What are the essential elements of innovation partnerships between government and the private sector to harness the technology that can tackle the toughest problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on.
In the lead-up to the in-person forum in Washington, D.C., we are table-setting a host of big issues that will get serious attention at MerITocracy 2022.
Game-changing innovation rarely happens in a vacuum; rather, it’s the product of very close and conscious collaboration between government and business united by the enduring principles of sharing mission, sharing service, and always putting users first.
The importance of focusing on those principles will be front and center at the American Innovation Forum in conversations with Pentagon Defense Innovation Unit Director Michael Brown, and Will Grannis, CEO at Google Public Sector, on how public-private partnerships done right can work to unlock unbounded tech innovation.
The in-person forum – taking place at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Register today.
Here’s a curtain-raiser from Google’s Grannis with some of his ideas on the essential elements of public-private partnerships geared toward the fight to improve cybersecurity, move to zero-trust security architectures, and secure cloud management.
MeriTalk: Public-private partnerships seem to be a theme in your career, including your work solving national security challenges using big data and machine learning. In your experience, what are the key elements of a successful public-private partnership?
Grannis: I’ve had the distinct privilege of working with the public sector for my entire career, during which I’ve been part of hundreds of public-private partnerships. Three themes stand out as critical elements that lead to success. The first is having a clear shared mission. That’s what brings a diversity of ideas to the table. Whether it is uncovering the mysteries of our universe or enabling effective pandemic response, that key shared mission focuses the partnership’s efforts. The second is a primary focus on users. Quite often public-private partnerships are initiated to deliver a service to mutual users. It’s important for both sides of the partnership to go beyond the traditional requirements process to uncover those nuanced functions that support the end user. The third theme is a shared sense of service. In the public sector, large-scale projects can span many years, and when things get tough, having teams on both sides of the collaboration that truly feel connected to something bigger – a sense of purpose, not just a business metric – is critical to long term successful innovation.
There are so many great avenues to explore for public-private partnerships where innovation can really make a difference in the government, ranging from educational institutions, state and local government, Federal civilian agencies, defense, and national security. As CEO of Google Public Sector, I’m committed to exploring and growing those successful partnerships.
MeriTalk: Today, we especially realize the need for public-private partnership in cybersecurity, and numerous efforts are underway. How can these partnerships move beyond sharing information and threat indicators into more substantial collaborations?
Grannis: Building meaningful relationships is critical, which starts with understanding fundamental needs and gaps. Companies that want to take public-private partnerships to the next level should look to tighten the feedback loops between identifying a critical use case or mission and establishing technology proof points that build competence and trust along the way. In this way, you’re incrementally building capability and trust hand in hand, which is what we call collaborative innovation. An example of this is when Google pioneered zero trust security hand in hand with the public sector. In the late 2000s, global security events forced Google and our government customers and partners to look at how our platforms, products, and infrastructure were secured. Specifically, we needed to reduce the threat that compromised credentials could pose to our operations. That led us to pioneer what the industry now calls zero trust security. Since then, we’ve implemented those principles enterprise wide. That implementation was based on close collaboration, advice, and insights from a number of public and private sector partners. We’re proud to be the pioneers for advanced technology that the government today is starting to adopt, and it all started with that deep collaboration – not just information sharing or transactions, but deep, collaborative innovation.
MeriTalk: Public-private partnerships can be a catalyst for technological innovation. The Defense Innovation Unit (DIU) is a good example. With offices around the country, DIU connects DoD organizations with leading technology companies to accelerate adoption of commercial technology throughout the military. Can you tell us a bit about Google Cloud’s experience working with DIU to develop a Secure Cloud Management prototype? What made this effort successful?
Grannis: At Google Public Sector we’ve had a very positive – and personally inspiring – experience working with DIU, which started with building relationships and sharing information to break down the barrier between a public institution trying to solve a mission through a contractual mechanism and a tech company trying to produce really great platforms. Our human connection built shared empathy and awareness, and formed a foundation of trust. The more we learned, the more we realized that one of the key mission areas for DIU was cybersecurity, which focused our efforts. We started working with DIU to develop a Secure Cloud Management, or SCM, prototype. Using our collaborative innovation approach, we developed requirements that made sense for their users and the current state of technology, and they prototyped rapidly. They involved real users in their prototypes. They collaborated with us along the way and accepted that lessons are learned and requirements change as time goes on. They weren’t afraid to change the requirements, and they did so in a collaborative fashion. The solution they got from us was ultimately more flexible and useful than they originally thought possible and exceeded our own expectations. It also sparked interest from DIU’s mission partners in the Department of Defense and shaped those organizations’ thinking about how to solve similar problems.
