ensure AI progresses responsibly. Roger argues China's AI capabilities could be an impetus for shaping U.S. strategy in 2024, balancing both innovation and risk management.
The Global Race for AI Dominance: "Where China is moving rapidly and creatively on AI development, adoption and deployment will be a jet fuel for motivating the administration and congress to do more regarding how can innovation on the U.S. side regarding AI move quicker." — Roger Cressey
Industry Adaptation to Change
2024 Predictions: Navigating Changes to FedRAMP and Industry Adaptation
Ross discusses some of the challenges the industry may face in adapting to the changes outlined in the anticipated 2023 FedRAMP reauthorization memo. He notes that while the intent of the memo is to streamline and open up the authorization process to allow more applications into the pipeline faster, implementing these changes could initially cause some disruption.
Ross predicts there may be a "learning curve" as agencies and vendors figure out how the changes impact their specific systems and day-to-day operations. This could temporarily slow things down until the new processes are fully understood. However, Ross expects that after this initial bumpy period, the changes will ultimately enable faster movement of applications through the FedRAMP process.
The Government’s Aim to Create a Process for a Smoother Transition
Ross highlights that the government's aim in revising the FedRAMP authorization process is to make it easier for agencies to access and leverage innovative cloud-based technologies. The memo revisions seek to create multiple pathways for obtaining authorizations, rather than just one narrow pipeline that applications must move through.
Discussing the Future of AI: "We gotta talk about, whether it's AI governance, whether it's innovation in AI, it's AI risks, and really understanding how do we balance all 3 of those in a way while we're still moving forward." — Roger Cressey
The hope is that these process improvements will pave the way for more small and medium cloud-based software companies to get their products authorized for use in government. This will give agencies more options and flexibility in adopting modern solutions. However, Ross cautions that in the short-term there may be some disruptions as outlined above.
Predictions for Significant Impact in 2024
In terms of predictions for 2024, Ross expects that the FedRAMP changes, combined with broader cloud migration efforts underway in government, will lead more agencies to request higher baseline security authorizations. Where they may have been comfortable with a FedRAMP Moderate authorization previously, Ross predicts agencies will now ask vendors for FedRAMP High in more and more cases. This will likely impact software providers who will have to adapt their systems and applications to meet the more stringent security controls.
About Our Guests
Ross Nodurft
Ross Nodurft is the Executive Director of the Alliance for Digital Innovation (ADI), a coalition of technology companies focused on bringing commercial, cloud-based solutions to the public sector. ADI focuses on promoting policies that enable IT modernization, cybersecurity, smarter acquisition and workforce development. Prior to joining ADI, Ross spent several years working with industry partners on technology and cybersecurity policy and several years in government, both in the executive and legislative branches, including Chief of the Office of Management and Budgets cyber team in the White House.
Roger Cressey
Roger Cressey is a Partner with Mountain Wave Ventures. He previously served as a Senior Vice President at Booz Allen Hamilton, supporting the firm’s cyber security practice in the Middle East. Prior to joining Booz Allen, he was President and Founder of Good Harbor Consulting LLC, a security and risk management consulting firm.
Mr. Cressey’s government service included senior cyber security and counterterrorism positions in the Clinton and Bush Administrations. At the White House, he served as Chief of Staff of the President’s Critical Infrastructure Protection Board from November 2001 – September 2002. He also served as Deputy for Counterterrorism on the National Security Council staff from November 1999 to November 2001. He was responsible for the coordination and implementation of U.S. counterterrorism policy and managed the U.S. Government's response to multiple terrorism incidents, including the Millennium terror alert, the USS COLE attack, and the September 11th attacks.
Willie Hicks
Willie Hicks is the Public Sector Chief Technologist for Dynatrace. Willie has spent over a decade orchestrating solutions for some of the most complex network environments, from cloud to cloud native applications and microservices. He understands tracking and making sense of systems and data that has grown beyond human ability. Working across engineering and product management to ensure continued growth and speed innovation, he has implemented Artificial Intelligence and automation solutions over hundreds of environments to tame and secure their data.
Episode Links
Transcript
Welcome to Tech Transforms. I'm Carolyn Ford, and I'm here with Mark Senell. Hey, Mark.
