Q&A with Matt Goodrich: How FedRAMP Gives Customers What They Want


GSA is building very technical policies based on what its customers want, not developing policies and forcing its customers to comply with them.

In a recent request for information, the Federal Risk and Authorization Management Program office, a small team housed with the General Services Administration, sought ideas that might ease the sometimes-bumpy transition to cloud computing services for federal agencies.

The solicitation caught my eye, in part because a highly technical department – FedRAMP ensures cloud service offerings meet standardized security requirements that it sets – sounded more like a private sector company than a government entity. FedRAMP’s team, led by Director Matt Goodrich, used phrases like “customer journeys,” typically reserved for retail leaders like Amazon that place elevated importance on customer experience.

So, I emailed the folks at GSA and asked Goodrich a few questions. Customer experience became a pillar of the Obama administration last year. Obama famously went on "The Daily Show" to trump it up, the White House created a working group to foster best practices and oversight agencies went to work exploring where customer service was lagging.

But has the customer-centric approach flowed into tech, too?

Below is my exchange with Goodrich – edited for brevity and clarity – that suggests it has. GSA is building very technical policies based on what its customers want, not developing policies and forcing its customers to comply with them.

Nextgov: I thought the "customer journey" aspect was very interesting here. It's a theme I've seen echoed in other aspects of government lately.

Goodrich: The approach is to ensure that GSA takes a customer-first approach to developing new products and services. There are many things an agency could use to help them move to the cloud, but without fully understanding their journey and the obstacles they encounter, it’s hard to truly understand what they need and what will help move the biggest obstacles. Customer journeys are a powerful tool that help make customer focused decisions because it enables you to view a process from the end customer’s eyes.

Nextgov: The RFI states, "There are still distinct needs and services GSA could provide to assist agencies greater in their move to the cloud.” What are those needs? What are the folks at GSA hearing the most often regarding how to improve the cloud process?

Goodrich: At GSA, we hear from a wide variety of agencies, from those who are new to cloud and those that want to use it more efficiently. Some agencies are at the first step in what systems can move to the cloud, some are wondering what the best way is to buy cloud, some wonder how they can migrate their legacy applications and even some are asking how to move from one cloud to another.

We want to be able to provide a wider scope of services for agencies to help respond to all of their needs and questions as they move to the cloud.

(Editor’s note: Goodrich posted a blog Jan. 20 foreshadowing FedRAMP’s future evolution in which he described industry wanting faster authorizations and improved transparency, among other critiques.)

Nextgov: Where are we are now compared to a few years ago, and where does GSA and government want to be with regards to cloud acquisition? How will this RFI impact the future?

Goodrich: The RFI puts a strong emphasis on customer-centric design. We’re looking to make sure that as we create new products and services, it’s truly based on demand and need from within government.

A large part of the work we’re looking to do is to better understand the cloud needs across the U.S. government to make more informed decisions about creating those products and services agencies need: anything from creating technical solutions, matching them up to the right acquisition vehicle, or creating playbooks for a smooth transition.

(Image via /Shutterstock.com)