“During FedInsider’s ‘DevSecOps Sharpens the Tip of the Spear’ virtual event, David Vergano, systems development division chief for the Bureau of Information Resource Management at the U.S Department of State, said his agency moved to the cloud over the last few years, which allowed it to ‘more easily bridge what were these previously separate environments.’
‘That cloud backbone has started to make it… technically, what’s possible. Now we have to think about how we can change our groups, our Dev, our Operations, and our Security, really to work together on these solutions in a more cohesive manner,’ Vergano said…”
“However, before racing to move to the cloud, Vergano urged agencies to first have a clear idea of why they are adopting cloud services, and to become familiar with the General Services Administration’s FedRAMP program to make the process easier.
For the State Department, Vergano said the impetus to adopt cloud services was to ‘take advantage of defense and depth offered by the cloud [and] put some responsibility for some controls onto the cloud platform.’ Additionally, cloud adoption allowed State to pay for servers only when they were running them, instead of all day long.
As for FedRAMP, he advised agencies to ‘be incredibly familiar with FedRamp’ and to look for tools that are FedRAMP certified, which Vergano said would ‘smooth out the path to acquiring things in the cloud.’…”
“’Be ready to make more changes than you plan for, and possibly be ready to share control over functions that may be previously you had control over,’ Vergano said. ‘Really go into it expecting it to be a partnership, and I think you can find success with it [DevSecOps].’…” Read the full article here.
Source: Cloud is ‘Backbone’ to DevSecOps, State Dept. Expert Says – By Grace Dille, July 9, 2021. MeriTalk.