This post is a summary from a session at Adapt 2024: Reimagining Our Federal Cyber Future — our second annual one-day conference dedicated to unpacking the complex challenges facing Federal IT, cybersecurity, and operations teams.
Top SaaS marketplace executives share their strategies for balancing growth with agility.
The rapid evolution of Software-as-a-Service (SaaS) within the federal government is cause for both celebration and concern. On the one hand, the explosion of services presents significant opportunities for modernization, efficiency, and innovation. On the other hand, more services can often bog down processes, create potential security risks, and make it harder for agencies to achieve true agility.
It’s a dual-sided coin that Laurie McNamara knows well. McNamara is the Chief Customer Officer and Director of the Market Development and Partnerships Division for the General Services Administration’s (GSA) Technology Transformation Services.
“We are engaging now with over 200 federal government organizational entities, over 400 cloud service providers, and over 40 third-party assessment organizations,” she told attendees at Adapt 2024, highlighting the scope of the GSA’s FedRAMP program. However, “FedRAMP is not as agile addressing the exponential growth of the SaaS industry on behalf of the federal government as we need it to be.”
“We are engaging now with over 200 federal government organizational entities, over 400 cloud service providers, and over 40 third-party assessment organizations."
- Laurie McNamara, Chief Customer Officer and Director of the Market Development and Partnerships Division for the General Services Administration’s (GSA) Technology Transformation Services.
Kim Pugh, Director of the Digital Transformation Center at the Department of Veteran Affairs, strives to balance speed and security as she manages the agency’s fast-growing ecosystem. “The big drive right now is to do it fast and do it well, but do it securely so that we make sure we are doing it in a way that our CIO, our CISO, and our security advocates feel comfortable with the pace that we’re moving at.”
McNamara and Pugh have taken different approaches to their marketplaces’ expansion strategies, but both share the same challenge: finding the sweet spot between growth and agility.
Streamlining FedRAMP for SaaS growth
McNamara is one of the architects of the GSA’s FedRAMP roadmap, which outlines new strategic goals for the well-established program. The roadmap focuses on several key fundamentals, including ensuring cybersecurity excellence and expanding the SaaS marketplace.
McNamara called out adjustments the organization is putting in place to make it easier for SaaS providers to achieve certification and grow the marketplace. “If you’ve ever been through the FedRAMP process, you know that it’s reams and reams of documents that are produced. We want to make the entire process easier for all cloud service providers. So, there are a number of changes that are happening to help streamline and make the process more transparent.”
The ultimate goal, according to the FedRAMP roadmap site, is to scale the process, bring more applications into the marketplace, and make it easier to deliver new features faster.
A smarter alternative to “move fast and break things”
The Department of Veterans Affairs has 317 SaaS applications available in its marketplace. Growth has excelled since Pugh took over management of SaaS and Platform-as-a-Service (PaaS) applications in 2022, in part due to her self-professed propensity to move fast. “Make it iterative, maybe break it a little to see if we could do it a little bit better.”
The agency built its SaaS marketplace a little differently than other organizations. “Most agencies, I bet your CIO heard about this cool new thing called SaaS or PaaS and they were like, ‘Let’s invest some money and do it,’” Pugh said. “What we decided to do, because I was the customer, is they came to me and said, ‘How would you like to get your tools a little bit quicker, a little big faster, and a lot more modern?’”
Pugh attributed the rapid growth of the department’s SaaS marketplace to the advocacy of senior leadership. “Everybody sees the real benefits of being able to do SaaS and PaaS versus necessarily always going custom, and being able to modernize very quickly because of it.”
Finding the right people — and the right carrot
According to McNamara and Pugh, the success of both SaaS marketplaces has been a team effort, requiring the right combination of talent, culture, and commitment.
“If you don’t invest in getting a good combination of individuals that really understand FedRAMP, that really understand your ATO (Authority to Operate) process, that really understand how you do privacy and PTA (Privacy Threshold Analysis) to match that, then it doesn’t matter how much of a desire there is – you’re not going to be able to accomplish it,” said McNamara. “So, we invest very heavily in getting the right people that understand the process to support what we’re doing.”
Part of getting people onboard with the process involves helping them understand how it will benefit them and their work. To that extent, Pugh shared a unique approach that she calls “find the carrot.”
“How do you get an IT group that’s very laid in with some legacy architecture that they can customize and manipulate to want to go to something that they don’t own but is very modern? We gave them a carrot."
- Kim Pugh, Director of the Digital Transformation Center at the Department of Veteran Affairs
“How do you get an IT group that’s very laid in with some legacy architecture that they can customize and manipulate to want to go to something that they don’t own but is very modern? We gave them a carrot,” explained Pugh. “We said, ‘What if we did it faster, safer, and a little bit better – and gave you the credit for doing that?” The approach led to the creation of the department’s highly successful Software Factory, which allows IT personnel to develop cutting-edge services using customized SaaS applications.
At the end of the day, the future of SaaS is in the hands of the people who use and build the applications, said Pugh. “The biggest thing you’re going to have to do is partner. It truly is an ecosystem. And if you can put all the pieces together really well, it’s amazing how quickly you can actually advance.”
