Q&A: FedRAMP and Multicloud Strategies Accelerate Innovation Across Federal Health Care

As federal health agencies continue their shift to the cloud, the need for secure, scalable, and compliant platforms has never been greater. To meet this need, DSS has launched its DSS Health Cloud (DSSHC), which is now actively progressing through the FedRAMP High authorization process.  

This reflects DSS’s commitment to delivering trusted infrastructure for health care solutions that serve Veterans and other mission-critical populations. In the following Q&A interview, Antonio Segovia, chief information officer at DSS, discusses this effort and how it is enabling federal agencies, government contractors, and commercial health partners to innovate faster and with greater confidence. 

Q: How is DSS approaching secure cloud adoption in a way that supports both agency priorities and long-term innovation? 

Antonio: DSS has spent the last four years building a secure cloud environment, grounded in two key principles. First, we use Zero Trust, meaning we verify every user and action within the environment. Nothing is assumed to be safe, and this helps us stay ahead of threats. 

Second, we avoid manual intervention by using AI agents and infrastructure as code. Everything is automated. We do not configure or deploy environments by hand. Instead, we use scripts that allow us to scale quickly and consistently. We can deploy 100 secure environments with the push of a button. 

This model supports agencies by giving them ready-to-use, compliant environments. They can bring their applications and deploy without having to build infrastructure themselves. It saves time, reduces risk, and ensures strong security from day one. 

Q: What does the FedRAMP journey look like from the CIO’s perspective, and how does it help DSS align with federal IT expectations? 

Antonio: The FedRAMP journey was a true cultural transformation for DSS. It required a level of discipline and rigor we had never experienced before. What started as a six-month goal quickly became a four-year journey. We had to change how we operated as a medium-sized company to meet the highest federal compliance standards. 

DSS was one of the first companies to host a VA application outside of the VA’s data center. That was a huge milestone. Achieving FedRAMP compliance is opening the door to broader opportunities. Now agencies and even government contractors can use our environment without worrying about security compliance. 

Q: Can you explain how the DSS Health Cloud can support not only agency clients but also other government contractors or commercial partners who need compliant infrastructure? 

Antonio: Yes, the DSS Health Cloud can support not just agency clients but also government contractors and commercial partners who need secure, compliant infrastructure. It was designed to meet the highest federal standards, including FedRAMP, but it also aligns with commercial standards like HITRUST and SOC 2. We are pursuing FedRAMP High because it covers all HITRUST controls.  

However, FedRAMP High is more expensive, so commercial clients who do not require that level of security can use our SOC 2 environment instead. For those who do need stronger security, we offer access to our FedRAMP High environment.  

This is especially valuable for small or midsize companies that do not have the resources to build and maintain their own. We offer a true platform-as-a-service and even white glove onboarding to ensure applications run smoothly in a restricted environment. This way, clients can focus on their solutions without worrying about security, compliance, and infrastructure. 

Q: Can you speak about the role of multicloud strategies in supporting resilience, risk management, and vendor flexibility for agencies like VA? 

Antonio: A multicloud strategy is essential for resilience, flexibility, and operational continuity. At DSS, we implement this strategy in our FedRAMP environment by distributing workloads across multiple cloud platforms.  

Each environment is leveraged based on its specific strengths and compliance capabilities. If one provider encounters an outage or security event, our agnostic approach ensures that we can maintain service continuity through another.  

This not only mitigates risk but also reduces dependency on any single vendor, allowing us to deliver secure, high-performing services to our customers without disruption. 

Q: What are the long-term benefits for VA and other agencies in adopting a cloud platform like DSS Health Cloud that supports both security and scalability? 

Antonio: One of the biggest long-term benefits is having a built-in, ready environment where you can focus on your application without needing to manage all the infrastructure, security, and compliance requirements yourself. We take care of all of those aspects. 

We go through very rigorous controls. Our environment is scanned every 15 days and findings must be reported every 30 days. If there are findings, they must be mitigated within a 30-day period, or you risk losing your certification. That level of discipline is unique. Most environments require this level of review maybe once a year, but with FedRAMP High, it is far more frequent and demanding. 

That strict structure becomes even more valuable as technology and security challenges evolve quickly. Requirements are likely to become even tighter over time. 

From the VA’s perspective, this means you don’t need to staff up just to scale. You don’t need to hire additional people or invest in more equipment to meet these demands. You can offload that responsibility to DSS and stay focused on what really matters: delivering excellent health care support to Veterans without being burdened by the underlying technology.

Q: Looking ahead, how do you see FedRAMP and multicloud capabilities driving greater innovation, efficiency, and mission readiness across the federal health care landscape? 

Antonio: FedRAMP and multicloud strategies are unlocking new levels of speed, innovation, and resilience for federal health care agencies. Today, agencies can take an idea and deliver a secure, scalable solution in as little as 30 days. That used to take months or even years.  

With platforms like DSS Health Cloud, agencies no longer need to worry about managing infrastructure, maintaining compliance, or navigating complex security controls. They can focus on solving real challenges while DSS manages the rigorous FedRAMP requirements, including scanning every 15 days and reporting every 30 days. 

This model encourages innovation by removing traditional roadblocks. Developers can focus on their ideas while DSS supports the full journey from secure hosting to application development to helping with certification. Even if a solution is not yet certified, it becomes FedRAMP compliant by being hosted on the DSS platform. DSS then guides the application through certification, a process that can take six to 12 months and is fully supported by the DSS team.

Multicloud flexibility is a key advantage. It allows DSS to support customers across different cloud providers so that agencies like VA can choose the best option for their needs without compromising security or compliance.  

We would like to thank Antonio for sharing his insights with us. To learn more about how the DSS Health Cloud is driving a new era of federal health IT, please click here.