This effort worked because we had all the elements of a successful partnership. We had a shared sense of a big mission – a secure multi-cloud platform for the Department of Defense. We focused on the users to build a solution that was modern, deployable, and maintainable. We designed a solution for enduring mission needs. Those were really the keys to the project’s success.
This work came on the heels of some other incredible projects we’ve done with DIU. DIU chose Google Public Sector to help the U.S. military health system with predictive cancer diagnosis. We prototyped an AI-enabled digital pathology solution at select DoD facilities. We also worked with DIU and the U.S. Air Force to help modernize initial flight training for Air Force pilots globally through the use of cloud technology.
MeriTalk: Last July, Secure Cloud Management (SCM) prototypes developed by Google Public Sector with Palo Alto Networks, and two other cloud vendors, were approved by DIU. Then, in February of this year, DIU selected Google Cloud’s SCM solution to implement organization-wide. What set Google Cloud’s solution apart from the other approved prototypes, and what problems does Google Cloud’s SCM solve for DoD?
Grannis: We tend to think of a partnership as one private sector institution and one public sector institution. In this case, Google Public Sector and Palo Alto Networks came together to offer the solution to DIU. After listening to the needs of DIU, we were able to derive three principal design criteria for SCM. The first was security. The second was longevity. The third was scalability. From a technology standpoint, that criteria led us to partner with Palo Alto Networks so we could tap into the best of both of our commercial solutions to meet DIU’s needs.
What set the solution apart was that it met stringent Department of Defense security standards, solving some of the zero trust principles and imperatives and aligning with the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity. The solution is also available for acquisition by other DoD agencies through Other Transaction Authority (OTA) agreements, so it was an accelerant for other organizations to solve similar problems. And it’s an open, standards-based solution, making it scalable and highly responsive to the department’s current network boundary points. In addition, it leverages some of the best commercial technologies for multicloud management and cybersecurity.
MeriTalk: Scalable, highly responsive, and secure are some of the top requirements as agencies undertake IT projects. Looking at cybersecurity specifically, can it be a catalyst for agency modernization and mission innovation?
Grannis: Absolutely. Our mission at Google Public Sector is to accelerate every government organization’s ability to digitally transform. Security quite often is a driving force in those transformations. Because security is so critical, it drives innovation in urgent and much needed ways. We’re talking about everything from what a user might carry with them for two-factor authentication, to the way their browser behaves, to even the principles of creating the software itself. As CEO of Google Public Sector, I’m in a truly fortunate position to continue building the bridge between modern cybersecurity and computation technologies and missions that our government customers enable every day.
MeriTalk: The cybersecurity concept of zero trust is built around the idea that implicit trust in any single component of a complex, interconnected system can create significant security risks. How does Google Cloud help mitigate these risks?
Grannis: Google has spent the past decade implementing zero trust security solutions across our enterprise. Agencies can rely on that experience to address critical security risks, including remote access, secure collaboration, and boundary security. To take that a step further, to better serve the zero trust needs of our customers, we introduced the BeyondCorp Enterprise security solution in 2021. BeyondCorp Enterprise provides zero trust secure access to resources and applications in the cloud and on premises, and also across legacy systems and APIs. BeyondCorp Enterprise was built based on Google’s own innovation as we implemented zero trust globally for teams. It uses the Chrome browser and Google’s global network, and it offers integrated, real-time threat and data protection.
MeriTalk: How does Google Cloud help agencies implement zero trust along their modernization journeys?
Grannis: Trusted clouds are built on three pillars. One is a secure platform that delivers transparency and enables sovereignty – a secure foundation that agencies can verify and independently control. It enables agencies to move from data centers to the cloud while maintaining control over the data’s location and operations while also supporting compliance. The second pillar is a proven zero trust architecture. We offer battle tested technology that helps protect users and data against the many types of threats that Google sees and defends against every day. The third pillar is moving beyond shared responsibility to shared fate. In the shared fate model of risk management, it’s our responsibility to be active partners as customers deploy securely on our platform, not delineators of where our responsibility ends. We stand with our customers, helping them implement best practices for safely migrating to and operating in our trusted cloud.
That last mile of innovation – the implementation – is critical. We know that the DoD and other government organizations are managing complex environments. We have one ourselves. Having that expertise helps us coach, mentor, and partner with teams through implementation. To support this, we created the Google Cybersecurity Action Team, or GCAT. This team is committed to helping public sector customers meet zero trust security and compliance requirements in the cloud through specialized, multi-week consulting engagements and workshops. Customers who engage with this team benefit strongly from their experience, support, and guidance.