Scaling Secure Cloud Adoption Across States
MIKE LAUER
Senior Director of U.S. Public Sector
Fortinet
WALLY DALRYMPLE
Chief Security Officer
PSI
RICK MAYFIELD
Director of Enterprise Government Solutions
Pitney Bowes
State and local governments are rapidly expanding their use of cloud services, but with that growth comes complexity — fragmented procurement pathways, varying security expectations, and the challenge of applying consistent standards across jurisdictions. As agencies look for ways to streamline adoption while maintaining strong security, cloud service providers (CSPs) play an important role in helping drive clarity, alignment, and repeatable best practices.
To better understand how leading organizations are supporting this shift, we spoke with three experienced public sector technology and security leaders: Mike Lauer, Senior Director of U.S. Public Sector at Fortinet; Wally Dalrymple, Chief Security Officer at ETS/PSI; and Rick Mayfield, Director of Enterprise Government Solutions at Pitney Bowes. Collectively, they bring decades of experience working with government teams at the state, local, and federal levels. Their backgrounds span navigating evolving requirements, deploying secure cloud services, and supporting scalable approaches to compliance.
In this discussion, they share insights on the challenges CSPs face in state and local environments, strategies for communicating security posture effectively, and the innovations needed to help governments scale cloud adoption securely and consistently.
Q: What are the most common challenges CSPs face when implementing cloud products at the state and local levels, both from a procurement and security standpoint?
Mike Lauer: Understanding the mission and goals of agencies of different sizes is a core challenge. Smaller agencies may not explicitly call out scalable security in solicitations even though it is essential. Requirements such as CJIS apply across both small and large organizations, reinforcing the need for CSPs to build platforms that scale and meet security expectations by default. Taking a security-first approach ensures platforms are designed to meet compliance needs from day one.
Wally Dalrymple: CSPs often encounter fragmented procurement processes and varying interpretations of security standards across jurisdictions. Without centralized guidance, implementations can slow down or diverge from expectations. We work to mitigate this through early collaboration, structured readiness assessments, and alignment with recognized security baselines—including those used by GovRAMP—to help teams establish a shared foundation.
Rick Mayfield: Procurement teams often face complex or evolving security requirements. To support them, we focus on early collaboration that brings procurement, technology, and security stakeholders together to ensure requirements are clearly defined and aligned with policy. This integrated approach leads to smoother deployments, stronger security outcomes, and avoids costly rework. GovRAMP’s work to help procurement offices align expectations has contributed to clearer solicitations and more streamlined evaluation processes.
Q: How are CSPs successfully communicating their GovRAMP status to governments that may be less familiar with the program or earlier in their adoption journey?
Mike Lauer: We have seen value in using GovRAMP resources during outreach, webinars, and milestone communications. Sharing our GovRAMP authorization status—supported by consistent internal messaging—helps establish trust with customers encountering the program for the first time. Demonstrating alignment with GovRAMP security requirements provides a clear and credible signal of readiness.
Wally Dalrymple: Our approach enters on education. Rather than focusing on terminology, we translate GovRAMP authorization into practical outcomes including reduced risk, clearer control maturity, and stronger transparency. By mapping GovRAMP security requirements to state-specific frameworks, we help customers understand the program as a reusable, trusted foundation for secure cloud adoption.
Rick Mayfield: Communicating our GovRAMP authorization is an important part of helping agencies understand the security posture behind our solutions. We focus on educational activities, including virtual sessions, conferences, and digital channels. Our teams also share updates through direct outreach. GovRAMP’s resources help agencies quickly identify vetted, secure, and scalable solutions as they modernize.
Q: How have you seen the reuse of GovRAMP verification impact your own compliance time and costs?
Mike Lauer: GovRAMP verification accelerates adoption for public sector buyers by creating a trusted security foundation. It reduces ambiguity and lessens the need for extensive validation cycles, helping procurement and security teams make faster, more informed decisions.
