The United States Centers for Medicare and Medicaid Services (CMS) are making significant progress towards their move to adopt cloud services throughout its working system.
According to Deputy Director Shawnte Singletary of the Division of Security and Privacy Compliance under the CMS’ Office of Information Security and Privacy, the focus of the agency’s latest software as a service (SaaS) governance program will revolve around enabling mission areas to adopt cloud computing in an easier and more secure manner.
Singletary explained that her team is currently in the process of determining which would be the best way to manage SaaS products deployed throughout the organization, how to keep track of them, and how to evaluate the risks that they pose.
The team recently identified a tool that would be instrumental in managing the discovery of SaaS within the working environment. It’s a tool that would enable the agency to properly vet and evaluate relevant solutions, categorize them, and gain a deeper understanding of how these are used.
The Importance of Discovery
Discovering SaaS within its environment is a focal point for the CMS in light of the way it has implemented a number of software services in the cloud over the past few years, initiatives made possible via the Federal Risk Authorization Management Program (FedRAMP.)
As Singletary puts it, it is necessary to discuss the specific capabilities that SaaS solutions could offer the agency, as well as the necessary security requirements that should be incorporated at the agency level. At present, her team is engaged in talks with its counterparts as to what they can do to improve management of such platforms throughout the agency.
The FedRAMP Challenge
But what remains a challenge for the CMS as well as other US government agencies making the shift to the cloud is the slow pace at which FedRAMP approves their initiatives. In the CMS’ case, this throws a wrench into their plans to collaborate with remote teams and to allocate tools and resources in a secure manner.
Singletary admitted that, at present, the CMS is still operating remotely and it is highly unlikely that it will return to office work any time soon. In which case, the agency is trying to evaluate the risks of SaaS solutions from a non-FedRAMP perspective to fast track the adoption of cloud services in vital mission areas.
In doing so, Singletary’s team gives these groups the opportunity to adopt unconventional and highly necessary technologies. Nevertheless, the deputy director expressed hopes that they will soon have a more concrete program to enable the more rapid adoption of SaaS tools and solutions throughout the agency.
