MCP Podcast Network Episode 9: Cloud Services for Public Sector Organizations
Mission Critical Partners' informational podcast series features the firm’s subject-matter experts and other industry leaders exploring a wide range of timely topics pertaining to mission-critical communications.
In this episode of the MCP Podcast Network, we present a high level overview of cloud implementations for public sector organizations. We are joined by two Amazon Web Service (AWS) industry thought leaders, John Persano, senior business development manager, and Gigi Boehringer, solutions architect. Eric Caddy, vice president of network and 911 services, and Gary Pulford, the director of product management, both from MCP, also are featured.
About the Speakers
- John Persano, senior business development manager at Amazon Web Services, John focuses his efforts on innovation within the 911 community and between emergency communications personnel and technology companies. Prior to AWS, John was a public safety Engineer for SAIC under the Interoperable Communications Technical Assistance Program where he designed, led, and evaluated public safety exercise and training events throughout the United States. In addition to his training and exercise duties, John assisted the responder community with requirements development, technology identification, and technology adoption. John also spent years providing consulting services in the fields of intelligence, emergency management, and operational design to law enforcement agencies, intelligence centers, the Department of Energy and Hyatt Hotel Corporation. Formally trained as a Naval Aviator and intelligence officer John has spent nearly 29 years serving on active duty and in the Marine Corps Reserves as a helicopter pilot, civil military integration officer, intelligence officer, liaison officer, and civil affairs coordinator.
- Gigi Boehringer, Solutions Architect from Amazon Web Services, Gigi focuses on the GovTech space where she is the technical advisor for private companies who are developing industry leading technology. She is also an AWS Analytics Specialist and spent the past two years focusing on Covid19 related projects for the Government sector.
- Eric Caddy, Vice President and Director of Network and 911 Services, Eric is a PMP with extensive experience managing statewide and regional NG911 projects, including strategic planning, budget planning, stakeholder engagement, consensus building and implementation oversight. Eric brings more than 20 years of emergency communications experience to MCP, leading technical and operational public safety projects for the military, state and local governments. Eric has the ability to enable communications between diverse stakeholders with competing priorities to achieve project success for clients. He has served numerous California agencies, including the State of Nebraska, the State of California, the State of Arizona, the City and County of San Francisco, the State of California, The El Paso–Teller County 911 Authority, and the San Diego Urban area Security Initiative (UASI).
- Gary Pulford, the Director of Product Management at MCP, Gary has extensive senior-level experience in sales, business development and marketing. His skills include leading sales team strategies to support state and local governments and guiding the team by removing roadblocks, leading initiatives and overseeing the entire sales cycle. He creates a vision and utilizes his skills of collaboration to achieve successful outcomes. In addition, Gary has consulted with state and local agencies on broadband expansion for Smart City initiatives.
- The episode is moderated by Glenn Bischoff, MCP content specialist and former editor of Urgent Communications and Fire Chief magazines.
Cloud Services for Public Sector Organizations — Episode 9
Announcer:
Welcome to the Mission Critical Partners Podcast Network. Today, we're discussing with industry thought leaders how public sector organizations are evolving and how the transformation will result in improved outcomes in the communities they serve. The MCP Podcast Network work is hosted by former journalist and current MCP Content Specialist Glen Bischoff. Here's Glen Bischoff.
Glenn Bischoff (host):
Greetings and welcome to the MCP Podcast Network. Today, we're going to be presenting a high-level overview of cloud implementations for public sector organizations. It's now my great pleasure and privilege to introduce our guests for today's podcast, starting with John Persano, Senior Business Development Manager; Gigi Boehringer, Solutions Architect from Amazon Web Services; from Mission Critical Partners, Eric Caddy, Vice President and Director of Network and 911 Services; and Gary Pulford, the Director of Product Management at MCP. Welcome to you all, thank you for joining us. Without any further ado, we'll just jump right into the topic questions. The first one is this, and John Persano, I'm going to come to you first. What advantages do cloud implementations offer to public safety and justice agencies?
