Commercial cloud service providers (CSP) and System Integrators (SI) must meet certain compliance requirements to conduct business in US Public Sector. This is a strategic process for any organization to undertake in identifying the correct actions, resource assignments and business justifications to meet those requirements. We’ll describe what that process looks like and provide an overview for your roadmap to business with US Public Sector. Subsequent posts will start diving into the regulatory details and key strategy alignment for the US Public Sector roadmap.
Industry Roadmap (US Public Sector) Opportunity
Navigating the complexities of the US Public Sector IT market is a career in itself. The US Federal Government has one of the largest IT budgets in the world $88 billion (FY 2020 Civilian $51B`~ | DoD $36.7B* – OMB) – cloud services and cybersecurity will play a big role in facilitating IT transformation. This has long been an attractive business proposition for government contractors (inclusive of System Integrators) but also Cloud Service Providers (CSP).
Organizations looking to conduct business with the US Public Sector can be a daunting task when it comes to the cost and business timelines. Are you setting the right business expectations internally, does your leadership have prior public sector experience, do they understand the typical costs and timelines involved with regulated workloads/regulatory approvals?
“Understanding US Public Sector cloud timelines, regulated (cybersecurity) barriers and costs are often under-estimated”
The business world looks bright with the largest IT buyer in the world but CSP’s need to plan well, be persistent and make persuasive business cases internally to be successful.
Roadmap Assumptions (US Public Sector)
Lets cover some basic business assumptions and before we dive deeper.
- US Public Sector (our definition): In general, when mentioning US Public Sector business, we are referring to target IT/Cloud business opportunities within the US Federal Government, State Government and Local Government entities.
- Cloud Service Provider (CSP)/System Integrator (SI): You are a Cloud Service Provider and/or System Integrator looking to do business with the US Federal, State and Local governments. We are assuming that as a CSP or SI, you have the foundational administrative fundamentals such as DUNS, SAM.gov, DSBS, SBA Certification Programs (if applicable), Procurement Vehicles and System Integration Partnerships in place.
- Cybersecurity/Regulations: A part of your overall US Public Sector strategy, you are interested in understanding what cybersecurity regulations could apply to your cloud service offering. Also, looking for a better understanding on product timelines to set the right expectations internally.
What Regulations Should You Care About?
If you want to provide IT/cloud services to US Public Sector entities, your system/s must meet security standards set at the Federal, State and Local level. Let’s take a quick look at some (not all encompassing) of the regulated standards we see for cloud systems and general requirements.
*Please note – at the time of this publication, StateRAMP was not included in the analysis but will be included in future iterations.
US Public Sector Regulations (Timelines)
Timing is a critical element of any cloud service offering. Time to market for that offering is even more important. Regulatory barriers outlined below and technical architecture considerations may be a key reason why you’re not meeting organizational product launch timelines.
What do you need to do first? When do you need to implement it? Should multiple accreditations happen together? Navigating the gauntlet of US Public Sector regulatory and cybersecurity land minds is no small feat.
“Implementation of a cloud maturity model and roadmap is essential for CSP’s navigating into the US Public Sector market”
As outlined in the blueprint mapping above, when considering US Public Sector business, its challenging to understand…
- Business Case Justifications
- Does our product go-to-market strategy plan align with these respective regulatory timelines?
- Does the sales organization have the business pipeline to support the investment?
- What does it cost to build/implement a compliant solution?
- Does our executive leadership team understand the timeline/business runway needed to support this or multi-product effort?
- What does success look like for our organization in the short and long term?
- Regulatory Considerations
- What US Public Sector regulation do you start with?
- What are the key barriers to entry from an architecture and organizational perspective?
- Do we have the internal resources to support the initial and continuous assurance requirements?
- Can we combine multiple regulations into a consolidated approach?
- When does this audit end or are there longer term system considerations?
Summary
Highly regulated industries and cutting-edge cloud technology can be a beautiful thing for IT Transformation and adoption, but you have to plan ahead. Having the right partners (system integrators, resellers, etc..), contract vehicles and cybersecurity accreditations are key factors for accelerated cloud adoption within the US Public Sector space.
Understanding the key tenants of a successful US Public Sector roadmap will serve as a business enabler an accelerator but you need the right experience upfront to minimize the pitfalls.
Ultimately, the executive leadership team needs to develop a strategic industry roadmap for pursuing US Public Sector business. They should also have a firm grasp on the business opportunity, sales pipeline, product go-to-market strategy and the internal investment required to ensure company alignment and business success.
The Industry Roadmap Series (US Public Sector) is targeted to accelerate Cloud Service Providers (CSP)/Government System Integrators (SI’s) business outcomes into the respective industry verticals. Future releases within this Roadmap Series will dive into more detail for each of the outlined regulated barriers above.