Mark Senell [:Hey, Carolyn.
Carolyn Ford [: of the year. We get to do our: Roger Cressey [:Thanks, Carolyn. Pleasure to be here.
Carolyn Ford [:We're happy to have you, and we have a repeat. Recently, we had Ross on to talk about policy. Ross is a policy expert, and his credentials are long. He's currently the Executive Director of the Alliance for Digital Innovation or ADI, and it's a coalition of technology companies focused on bringing commercial cloud-based solutions to the public sector. They focus on promoting policies that enable IT modernization, cybersecurity, smarter acquisition, all the good stuff, like all the things that we need to make public sector and industry partnering better. Prior to joining ADI, Ross spent several years in government, both in the executive and legislative branches, including the OMB and the cyber team in the White House. And as I said, he's an authority on government policies and he is going to give us his predictions today. Welcome back to Tech Transforms, Ross.
Ross Nodurft [:Glad to be here. Thank you, Carolyn.
Carolyn Ford [:And then our other return guest and frequent cohost is Willie Hicks. He's Chief Technologist for Public Sector at Dynatrace. Hey, Willie.
Willie Hicks [:Hey, Carolyn. Good to be here with you and everyone. All the smiling faces. Love it.
Carolyn Ford [: I'm gonna ask Ross about his: Ross Nodurft [: ink it's all about FedRAMP in: Mark Senell [:Do you think that this is going to streamline the processes for those vendors going through the process, or do you think it's gonna actually, have the opposite effect?
Ross Nodurft [:Well, look. I think the intent of the memo is to streamline it. Right? They talk about using commercial systems more. So you're building once and using both in your commercial and your public sector environment. They're talking about, opening up the authorization pipeline, so there are several different ways to get authorizations. But the intentionality is to create a process that allows for what has been an influx of cloud-based software applications that agencies are clamoring to use more and more, whether it's for security for pro, productivity, or somewhere in between, they are folks are looking at the cloud and cloud-based applications and trying to get them through that authorization pipeline so they could take advantage of some of that modern commercial technology. So the intention is to make it better, faster, easier. However, because of how they're rearchitecting the program, people are gonna be looking around at their environment saying, alright.
Ross Nodurft [:Well, I have to determine, which systems and applications I'm gonna need and what they're gonna touch and they're touching more and more things, so there's gonna be, requests for for higher thresholds of security capabilities baked in. It's gonna raise the threshold. People are gonna look at FedRAMP High baseline is that I want that for for this system. I want that for this dataset. So I think we're gonna see a move from, FedRAMP Moderate to FedRAMP High in a lot of circumstances.
Carolyn Ford [: ing to affect the industry in: Willie Hicks [:Yeah. I appreciate that, and I was gonna jump in. We got and, Ross, I we've talked quite a bit and work, love working closely with ADI. You guys do some really great work. And, you know, I may have mentioned this before, maybe not. I see your prediction. I agree with it, and I'll raise, almost like this is a corrugate, but I'll raise 1 concern that I have. You know, from an industry standpoint, at least, I'm super excited to see, as you said, you know, the with the reauthorization and with kind of this relook at, kind of that initial memo and kind of a revamping of that, something that's been needed.
Willie Hicks [:I mean, this has been, inter industry's been asking for this, and, I see a lot of goodness that'll come out of it. And, you know, from a Dynatrace perspective, we've, you know, we've actually kind of already started that that that FedRAMP High process, which you're talking about, we're seeing it from our customers, and we're, you know, we're working towards, bringing our baseline now, up to FedRAMP High. And, you know, one thing that can you know? And I look at your expertise on this and get your kinda your feedback is, you know, as they are revamping the program, we're putting effort already into a lot of work into, kind of this move, to FedRAMP High. Do you think that that's gonna change things that are in flight. You know, if we're in, you know, midstream, and they re and they start making changes to the program, what happens to, you know, pro, companies and industry that's already in process, if that makes sense.