John Persano:
Sure, well, I think there's probably four areas that we'd wanted to hit on very quickly there. The first would be the high availability, scalability, and security as one general kind of bucket of topics. With the cloud, your availability could be pretty dramatic compared to on-premises, as well as the security protocols that are associated with how cloud architecture is developed. The other aspect of that is in the scalability. I think we're going to talk a little bit more about this, but to hit on it quickly is as you require more compute power, more storage power, more access, you could scale that up and scale that down very quickly. Another aspect that would be beneficial to public safety agencies is taking some of that general workload off the IT personnel. By having cloud services, some of your regular IT maintenance, and other things that take up a pretty significant amount of time for your IT folks, that gets pushed off onto the cloud provider, which allows your IT personnel to really focus on innovation and really focus on supporting the users that they're there to support via the county agencies, the 911 centers, police, fire, or rescue.
And then lastly, probably one of the newer aspects that we're really focusing on a lot when we discuss cloud services for public safety is that remote work and the remote aspect of being able to work from just about anywhere. And I think COVID really opened our eyes. Prior to COVID, it was always, "Can't do it. I have to be in the physical building, I have to be here, I have to be able to touch, see, and smell." I think COVID taught us a lot of lessons about what's really in the realm of the possible when it comes to remote work, and it's very, very challenging to do that if your applications are not in the cloud.
Glenn Bischoff (host):
Thanks, John. Those are a lot of advantages. Eric, I'd like to come to you next. What do you have to add to what John said?
Eric Caddy:
Yeah, thanks Glenn. John touched on a lot of the big ones, and you know I'm going to focus on probably an additional item. Sorry. The additional item I'd highlight, and it touches into the scalability piece, is the rip and replace. In public safety, for many years, it's, "Hey, I'm getting ready to do an upgrade on my solution, and I need all hands on deck at 2:00 a.m. this morning, because that's when the bar shuts down, and we start to move into our window of opportunity to perform an upgrade before the morning traffic routine starts." And I think with cloud implementations, I believe what public safety will benefit from is those seamless upgrades that are happening behind the scenes. As long as your architecture and your selection with how you designed your solution is appropriate, it will help with those aspects. John touched on a lot of the other ones, but that's one that's specific that I think will benefit public safety.
Glenn Bischoff (host):
Thanks, Eric. Gigi, do you have anything to add to what John and Eric had to say?
Gigi Boehringer:
I think just one more piece I'd add to that is the pace of innovation that you can take advantage of. So, we're seeing so many companies pop up and really gain traction with new technology focused on public safety and justice agencies. And, with using the cloud, you're then able to take advantage of those much more quickly and even test them out, see how it works for you, see how it works for your people before moving on or staying with it, and really letting it take hold in your agency.
Glenn Bischoff (host):
Awesome. Thank you, Gigi. Gary, I'd like to, last but not least, bring you into the conversation. You're part of our Data Integration Services team here at MCP. I'm wondering if there's anything you can add to this from that perspective.
Gary Pulford:
Yeah, the framework of cloud helps innovate that and advances the ability to integrate platforms together. I would add the other aspect of a good cloud implementation. Also, it will enable your cybersecurity aspect of it and offload some of that won't have to be handled by the local IT staff.
Glenn Bischoff (host):
Great. Thank you, Gary. Let's move on to the next question, and Eric Caddy, I'm going to come to you first. On a high level, what are the most important factors to consider when determining whether to pursue a cloud implementation?
Eric Caddy:
Thanks, Glenn. So, I think one of the things we really have been thinking about, especially in public safety and especially with our role in public safety from a consultative perspective, is as public safety clients are looking at cloud and whether or not to adopt cloud, I think a couple things, the technology is great and Gigi highlighted the, I didn't even think about that, but the pace or the ability to bring that technology in seamlessly is great. But I think something that I've talked about before, real important from a public safety agency perspective, is to consider governance. So, how are they managing that deployment and policy, are they permitted to? That's one thing I know as a technologist you will see those new applications that are coming out, but an agency needs to consider how does that supports their mission? How are they going to govern that application or the use of that new technology? And then, what policies are they permitted to use cloud services?