Wally Dalrymple: Building and validating our environment against a recognized security baseline has already reduced friction in state and local engagements by limiting duplicative effort. Providing aligned controls, policies, and evidence packets gives agencies a strong starting point, making due diligence more efficient. As we move through our GovRAMP milestones, we expect further gains in both time and cost savings.
Rick Mayfield: We see clear value in GovRAMP’s “verify once, serve many” model. Historically, secure solution deployments required lengthy authorization processes that were costly and resource intensive. The ability to reuse GovRAMP verification benefits both CSPs and agencies by reducing cost, shortening timelines, and supporting faster adoption of cloud services.
Q: What role do CSPs play in helping governments harmonize cloud security frameworks at a national level?
Mike Lauer: Compliance is complex, and CSPs with visibility across local, national, and international landscapes can offer perspective on emerging risks and best practices. Insights gained across sectors help inform government teams as they modernize systems and strengthen security postures.
Wally Dalrymple: CSPs help bridge frameworks by promoting reusable controls, shared reporting approaches, and scalable continuous monitoring practices. Reinforcing alignment across GovRAMP, FedRAMP, and agency-specific requirements supports greater national consistency.
Rick Mayfield: CSPs provide the secure platforms agencies rely on to keep applications and data aligned with required standards. GovRAMP’s Fast Track program has been particularly helpful in enabling reuse of existing verification to support broader harmonization.
Q: What investments or innovations are most needed to help states scale cloud adoption securely and consistently?
Mike Lauer: States should continue strengthening CISO and CISPO programs, and ensure cloud architecture reviews are grounded in GovRAMP requirements. Prioritizing baseline policies, identity governance, and automation supports standardized, repeatable architectures and reduces duplication.
Wally Dalrymple: Secure scalability depends on interoperability, automation, and visibility. Investments in automated compliance validation, real-time monitoring, and shared trust mechanisms help agencies adopt cloud solutions confidently and consistently.
Rick Mayfield: States benefit from adopting platforms and services that already meet rigorous security expectations, while also modernizing applications and embracing cloud-native approaches. A combination of secure platforms and modern development practices enables consistent, secure scaling.
Closing Thoughts
Across each perspective, one theme is clear: states benefit when they can rely on shared expectations and reusable security verification rather than rebuilding processes from scratch.
The insights from this panel reflect a broader reality across government: agencies move faster and more confidently when they have access to consistent guidance, transparent security practices, and collaboration with providers who understand the unique challenges of the public sector. Strengthening clarity, reducing duplication, and building a shared foundation for secure cloud adoption are collective efforts — shaped by governments, providers, and partners across the ecosystem.
As state and local teams continue modernizing services and improving resilience, the public-sector community plays an essential role in advancing approaches that are repeatable, equitable, and grounded in trust. These perspectives highlight the ongoing work needed to support that mission and the opportunities we all share in helping governments adopt secure cloud solutions with confidence and consistency.
Meet Our Panelists
Mike Lauer helps to guide several programs and areas that are focused on Fortinet’s mission to “Secure Everywhere”, as well as provide thought leadership on best practices within the Public Sector and Critical Infrastructure space. As a former Chief Technology Officer for the State of Iowa, Mike has a proven, long track record, of uniting large initiatives across multiple stakeholders and regions that ranged from Policy, Technical Leadership, and Strategic Planning.
As Global Chief Security Officer at ETS & PSI, Wally Dalrymple directs cybersecurity, risk management, business continuity, and data governance efforts across the organization. He brings deep experience building and leading enterprise security programs in highly regulated environments, including the healthcare and automotive sectors. Wally is a Certified Information Security Specialist with advanced degrees in business and information assurance.
Rick Mayfield serves as the Director of Government Enterprise Solutions at Pitney Bowes, where he leads initiatives to develop and implement innovative and compliant technology solutions for public sector clients. With over 23 years of experience in government contracting and IT modernization, Rick has a proven track record of partnering with government entities to deploy secure enterprise technologies and driving operational efficiencies. Rick is passionate about leveraging technology to solve complex public sector challenges and achieving strategic growth for both his organization and his government partners.