Ross Nodurft [:Sure. And look, I think that's a great question. I don't know that they have a plan, to solve that yet, but I do know that that is something that the government, especially the folks in the program management office and the folks in OMB who are doing the reauthorization are keenly aware of, right, is disrupting current pipeline. They don't wanna slow it down. The purpose of redrafting this memo is to make it make that that soda straw where applications and infrastructure we're going through into a bigger pipeline, right, or multiple, pipeline so that you can get more of a marketplace and more availability so agencies have that choice. So that's why they're drafting the memo, and they want to make sure that doesn't split out. Now you're asking Ross's prediction.
Ross Nodurft [:I think we're gonna have some bumpy roads ahead. I think that the natural tendency for agencies and the natural tendency for the people that are participating and aren't owners of the program but are doing this as kind of a plus one job, to seize up when something changes until they fully understand it, and they understand how it impacts them, how it impacts what they own and oversee, and how it impacts their day to day life. So we're gonna have some stuff to work through, but the intention of the writers is to make it move faster. The focus of the the people who are building out these new pipelines is to make it more accessible and more available, but we're gonna have we're gonna have we're gonna have a learning curve that we have to get over with this new memo. So I could see there being a slowdown before things get faster, but in the end, is it gonna be good for the program? Knock on wood. I hope so.
Willie Hicks [:No. That sounds good. And, Carolyn, you can stop me if I'm going too long here, but that just prompted another question in my mind. And, you know, something else I read, maybe I was over reading into, kind of the memo, but, when I started thinking about, reuse of authorizations and kind of, I guess, being more reciprocal. You know, it's my responsibility for public sector. That's all of public sector. So that's DOD and IC as well.
Willie Hicks [:And one concern that I wanna, you know, see maybe if I've got just a minute here, to get your thoughts on is, you know, our work in the DOD and IC is really often offline. You know, we can deploy our platform and, you know, on premise and offline, and we got all these different, avenues, but I really wanna start seeing more movement into the cloud. I wanna see, you know, being able to support, like, an I04 or higher level with my customers. But, you know, we're investing all this time like FedRAMP High. Is it gonna be an easier ramp? Because, you know, they talk about that FedRAMP High and IO4 supposed to be reciprocal. My experience has been they're not really as reciprocal as you like. Think the memo is gonna help with any of that?
Ross Nodurft [:So, right now, it's not. To be honest with you, I think it's gonna cause a little more, I think so 2 things are gonna happen. Again, in the realm of predictions. First of all, they don't have an answer to that. The DOD doesn't necessarily hear what OMB is trying to do and say this is where we're gonna go to help you achieve your goals, OMB. They're seeing OMB doing it and they're gonna decide whether or not it's good for the Department of Defense as it's happening or after it happens. And that's gonna create create some more friction. Right? I would love to see a cleaner, mapping and pathway, and we've got some folks who sit at that political level that over that are talking to the folks over at DOD who wanna see that too.
Ross Nodurft [: we're gonna have to, I think: Carolyn Ford [: High being the prediction for: Roger Cressey [: ecomes even more important in: Carolyn Ford [: back to you, Roger, for your: Roger Cressey [:So let's talk about AI. So first off, AI will still be the center square in everyone's technology bingo card, so put a big chip on it. Let me state the obvious up front. Second part is I think you're still gonna see the administration stay ahead of Congress in terms of how AI is being examined, how AI is being addressed. What I mean by that is I'm skeptical you're gonna see legislative action by Congress for a couple reasons. One is there's just tremendous disagreement right now, between the House and the Senate and on a whole host of policy issues. I'm skeptical they're gonna find common ground when it comes to AI in general, specifically, the issue of regulation versus innovation, I think, is gonna prevent Congress from moving quickly as well. So whatever comes out of Congress if something does, it'll be at a very high level, that will highlight the need for pushing innovation, but, certainly, we'll try and encourage the Administration and industry to put in some of the guardrails that we've heard about in this space for the past year in a way that's responsible.
Roger Cressey [:What that language will look like will be very difficult to envision. It's bound to be very general. So I think that's the first part on regulation. Second part is the developers of AI are gonna continue to set the agenda, and the deployers, in other words, all the sector agencies as well as industry sectors. The deployers are still gonna be playing catch up. The concern I think many people have is we do not want the developers dictating the agenda on AI in a way that impacts the ability of the policy community, to do what they think is responsible action. So I do believe the developers will continue to set the agenda. Third piece is the national security side of AI is gonna get more scrutiny, as well as it should. Most innovation in the government comes out of the national security side.