You know, I've worked with organizations where there might be some restrictive policies around that. We're seeing obviously changes in that but making sure that the agency understands what they are and aren't permitted to do when it comes to a cloud deployment, I think, is where it's a piece that has to get asked early on in those projects.
Glenn Bischoff (host):
Great. Thank you, Eric. John, I'd like to go to you next. What do you have to add to what Eric said?
John Persano:
Yeah, I think the two aspects are, first of all, connectivity. You know, when you're looking at going to the public safety entity has to ensure that they have the right amount of connectivity that's required to perform the actions that they want to do within the cloud. A lot of that that were aspects where everyone can help the public safety entry is helping define requirements. So, when people talk about going to the cloud, what are they trying to do in the cloud? Are they trying to put mission-critical applications in the cloud that are going to require very high levels of reliability and availability? Or are they looking to the cloud to maybe do analytics or do other services for their public safety entity that may require a little bit less bandwidth, a little bit less latency? Helping public safety identify the true requirements and then cross-reference that against the connectivity requirements I think it's a big aspect where the entire group can assist with.
Glenn Bischoff (host):
Great. Thank you, John. Gary, I'd like to come to you next with that question. What do you have to add?
Gary Pulford:
I concur with both Eric and John. Establishing those requirements and how you're going to actually implement are just critical factors in getting a good cloud environment and solution.
Glenn Bischoff (host):
Okay. Gigi, your turn.
Gigi Boehringer:
To build off a bit more on what John said, I think connectivity is becoming a huge factor that has popped up quite a bit over the past year. So, you need to be able to access it in order to use it, right? So, focusing on improving connectivity, if that is something that is a bit of a restriction, is going to be step one before you're even looking at really connecting to the cloud. If that's something that is a bit of a challenge in this space, especially with people like John who are working hard at this to help improve that. We're working on partnerships. Cloud companies, in general, are working on partnerships and creating services that can make a big impact there and help you solve that connectivity problem, so you do have the opportunity to use those cloud services.
Glenn Bischoff (host):
Who drives that enhancement of connectivity? Is it the client, or is it the cloud provider?
Gigi Boehringer:
I think John probably has a good perspective on that.
John Persano:
Yeah, I think you know that's a great question. It's a combination of both. I think on the public safety entity, they need to understand and appreciate what the requirements are and for what level of connectivity they need. And then between their traditional telcos, other providers, and the cloud providers all working together to ensure with industry entities. There's industry entities out there that help ensure double, triple, quadruple redundancy for connectivity requirements. So, I think it's really a team effort of having to bring all these disparate entities together. And really, folks like MCP, you know, making folks aware of what's out there, what's in the realm of the possible to help solve these connectivity challenges.
Glenn Bischoff (host):
We've heard the word "Requirements" a couple of times in the last minute or two. And Eric and Gary, I wanted to come back to you guys and just see what thoughts you have about ensuring that requirements are identified in a way that ends up in an optimal implementation.
Eric Caddy:
Yeah. Gary, if you want, I'll take the first crack.
Glenn Bischoff (host):
Sure.
Eric Caddy:
You know, that's really an interesting aspect because when you think about how public safety agencies typically procure solutions, all right, they're looking at the solution they're trying to provide. Whether that be a CAD system, call-handling system, or RMS system, typically, they're going to look more from an operational perspective at what they are seeking in that solution. And what I think we start to see is this space where a public safety agency is defining their operational needs or their use cases for what they're trying to have the system or solution [inaudible]. Behind the scenes, you start to see vendors utilizing cloud services to host these applications. So, I think from a public safety agency in a requirement set. They need to be very clear if they have restrictions around the use of cloud services. They need to be defining those within those requirements or asking vendors to expose what is their usage of cloud platforms. Because the piece John brought up about connectivity is absolutely critical. So, if you have a provider who's bringing a solution to the cloud-based solution, and you have limited connectivity, you're going to really run into a problem from a public safety agency perspective.
