When federal agencies pivoted to remote work in March 2020 due to the COVID-19 pandemic, they faced an overwhelming number of options for cloud-based collaboration tools.
Agencies picked tools that worked best for them, but some then faced configuration problems when trying to speak to each other. Some also faced internal communication issues across components and directorates — which then created security challenges.
“Early in the pandemic, I coined the term ‘teleconference wars,’” said James Saunders, CISO for the Small Business Administration, at the ATARC 2021 Cloud Summit this week. Saunders was referring to Microsoft Teams, Cisco, Webex, Zoom and Skype all competing for federal use. “Some security policies were different than others, it was very hit or miss and dodgy early on. Not all Microsoft Teams environments can talk to each other. If I were to reach out to [Department of Homeland Security], sometimes our teams are a little bit incompatible where I might not be able to show my video, but I can talk at least, so that's something we're trying to solve now.”
George Duchak, CIO for the Defense Logistics Agency, added that “it’s one of the big issues we have [at the DLA].”
Because the General Services Administration is so external-facing, choosing the right cloud-based collaboration tool with appropriate security protocols was a high priority at the beginning of the pandemic.
“I took a good hard look at [Microsoft] Teams, but when I realized they had different configurations and not all of them can talk to each other, I said 'oh my goodness, no,'” said Thomas Santucci, director of the Data Center and Cloud Optimization Initiative at GSA. “GSA was very telework friendly before the pandemic. We're all using our internet connection now to go directly to the cloud — there is no security layer. We're adopting TIC 3.0, and that will help significantly [with security].”
To assist other federal agencies looking for more cloud-based collaboration tool options, GSA quickly "FedRAMPed” Zoom.gov for federal use.
“A lot of agencies don't trust the firewalls for Zoom to work properly, so that's still a challenge, but it's certainly better than what we had before,” Santucci said.
Alisha Johnson, a cloud program manager at DHS, said the agency relies “heavily” on Microsoft Teams, but due to hiring freezes during the Trump administration, it suffered a lack of IT resources to help get employees up to speed on cloud-based collaboration tools and cloud security best practices.
For example, when hosting meetings in Microsoft Teams, some DHS officials would try to do a roll call, not realizing they could see a list of all participants in the meeting.
“Going to using Teams as a collaboration tool instead of meeting in person … everyone at DHS, they're not IT specialists, so they don't understand the technology [of] Teams as a cloud-collaboration tool,” she said at the summit. “We had to do some training and awareness to say this is what this tool can provide you without any manual effort. ... Now we're at 98%, if not 100%, leveraging Teams.”
Despite early hiccups, Johnson said DHS’ cloud migration and cloud security adoption accelerated due to telework pressures.
“Here in the cloud … we call it Cloud Factory 2, and the Microsoft Azure platform. We're working closely with CISA to host Continuous Diagnostics and Mitigation,” she said. “CDM is now on our Amazon cloud factory platform, so it's happening. This is something that started after we went out in March and did not stop the work we are doing. Customers across the department who are interested in cloud services — we're able to onboard those customers to our cloud environments. Scalability, consumption reporting and customer service to make sure they're selecting the right platform for their unique requirements [were a priority].”