Roger Cressey [:The issue of AI being used in the military and DOD is gonna take on more, priority, and it's really gonna come down to how do we ensure a human main is staying in the lethality decision loop when it comes to the use of AI? Side prediction here is, woe be the government agency that deploys AI and ends up with a result that is not what they intended. Scrutiny on that will be very high. So I think a number of agencies will be very careful and cautious in how they use it. But in the DOD side, the human in the loop on lethality and decision-making becomes a top priority. The last part I'll say is on the cybersecurity side. The AI advantage from a defense perspective on cyber operations, defensive cyber operations is incredibly promising, and industry has done a lot of very good work already in this area. So I do think you'll see greater attention an interest in how we can harness AI tools right now and deploy them in defensive cyber ops for securing both the federal infrastructure, but also helping industry do more on critical infrastructure protection.
Carolyn Ford [:Willie? Your response?
Willie Hicks [:So no. I, well, first of all, Roger, always insightful, when I talk to you, and I do have just, you know, a couple of I made comments, questions on the cyber piece, you mentioned the defensive side of this. You know, I was just reading an article the other day, and, you know, very concerning when I start looking at also the offensive, you know, capabilities around, AI and, you know, not just nation states, but you're seeing everybody, you know, being able to utilize AI from all sorts of, you know, just kind of low-level ransomware attacks, things like that to helping, you know, attack the power grid and things like that. You know, I would just say the defensive side, I agree, but I think we're gonna see offensively too, more and more people dipping their toes into, this arena to to use AI for malicious intent. That's just one thought.
Roger Cressey [:So absolutely. And we've already seen it at the low level in terms of more creative phishing attempts, you know, AI-enabled malware, that is just a tad more sophisticated. Certainly, we're gonna see that as companies and governments do more to whether it's implementing zero trust or implementing other defensive strategies. The adversaries, the whole spectrum up nation-state down to the criminal gangs are gonna be looking at AI tools to see how they can better advance their own objectives and agenda. So that fight between offense and defense absolutely will continue. And AI just kinda ups the ante, if you will, in terms of capabilities that can be brought to bear. You know, the challenge always is, we've said for years, the advantage lies with the offense. The question is, can we use AI in a way to give defense more of an advantage? At least reduce the impact of potential cyber events.
Roger Cressey [:And I would say also to help, you mentioned ransomware, using AI to help small, medium businesses, localities at the state level who don't have the resources to deploy a whole host of tools and people use that as a force multiplier for them. And so that's gonna be very important to tease that out a little bit, if you will.
Willie Hicks [: getting better, you know, in: Roger Cressey [: e a higher level, priority in: Carolyn Ford [:I'm gonna ask you, Willie. So what I just heard you say, you talked a lot about, security around AI. So Roger gave his predictions. What would your predictions be for AI?
Willie Hicks [: but I think, you know, within: Willie Hicks [: Maybe not in: Roger Cressey [:So I will, I will support, the amazing Carnac on that on that, prediction in the following way. Without a doubt, there's gonna be a need. I do think that there is a fear of acting too soon without truly understanding the consequences and the ramifications of what action might lead to, where things might move quicker is if there is the quote, unquote, unforeseen event.
Ross Nodurft [:Mhmm.
Roger Cressey [:And that event can take a variety of different, of different forms right now. I do think, actually, the China component of this is very important. Where China is moving rapidly and creatively on AI development, adoption, and deployment will be a jet fuel for motivating the Administration and Congress to do more regarding how can innovation on the U.S. side Regarding AI move quicker. And if that means providing certain, guardrails to assist, absolutely. But that also comes into this in a real, a real interesting way, let's just say.
Carolyn Ford [:I heard you both say that we need guardrails around, like the cybersecurity component of AI, and I'm Ross, tie breaker here before these two get in a full on brawl. I'm just kidding.
Ross Nodurft [: that what we're gonna see in: Ross Nodurft [: t's gonna keep happening over: Ross Nodurft [: re easier to move get done in: Ross Nodurft [: put those chances as low for: Ross Nodurft [:But the commercial space is good. Still getting the rates forward.