Glenn Bischoff (host):
Makes a lot of sense. Thanks, Eric. Gary, do you have anything to add to that?
Gary Pulford:
Yeah, to add on what's been stated already, having good data privacy policies and good application policies for access in administration is critical from an access standpoint. Understanding what type of latency your applications are going to require and what amount of redundancy in your access you need, whether you need dedicated access directly to the cloud, or if VPN connectivity when the internet is sufficient. You know all cloud implementations have a lot of flexibility in how you want to implement that, or even in a hybrid environment.
Glenn Bischoff (host):
Right. Thank you, Gary. Let's move on to the next topic question. Gigi, I'd like to come to you first with this one. What are the relative pros and cons of the three cloud environments that exist? Which would be native/private, I'm sorry native/public, private, and hybrid.
Gigi Boehringer:
Yeah so, I think each of them have particular benefits, but it's really based on use case, right. So, if you can be native to the cloud, whether that's hosting everything in the cloud, using applications fully based in the cloud, that's going to give you the biggest advantage when it comes to using the newest services, the newest technologies when you're either building an application or if you're using third-party applications. It's especially impactful when you can take advantage of those services that make up your application within the cloud. So, there's all these new technologies that have been built because of cloud computing that are higher functioning, that are more productive, and give the root of those applications that are functionality because of it. That's also going to you drive a large amount of cost optimization for you because you're able to take full advantage of the cloud services when the application's being built, or if you're using a third party, then those cost benefits can be passed down to you.
So, I think those are the main benefits there with native. It is a very particular use case, especially for justice and public safety, to be able to go all-in on the cloud, right. We're seeing a lot of movement towards that, but it takes a long time, and it's not a simple process. So, a lot of times, those agencies are going to need to start with a hybrid format. And that hybrid format would be either OnPrem and in the cloud using a cloud provider or using multiple cloud providers, whatever kind of their situation is at that time. Hybrid is the most [inaudible] I think to balance because you want to make sure those applications are running where they are and not split between two. If you need to have some things OnPrem, you need to use certain applications being hosted with one cloud provider and one with another.
That's a bit easier to balance, but if an application is being stretched between the two, that results in the application really having to lower itself down to the least common denominator. So, whether that's slow networking, having to traverse the internet to get to that OnPrem site to pull data, maybe, as an example, that's going to slow things down, and you lose a lot of those benefits that you get from using the cloud. Lastly, I'd say, when it comes to hosting your own cloud, using a private cloud, or using OnPrem, right, so that private option for agencies, there are benefits there, in the sense that you may only need to have your data close by because you're really functioning within a strict geography for your agency, but bringing it back to kind of those undifferentiated, heavy lifting those costs of owning a data center, renting or owning where it is, the people to run it, the cooling, the electric, et cetera. All those hitting costs are going to be the biggest downside there, in addition to losing out on the constant updates and the improvement of technology.
If you're hosting it yourself, you'd have to have someone come update hardware. You'd have to do massive software refreshes. By letting a cloud agency take care of what they're good at, you're then able to focus on what you're good at and not wasting or spending too much time on that IT. I think, if you're a private company hosting an application, that's where, even more so, there's benefit in the cloud instead of hosting your own using OnPrem, because you can reach even further customers.
Glenn Bischoff (host):
Great. Those are awesome perspectives. Thank you, Gigi certainly covered a lot of ground there, and Eric, I'm wondering, what else can we add to what Gigi had to say?
