WASHINGTON — A week after Karen Dahut discussed digital transformation and information-technology investments at the Association of the U.S. Army convention, she was back on stage. This time, though, it was on home turf: The Google Public Sector Forum.
Dahut leads Google Public Sector, launched in June 2022 to target government modernization and the tech-centric needs of national security. She previously worked as the president of Booz Allen Hamilton’s global defense business.
Dahut sat down with C4ISRNET on the sidelines of the Oct. 17 forum to discuss her experience with the company, government adoption of artificial intelligence and cloud, and the ever-changing landscape of cyber. Google Public Sector the same day announced it was collaborating with Accenture Federal Services on a cybersecurity center of excellence.
Portions of the interview below were edited for length and clarity.
How is Google Public Sector shaping up a little more than one year after its launch? Who or what have been some of its biggest focus areas?
I’ve spent the last year, really, traveling around, visiting with customers and prospective customers. There are three things they say, resoundingly, that they need and want.
One is they need to move quickly. They need to move boldly, and they need to transition out of legacy IT.
Two is that they need security built in. I don’t know if you saw Mandiant CEO Kevin Mandia speak earlier this morning, but the number of cyber incidents are quadrupling, the number of zero-day incidents are just growing extraordinarily, and our public-sector customers are experiencing that and seeing that. They need security built in.
Then, the last thing is that they don’t want to do this by themselves; they need really strong technology partners to support them.
I use that as a foundation to say we’re really trying to address those needs for our public-sector customers. Bringing modern cloud to the table, bringing an IL5-compliant cloud that is truly differentiated, because we are accrediting U.S. Google Cloud entirely at IL5, and it has security and AI built in by design. By default, security is built in.
What we have been really evangelizing with our customers is we’re the right partner for you. We’re the fastest growing cloud in industry for a reason. We want to bring this cloud and these feature sets to you to really help you, whether it’s security challenges that you have or to digitally transform using AI.
In your experience, how well are government or defense agencies adopting cloud, something like the Joint Warfighting Cloud Capability? What more can be done?
First of all, it’s quite variable, dependent on the technology leaders that lead the different agencies, how quickly they have moved to the cloud. I think the number is somewhere less than 20% in all of government that have actually transitioned to the cloud and are using the cloud in a meaningful way.
JWCC is a great contract vehicle, right? It’s a contract vehicle that all of the Department of Defense can access and leverage. But the technology leaders inside the agencies need to, first of all, commit that they want to move to the cloud and they want to use cloud and AI and security as a way of modernizing or digitally transforming.
You were at AUSA. If you look at the way the Army is, really, evaluating cloud, moving to a multi-cloud type of organization, really adopting AI and developing use cases to accelerate the mission, it’s super exciting.
There are other agencies that are not nearly as far along, so it really runs a continuum, depending upon who you’re talking to.
How has your defense experience — at Booz Allen, for example — shaped Google Public Sector’s pursuits thus far?
I ran the defense business at Booz Allen for a really long time. And what I know to be true is there are a lot of really earnest defense leaders that want to modernize and move quickly.
I think they are burdened with legacy IT and technical debt that they can’t resolve in a single budget year. They have incumbent providers that are super aggressive. So how can they overcome that? And then, thirdly, there’s a risk paradigm around technology, and particularly AI, that needs to be overcome.
As Jinyoung Englund said on the stage this morning — she’s the chief strategy officer for the algorithmic warfare directorate for the chief digital and AI office — there’s risk in everything.
Let’s not get mired in evaluating all of the risks. Let’s pick some use cases that are not complicated, that don’t create high level of risk for your organization. Maybe it’s a back-office use case, maybe it’s a security use case. It’s something. Let’s get started that way.
My advice for all of our customers has been ‘get started and move quickly.’
Now, to the point you made about drawing a distinction between an integrator and a Google, I think integrators own a lot of the dollars that are spent on technology on an annual basis. Our commitment is to partner very closely with integrators and be partner-first, so that we can really help them bring best-of-breed technology to their customers.
How would you assess the state of AI today, particularly for your government or defense consumers?
Well, I’ll back up and say the state of AI, globally, is that commercial companies are adopting it very, very quickly. I think that should tell you something about, No. 1, the economic benefit that it provides, as well as the mission benefit that it provides.
A significant number of our commercial companies, they’re not experimenting with AI, they are implementing and adopting it. When we have those conversations with federal and state and local customers, we’re like, ‘Let’s take some of the use cases that we’re seeing in our commercial sector, and let’s just apply them, and use them, in the government sector,’ because we think that there’s not a lot of risk in some of those proven use cases.
Now, where they are challenged is, in some cases, they’re not yet transitioned to the cloud. In order to really leverage the benefit of AI, you have to be in the cloud, because that’s where the compute power is.
Sometimes they have to back up and say, OK, in order to do what Company A, B, or C is doing, we need to first transition to the cloud, to get our data into the cloud, to be able to leverage our data enterprise to apply AI.
It might be a longer pathway for them, but it’s still very doable.
What is the cause of that adoption lag between private and public sectors? The Defense Department has been dinged, for awhile, for its slow adoption of new tech.
I think it’s what I talked about earlier.
It’s technical debt. They have to move to the cloud and get there rapidly. It’s a risk conversation that they have.
It’s great to do prototypes, but they have a scale issue, as well. So you need to move from prototypes and pilots to real, scaled implementations. And that scale within DoD is a very dramatically different scale. So leveraging the lessons learned from like a large Fortune 50 company — how did they do it — and applying that same approach.
What’s your read on the shift to zero-trust cybersecurity? Do you feel it’s as bulletproof or revolutionary as some officials make it out to be?
Google is a zero-trust company. We became a zero-trust company, we were really the pioneers in zero trust, because we were hacked in 2008, 2009. Well-known story. We can send you the YouTube links.
But we, Google, decided at that point in time that we needed to adopt an entirely different security architecture, because it was an existential threat to the company. We, over the past 13 years, have really been adopting and implementing zero trust across the board.
It starts with identity and access. That is a really hard thing, sometimes, for the government to get its head around.
If I can identify you as a user — what your appropriate accesses are, and that you are sitting at the computer you say you are sitting at — that is the trifecta of security. Now, do I believe that, at some point down the road, somebody would find a way to hack into that? Quite possibly. But right now, it is the most secure architecture there is.
That’s why we’re working, actually, with DoD to help them think through their zero-trust architecture and how they could move to it.
It’s not easy. I mean, Google has been migrating to this over a long period of time, and we are now in that architecture. It takes time, effort, resources to really dedicate to doing it right.
Is zero trust the right fit for everyone, for commercial companies and these massive government agencies?
The way I think about government and government transformation, if you will, you have to take it in its piece parts. If you look at it with the big picture, it seems overwhelming.
I always talk to our customers about what is the first step you can take today to modernize. I know that if you go out 20 years, this is where you want to be. But let’s back up to today: What is the first step you would take? Let’s take that step.
Maybe the first step is moving to the cloud. Then, once you’re in the cloud, securing your data in a secure way, so that the entire enterprise can leverage that data. So, just taking those incremental steps but with a bold vision.
‘Is zero trust right for everybody?’ is your question. I don’t know that it’s right for everybody, but I also don’t know that it’s not right for everybody.
If you look at the number of security incidents we’ve had as a company since moving there, it’s none. So, what is the value of being able to secure your enterprise in a way that you sleep at night?
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.