Roger Cressey [: hat is the best prediction of: Willie Hicks [:And I'm gonna take that little sound bite and play it for my kids as well because that's the epitome.
Mark Senell [:I mean, you guys, Roger and Ross, you know the legislative, you know, environment much better than we do, but it sure seems like with everything else that's going on, it's probably gonna be less of that and more news made around, you know, AI and things that are happening in AI than it is, you know, any regulation or any type of, you know, government step in, I think that the news might be more about things that are happening in that space and it seems like we don't hear about things that happen on the DOD and the IC side. That stuff's probably been going on for a decade, and you just don't know about it. So I don't know what kind of oversight really has been there or, you know, we'll probably never know. But it feels like Maybe we'll hear about things happening in the civilian side of the pendulum more and maybe around, like, stuff like critical infrastructure that impacts, you know, where we could be making, you know, advances or things like that, you know, as it relates to, you know, the energy grid or, utilities and things like that.
Carolyn Ford [:Alright.
Roger Cressey [:I would only say, Mark, that, you know, where the administration's done a good job with the a with the EO is, you know, it it it covered the waterfront, and it laid out the big categories that we gotta we gotta talk about, whether it's AI governance, whether it's innovation in AI, it's AI risks, and really understanding how do we balance all 3 of those in a way while we're still moving forward. They highlighted it, and they laid it out there, and that was good because that kinda set the table for the conversation and the debate. And so that's the good news in where we're at right now. The process is gonna be slow. There's there's no doubt about that, based on prior experience, but let's just see how it plays out.
Carolyn Ford [: ive us our next public sector: Willie Hicks [: days: Willie Hicks [:I think that what we're gonna see is observability is going to become a key, component for zero trust. And, you know, that that might sound a little self serving, but, you know, in in, you know, complete, you know, transparency. I hear this from from agencies where, you know and this is not even leading them to water, they're they're coming to me saying, okay. You know, we're moving to the cloud. You know, we're trying to build out, a zero trust framework that includes, like, the cloud and how we, you know, are having to operate in those environments, and we've lost visibility. We've lost the the insight into even what's going on there, because, you know, sometimes the system might be up for just a, a few minutes, and then it's down. So I think observability is going to become kind of almost like a connective tissue across all the pillars as they call them, the 5 or 7 or whatever framework you're looking at across all of these pillars around devices and networks and users kind of there's going to be a need for an end to end view of all of those components. And
Mark Senell [:Willie Willie, are you essentially saying in layman's terms, it's going to become simpler? Because over the last decade, zero trust in all its complexity has gotten even more complex. Thousands of vendors out there, confusing the marketplace around what it is. It feels like what you're saying is there's a there's a simplicity in enterprise observability across everything and within context of what's happening where.
Willie Hicks [: ecome, ever more important in: Carolyn Ford [:Ross, I'd love to go straight to you and see like, you're nodding your head, but you're you're not a "Dynatracer". So I want I would really like your your take on that prediction because that's a I mean, that's a pretty big prediction.
Ross Nodurft [:So I'll talk from a more general perspective and the idea of observability and the idea of so couple of things. One, Zero Trust is progressing forward. Now it's it's lost some of its its sheen. It was used to be before AI came over and took the the mantle. It was the buzzword, in the cybersecurity space, but it hasn't it hasn't lost the implementation yet. Right? The memo is still out there. People are still budgeting for it. Money's starting to hit towards it.
Ross Nodurft [:So people are moving towards cloud-based environment, and I've talked about it with FedRAMP. What's driving the change to FedRAMP is the use of SaaS applications. So you're seeing more enterprise environments consuming more SaaS applications on a more frequent basis. What does that mean? That means you're getting complexity in environment. People are asking for applications in one spot, asking for applications in another spot. In order for somebody to protect under to understand, to protect, to to have visibility into their environments, they're going to need overarching observability as the application space proliferates. As more and more SaaS comes into an environment more people are gonna need to be able to see the entire forest and then make sense of that forest. So you're gonna need to not just to see all the different applications.