Eric Caddy:
I'll say Gigi did a great job of covering the pros and the cons across the spectrum. As she was relaying that story, I was thinking of a client that I worked with and worked with for many years, and they're very much in the private space, but the differentiator there is they have a very strong IT staff who is very skilled in virtualization, and so I think that's really the key, and Gigi called that out. You know, if you go to the private space, you've got to have the staff to support that. The cloud is opening up those opportunities, and I like the way Gigi put that, shift some of those skills that aren't really, you know, public safety you're there to provide a service to citizens that you are really good at, that you've been trained at, and so IT typically is an other duty as assigned kind of thing, in a lot of 911 centers. So, It's a great opportunity to look at as a way to shift some of those things to a cloud provider who that is their specialty.
Glenn Bischoff (host):
Great additional thoughts, Eric. Thank you. Gary, what do you have to say?
Gary Pulford:
So I think in the public safety space, because of the amount of time it takes to replace applications, you find yourself in a hybrid situation because you have legacy platforms and applications that just aren't more intended to be moved to the cloud environment. Vendors aren't willing to go down that path. I think the other aspect of on more the .gov cloud is if your applications require CJIS or certain data restriction requirements, you need to make sure that you're actually applying those appropriate policies, and you're managing those environments the way you need to.
Glenn Bischoff (host):
Very good, thank you. John, do you have any final thoughts on this question?
John Persano:
Yeah, the only thing I'd like to throw in is reiteration on the compliance aspect of it and how being in the cloud affects that. And then I think for the group, we all appreciate and understand public safety's reticence to move to the cloud. And I think, looking at it as a [inaudible] and understanding that most people are simply not going to jump right in 100% and that there may be stages along the way and hybrid may be one of them, is to not discourage that, and encourage all possible disaster recovery backups. You know, little ways to ease yourself into the cloud, so they become more and more comfortable with that, and then they begin to realize the benefits internally and the call savings, security, and the innovation to Gigi's point.
Glenn Bischoff (host):
Thanks, John. So, we've heard from all of you a little bit about public safety's reticence toward the cloud, and I want to move into the next phase of the discussion, which is to talk about some of those areas of concern. You know, one concerns data storage, and the question here for the panel is, which entity, the cloud provider or the agency, is responsible for data storage, and how does that work? And Gigi, I'd like to start off with you again.
Gigi Boehringer:
Absolutely, so it's kind of a half and half, in the sense that cloud providers are going to give you the ability to store your data in whatever format works best for that data. So, that's a massive upside to using the cloud for that. You can choose really purpose-filled databases based on what type of data, if you need an object store, versus a sequel store, versus non-sequel, or nonrelational. There's different options, and that continues to grow. So, that piece is going to be by the cloud provider. They're providing you with the options. Agencies are then going to be able to take advantage of that and use that to properly, and this is kind of the hard part, to clearly really do that in a way that is helping them cost-wise because you can gain a lot by using cloud storage that is flexible and scalable. You're really only paying for what you use, but then security-wise, that's the big weight on the agencies, where they need to be making sure that they're securing the data properly and following if they have compliance requirements, those requirements while storing them.
Glenn Bischoff (host):
Thank you, Gigi. Gary, I'd like to come to you next because you pretty much work in the data realm just about every day as part of MCP's Data Integration Services team. So, what are your thoughts regarding data storage?
Gary Pulford:
So, I agree with Gigi. It's kind of a split between the cloud provider and, you know, the customer themselves and what their policies are. I believe the cloud gives you the advantage of moving a lot of legacy data off legacy platforms, like old mainframe systems, putting it in the cloud, applying machine learning different applications to get more intelligence out of old legacy data. Also, not necessarily having to do data conversions, but just provide access through the current applications to that data itself, going through this timely, costly process of doing data conversions.
Glenn Bischoff (host):
Mm-hmm (affirmative). Thank you, Gary. Eric, what would you have to add?
