Survey potential customers re: importance of cloud.gov having JAB authorization

[nikzei]

In order to understand the impact of a FedRAMP authorization delay on making our base of inquiries addressable via bizdev, we need to understand what prospective cloud.gov tenants need in terms of formal compliance assessments before they can start the IAA process and use cloud.gov for their work.

[afeld]

We should think about how to go about this...would we send a message to everyone on the mailing list? Everyone with a .gov or .mil? Reach out individually to agencies we know are particularly interested?

[brittag]

Here's a way to go about this:

In order for our cloud.gov team to make effective user-centered decisions while planning our compliance assessment work, we need to understand what prospective cloud.gov tenants need in terms of formal compliance assessments before they can start the IAA process and use cloud.gov for their work.

We have some evidence from user research:

• Many prospective tenants want us to have FedRAMP JAB P-ATO (at Low or Moderate levels).
• Agencies vary broadly in their requirements.

We have a broad hypothesis:

• Some prospective tenants may not need FedRAMP JAB P-ATO - they may only need an agency ATO or something else. We may be able to work with them to achieve that, which may help them get cloud.gov faster.

Steps to gather evidence to build a better hypothesis:

• Gather up any relevant existing evidence (dump our memories, notes, and info from old emails into an organized document to evaluate): which agencies and teams are known prospective tenants who have told us about their compliance assessment needs? What did they tell us?
• Based on that, draft a specific set of hypotheses, and draft a set of questions that would get us the info we need.
• Based on what we need, decide if we would get better info from smaller-scale high-touch research (reach out to specific people we know who are particularly interested and email them a few questions) or larger-scale (survey to get a broad sense of our prospective tenants overall).

That's a task sized to be a few hours or a day - it'd need a bit of coordination with people who know things about our business side (and getting access to the inquiries emails). I can't predict what the next step would be, since I feel I don't know enough about the problem yet.

[nikzei]

We already have existing relationships with a number of prospective customers and I'm sure that they would be available to give us quick feedback (Aidan, you have suggested this). From there, we'd likely understand the problem better - I'm always a fan of just talking with people when it's possible.

[mogul]

We have anecdotal evidence from conversations, but that's only via people we happened to have conversations with (not at all prioritized, but rather driven by who found their way to an 18F human to have the further conversation). This info is in some mix of cloud-gov-support, cloud-gov-inquiries, private inboxes, etc. and is not in an easily mine-able state (cf. the discussions about having a CRM; we don't have this information in anything close to one place).

Speaking from personal experience, I heard when people did want to wait for FedRAMP, but not explicitly from anyone who didn't... We need to quantify the latter.

My feeling is that we're after a general missive to anyone who's expressed interest in the past, explaining where we are on the FedRAMP journey (with a pointer to the blogpost but an explanation that November is not certain) and asking who wants to get started on IAAs.

[mogul]

(Also, I updated the initial description a bit based on my "in order to" and Britta's "we want to".)

[nikzei]

That all sounds good. And in case there was any confusion, my comment re talking with our contacts was in reference to Britta writing about not knowing enough about the problem yet (ie, "if we're blocked, we can get unblocked easily"). Totally on board with polling!

[brittag]

Ah I see that my last sentence was confusing - I meant that the process of gathering evidence and drafting hypotheses would help me learn enough about the problem to take a next step.

[nikzei]

After meeting, here's the plan: We're holding off until 9/1 (after Fedramp Post-Kickoff Review meeting + Bernd's return)

• [ ] we previously surveyed people who expressed interest in cg. There were about 10 people who weren't interested in interacting with us until the product was ready for market (“No thanks, I’ll wait until it’s generally available and out of the pilot phase”). --> Let's reach out to them first and gauge how important JAB auth is for them. We can follow the “In general, when talking to prospective people” template above in the linked survey.
• [ ] Based on those responses, adjust questions and then reach out to our broader list of folks with .gov and .mil addresses.

When do we want to complete this by? Let's figure it out.

[mogul]

We're holding off until 9/1 (after Fedramp Post-Kickoff Review meeting + Bernd's return) [...] When do we want to complete this by? Let's figure it out.

I'm thinking now that we know our delay on JAB authorization is on the order of 6-8 weeks (rather than an uncertain+unknown number of months), there's less urgency on this question. We discussed writing an update for our base with info about our status and prompting for those who are ready to start moving forward with an IAA based on that information to contact us... We should probably still do that, and track it as a separate issue.

[nikzei]

Great - I'll move this to ready.

[nikzei]

We believe this can be closed - it no longer seems to be the prioritized question for us. Instead, we're thinking the forthcoming omnibus communication on fedramp status and other news is the next communication for us to focus on. We can, of course, include a link to a survey and ask about JAB Authorization if folks think this is worthwhile to do. @mogul - do you agree?

[mogul]

Yup!