Ross Nodurft [:You're gonna need to understand what's happening within them, around them, what data is trans is transferring between and among them, Who's using them? So all of that is extremely important. So to Willie's point, I think we're gonna need to see more, move towards more zero trust. And as part of that, they're gonna need to be able to observe the space that that is, rapidly evolving.
Carolyn Ford [: ecome even more, prominent in: Roger Cressey [:Well, I think it's it's gonna become table stakes, if you will, when it comes to security, because you can't secure what you can't see. And getting back to this question of data integrity and, you know, understanding where your data's at, what it's doing, what are the apps doing, If you can't see it, then your approach is fundamentally flawed. So, Carolyn, to your point, you know, CISA identified this early on, which was great. But I think you're now gonna see greater adoption of this concept, by others in the industry because it does become a prerequisite, if you will, to achieving all the other things we look for in a zero trust ecosystem. So I think, I think the prediction that this becomes more of a priority is, is spot on.
Carolyn Ford [:Any last words on this one? I do wanna get to your last prediction, Willie. Anything else to say about this one? Okay, Willie. What's your 2nd prediction?
Willie Hicks [:Okay. So I'll keep this one brief. I know we're up on time here, but, I would say my last prediction kind of ties in everything we've been talking about, and I don't want to just put a nice little neat bow on it, but, you know, when we're talking about AI, when you're, you know, you talked a lot, Roger, about AI and, Ross we also talked about zero trust, and a lot of these keep these initiatives. I think at the center of all of these things are the citizens, are the are the, you know, really the constituents of this country. And if you look at, kind of AI today and things like generative AI. I think a lot of these systems are gonna be citizen facing. Like, you know, we're gonna be more and more citizens Interfacing with, you know, AI chatbots, AI, you know, assistance tooling.
Willie Hicks [: gonna become more and more in: Willie Hicks [: gonna be key, as we move into: Roger Cressey [:You need an AI-enabled, you know, limit on how much cus-user experience can happen in one respective household.
Willie Hicks [:Thank you. I've been working on that.
Carolyn Ford [:Maybe that should be we need to add that in as a prediction.
Mark Senell [:That Willie will get to know the UPS and the FedEx drivers' names, on a personal basis and be invited to their homes.
Willie Hicks [:Get to know. I already know.
Ross Nodurft [:Go ahead.
Roger Cressey [:I was just gonna say, Carolyn, real fast. AI-enabled customer experience, I think, is a real interesting area, particularly in the Fed-civ space, government's gonna pay attention to. The upside is tremendous. The downside and the blast effect blast radius, if there is a negative experience, will be taken by the media, by congress, and others and amplified. So it gets back to Ross's, a prediction of gonna be a little cautious, gonna be a little conservative, but the potential for AI-enabled user, customer experience is incredibly high.
Carolyn Ford [: You think it's gonna go up in: Roger Cressey [:Well, I think the in I think the interest and resource commitment to it. I don't know what's gonna come out at the other end.
Carolyn Ford [:So we're gonna do studies on it.
Roger Cressey [:Yeah. I think you're gonna see a lot of work inside agencies on how do we use these tools to deliver to the citizenry a better product, a more efficient, service, if you will.
Ross Nodurft [: arefully orchestrated wins in: Ross Nodurft [: t when we start to get beyond: Carolyn Ford [:Alright. Any last words here before we close this session? No.
Mark Senell [:This has been really fun. Interesting.
Roger Cressey [: at we have not anticipated in: Carolyn Ford [:Alright. So this has been really fun. We're gonna have to do this more often. I loved the speed that we moved around. The predictions, FedRAMP High, AI regulations, yes or no, observability for zero trust, really moving into the spotlight, user experience and then our black swan events. So thank you guys so much for joining today.
Roger Cressey [:Thank you. Thank you, Carolyn.
Mark Senell [:Thank you. Good to see you guys.
Carolyn Ford [:Thank you listeners for joining Tech Transforms. Share this episode. Smash that like button. We'll talk to you next time. Maybe see you at DoDIIS. Thanks for joining Tech Transforms sponsored by Dynatrace. For more Tech Transforms. Follow us on LinkedIn, Twitter, and Instagram.