Eric Caddy:
Yeah, well, both Gigi and Gary have made really good points. You know, this kind of ties back to something I said earlier. You know, when you think about how public safety deploys systems and solutions, this really becomes a multi-layered type situation because the public safety agency data that is stored within a system. Think about a CAD system or call-handling historical CDR data. All right, so to have that in the cloud, yes, I agree, it definitely uploads that from machines that are being maintained by the agency, but I think Gary brought up a point, you really have to be cognizant of policy, and you know, especially in public safety right. What are public records requests going to look like? And you need to be thinking long term about that data storage because as we know, there are multiple [inaudible] providers out there, there are vendors out there. So you really, in that requirement's going back that part of the conversation. You need to make sure you have an understanding of kind of what cloud provider is your vendor using and where is your data stored? How do you have access to that data long-term for years down the line? Because you may have retention policies that require you to keep that data from maybe five up to 10 years, so if somewhere in the middle of a deployment or a solution, you decide, you know what I'm going to move from vendor A to vendor B, and that means my data needs to move from this cloud provider to that cloud provider. So you just need to be thinking those things through long term and have a plan.
Glenn Bischoff (host):
Thank you, Eric. John, again, I'm coming to you last, and I apologize for that, but I'd like to, you know, make sure you get an opportunity to chime in. What do you think about this data storage issue or question?
John Persano:
Sure, the only thing I'd like to add is when we start talking storage, I think that's really where we can talk about some of the greater benefits of the cloud and as if people store their information in more easily accessible buckets, that allows information exchange and data interoperability at a scale that simply isn't replicable when all the data is stored on-premises. Those security requirements that Gigi was alluding to that will allow people to still retain the security of their information, but you're starting off from a [inaudible] that allows much more interoperability if you choose to do so. If you choose not to, fair enough, but if you choose to do so, you can still have the same security requirements and have a much higher level of information exchange and interoperability.
Glenn Bischoff (host):
Thank you, John. That's a nice segue to the next question, which concerns whether cloud implementations are secure and accessible 24/7. Eric, why don't you start with this one? What are your opinions on this?
Eric Caddy:
Excellent. Yeah, so I think, clearly throughout the major cloud providers, from an accessibility standpoint, you know, we have the experts on the call with us here, but I understand the way that most cloud providers are setting themselves up is a multi-zone approach. So from an accessibility, 24/7, clearly with appropriate connectivity, your applications will be available to you. Security within the cloud, obviously, is a responsibility of the cloud provider. Something agencies need to think about is, first of all, ensuring that their application provider has designed it in such a way that it is secure from that point of demarcation at the agency because the agency still owns the security OnPrem for that equipment or that access. So, that's the piece of the puzzle that an agency becomes responsible for. Once the [inaudible] say to a transporter of that data if you think about an ESInet provider in the Next-Gen world. So, who owns that transport, so that the agency's going to need to consider the security in the transportation of, and then make sure that the cloud provider on the back-end has appropriate security measures in place? But I think the general answer is, yes, they are secure and accessible, but it still is making sure that you understand that from an agency perspective on how you're managing that.
Glenn Bischoff (host):
Thank you, Eric. John, what are your thoughts?
John Persano:
You know what, I'd like to defer to Gigi from our side, as this is more directly in her specialty area.
Glenn Bischoff (host):
That'd be great, and Gigi, as you do that, maybe peel back the onion just a little bit and maybe talk about some high-level, some specific tactics that cloud providers use to ensure accessibility.
Gigi Boehringer:
Absolutely. So, accessibility-wise, you are able to architect for 24/7 access very easily, and what that means, kind of a little bit under the covers instead of just buzz words of what you want to hear, right, is that you can be in multiple availability zones within a region. So, you can be on the East Coast, but in logical data centers many miles apart on different floodplains, West Coast, different tectonic plates. You're able to give that physical 24/7 uptime because those data centers are in places and stretched across regions in ways that, maybe if you are OnPrem, you could not do for yourself. So, you automatically get a benefit there. In addition to that, when it comes to what the cloud providers are able to promise because of their histories with uptime, there's always going to be an even further [inaudible] compared to what you can provide to yourself, just because of the economy of scale that they're providing. There are more servers to choose from. If something goes wrong, it can switch to another one, for example. So, you're no longer thinking about servers as house plants, is one way we say it. You think about them as crops for applications that are running on them. You're able to move on to another one and kind of just keep the motion going.
