The GSA release of significant program changes to FedRAMP in 2016 is in line with an increasing appetite for cloud computing and the increasing federal policy emphasis on cybersecurity.
By Selena Brady and C. Joël Van Over, Pillsbury Winthrop Shaw Pittman LLP
Federal spending on information technology and cybersecurity continues to increase. Federal spending on information technology has exceeded $80 billion for several years and the fiscal 2017 federal budget seeks almost $90 billion. The administration reports that it will spend 8.2 percent on cloud computing, and invest $19 billion in cybersecurity, which includes retiring old information technology systems and moving toward more secure systems. The General Services Administration (GSA) recently added a cloud computing service category to its Schedule 70 (SIN 132-40), and technical refresh awards for Schedule 70 contractors, focusing on this service category, are ongoing. GSA also plans to issue its long-awaited, government-wide, multiple-award, indefinite-delivery/indefinite-quantity (IDIQ) solicitation this year. This solicitation, known as ‘‘Cloud Config,’’ will include a robust array of cloud services, and will likely require FedRAMP compliance.
As the federal government’s need for cloud computing services continues to increase, and contractor IT systems expand the use of cloud services, many federal contractors will either provide cloud computing services to the government or use cloud computing services when performing a federal contract. The federal government requires secure contractor IT systems and secure cloud offerings.
Information or data is the crown jewel for many organizations. While breaches at big corporations such as Target, Sony, and Home Depot make the headlines, small and mid-size businesses are still prime targets for hackers. These businesses are especially vulnerable as they don’t have many of the security measures found in large companies. They have to worry about perpetrators breaching their network through network devices or back doors, as well as employees knowingly or unknowingly handing out information to the attackers. The risks associated with security incidents can be damaging and can include financial, reputational, and operational setbacks. Small and mid-size organizations are increasingly embracing the need for a sound cybersecurity strategy that sets a foundation to combat cyber risks and recover from security incidents in an efficient manner.
Originally posted on March 16, 2016 by Helios HR
It’s Wednesday morning and we have heard from three clients this week alone who have been victims of a W-2 Phishing Scam. Unfortunately, in these situations, here at Helios, we were contacted to help with the aftermath. We would much prefer to be a part of the proactive solution. Here is more information about this particular scam and what you can do to protect yourself and your company.
From: Government Executive
The coming year in the federal contracting market highlights an interesting tension between the opportunities that new technology and big data bring, and the challenges of budget uncertainty and industry consolidation. Big data and cybersecurity are fundamentally changing the way both agencies and contractors do business. The landscape is further complicated by agency use of Lowest Priced Technically Acceptable awards and unprecedented merger and acquisition activity. Cybersecurity spending will continue to climb, but in other areas, Govini predicts continued downward pressure on pure services businesses.
On December 18, 2015, Congress passed, and the President signed, a year-end omnibus spending package which includes the Cybersecurity Act of 2015. After years of debate and failed attempts to pass legislation in both the U.S. House of Representatives and U.S. Senate, the Cybersecurity Act includes, among other things, long-sought procedures and protections to facilitate the sharing of information about cyber threats between the federal government and private entities. In addition, the Act clarifies private entities’ authority to monitor their networks and to engage in limited “defensive measures.” The Act reiterates the voluntary nature of covered activities, and disavows any intent to create new regulatory authorities.
Supporters of the Cybersecurity Act believe that increased, voluntary sharing of cyber threat information and other cooperative activity will allow both government and the private sector to respond more quickly to either mitigate or prevent ongoing cyberattacks.