Lastly, I'd say working with when you are using an application, working with that third party to understand how they're architectured for disaster recovery is going to give you a lot more confidence in that 24/7 uptime or whatever they're able to promise with SLAs. Though that's a big factor, I think, that we'll give you confidence in the 24/7 access, but then better understanding it to ask for what you need. So, bringing it back to those requirements that we spoke about in the beginning of the conversation. Saying we expect this SLA, what can you provide for us? What does that look like, and maybe what needs to be done to ensure that's possible and you're getting what you need as an agency?
Glenn Bischoff (host):
Great, Gigi. Thank you. Gary, what final thoughts do you have on this question?
Gary Pulford:
So, the accessibility from a technical standpoint, I think, is pretty straightforward in how you can approach it. I think the importance, especially when it comes to the public sector and public safety, is making sure you have the data privacy policies put in place on accessibility you know role function to make sure that those who are getting access to data are actually the appropriate folks that need to have access to that data.
Glenn Bischoff (host):
Thank you, Gary. So, our next question concerns open architectures, industry standards, industry best practices. Do all cloud providers leverage them? Gigi, why don't we start with you?
Gigi Boehringer:
Yeah. So I think when it comes to industry standards, and you know, architecture, there's this general idea of a cloud provider providing you with everything you might need to be successful, right. So, cloud providers are going to have an endless amount of compliance programs that you should check with them on or check with the application provider you're working with on that will help you immediately start to meet those industry standards based on your requirements for your agency. When it comes to open architectures, if you're building your own applications, that's going to be a slightly different topic, but overall, a big benefit in the sense that there is so much content online provided by the cloud providers of recommended architectures recommended security best practices. Well architectured pillars, even, that you should be following when it comes to governance and things that we've talked about during this conversation that are so important to security, but also accessibility and durability over time with anything that you might be building.
In addition to that, I'll just add that people like myself work on account teams and cloud providers all have them. Where you generally will get access to specialists, or at least support that can point you to specialists, who will also help you with best practices and help you better understand if you're starting a little bit greener, where to go, and how to get started to [inaudible] those standards.
Glenn Bischoff (host):
Thank you, Gigi. Eric, what are your thoughts?
Eric Caddy:
What Gigi said. I mean, she's the expert and Gigi, I really appreciate your time today because, you know it's, from an outsider's perspective, you know I understand with the years of being in public safety, but you're the expert when it comes to the technology. You know, generally, we all understand the concepts and virtualization at the heart of it and scalability. You know, I think, the architecture's there, and it's going to come to that agency working with their selected cloud provider and in defining those things. And as Gigi highlighted, and you know, relying on or working with those architects that are provided to develop the best solution for you with whomever you're working with.
Glenn Bischoff (host):
Thank you, Eric. Rest of the panel, is there anything to add, or should we move on to the next question?
Gary Pulford:
I think we're good.
Glenn Bischoff (host):
All right.
John Persano:
Glenn, one thing I'd like to add on that is-
Glenn Bischoff (host):
Sure.
John Persano:
This takes us back to one of the very first points we made, and there are a lot of phenomenal IT folks in public safety, but all but the most large agencies are going to have a challenge keeping up with the innovation, and the expertise, and everything that happens within the industry. And that's a huge benefit of the cloud because there are experts such as Gigi and her counterparts that this is what they do, and they do it on a scale that's very challenging for almost all but the very largest public safety entities to do.
Glenn Bischoff (host):
That's a great point, John. Thank you for adding that. So, we're nearing the end of our time together. We have one last question, and it concerns the FedRAMP and StateRAMP certifications. And Gary, I'm going to come to you first. I'm going to first ask you to explain how FedRAMP and StateRAMP are different from each other and then speak a little bit about why they're important.
Gary Pulford:
So, FedRAMP has been around for a while. It's a security framework for cloud environments that enables you to have your platforms, your cloud environment certified that it meets all the security requirements from it.
Glenn Bischoff (host):
Who's responsible for that certification? Who's driving that?
Gary Pulford:
There are third parties you can go to, to actually get FedRAMP certified.
Glenn Bischoff (host):
Is this through a federal agency of some kind?
Gary Pulford:
No, but you have... In order to get FedRAMP certified, you have to have federal agencies as customers. So you, in essence, have to be sponsored by an agency in order to get FedRAMP certified.
A StateRAMP is a relatively recent phenomenon or organization that came together to enable cloud providers to provide a very similar framework, a security framework, but geared more towards states and large cities, which means customers or vendors that don't have federal agencies can still get a StateRAMP certification, which is very similar to FedRAMP.
Glenn Bischoff (host):
Are there a lot of differences in the requirements between the two or?
Gary Pulford:
They're almost clones of each other. So StateRAMP is based off of FedRAMP. The challenge that states were finding is, as they want new cloud service providers to come on board unless they have federal agencies that are customers, they don't have the ability to actually get FedRAMP certified. StateRAMP is a way. There's about 35 states that are actually a part of the StateRAMP program. It's been around for about a year it's still in its infancy, but it's a means for cloud environments to be certified very similar to FedRAMP, that doesn't require that I have to have a federal agency sponsoring me in order to make that happen. The largest of the cloud providers, you know AWS is a great example; they have large federal contracts, so that's not an issue for them.
Glenn Bischoff (host):
Right, right. Gigi, what are your thoughts regarding these certifications?
Gigi Boehringer:
I think, from my perspective, it's a bit focused on what you can do to make it easier to get them if you need them, right. So, by using the cloud, you're then able to meet compliance and certification requirements. By only focusing on that application piece and upwards, you're no longer having to focus on the infrastructure meeting those certification requirements. So, for example, AWS has taken the time and the many years that we've been alive now to meet those requirements for FedRAMPs of all sorts, CJIS in all 50 states, etc. where you then can at least just focus on meeting those requirements that you need to meet for the application, and not have to worry about the hardware, the infrastructure, etc. and meeting those.
And that's a big lift, I think. It can be expensive to meet those, time-consuming [inaudible], so once you don't worry about that, you worry about the applications, and then you worry about those third parties that would give you the certification, right. So, that's on the agency's side or on the technology application development side to get that confirmed with an auditor, with a certification party.
Glenn Bischoff (host):
Thank you, Gigi. Eric and John, any final thoughts regarding FedRAMP or StateRAMP?
Eric Caddy:
Not from me, thanks.
Glenn Bischoff (host):
Okay.
John Persano:
Nothing on my side, thank you.
Glenn Bischoff (host):
Well, unfortunately, we have reached the end of our time together. I want to thank you for listening in to this podcast. I especially want to thank our panel, John Persano and Gigi Boehringer from Amazon Web Services, and MCP's Eric Caddy and Gary Pulford. Thanks for carving out the time today. Thanks for the awesome perspectives. I know the audience is going to benefit greatly from hearing what you've had to say. With that, I will wish you a great rest of the day, and we hope to see you again soon on the MCP Podcast Network
Announcer:
Mission Critical Partners is a leading provider of data, consulting, information technology, and cybersecurity solutions that are transforming segmented mission-critical networks and systems into interwoven communications ecosystems. Our vision is to improve emergency response and justice outcomes in the ever-expanding markets we serve. Learn more about MCP and subscribe to the MCP Podcast Network at MissionCriticalPartners.com.
Topics: Next Generation 911 Networks, Podcast, 911 and Emergency Communications Centers
Posted on February 11, 2022