Five Real-World Lessons from Federal Leaders for SaaS Teams

Insights from Knox’s “How to Win In The Federal Cloud with AI & Speed” Virtual Session

Artificial Intelligence is reshaping how federal agencies operate, setting new standards for data governance, security, and automation. The ripple effects are reaching SaaS companies that aim to serve the public sector with trusted and compliant solutions.

In our recent virtual session, How to Win In The Federal Cloud with AI & Speed, Knox brought together four leaders who have lived this transformation from both sides of the ecosystem:

• David Epperson, Former Deputy CIO of EOP and First CIO & CISO of CISA
• ‍Carrie Lee, Former Deputy CIO of U.S. Department of Veterans Affairs
• ‍Brian Rosson, VP of Government Operations at BigID
• ‍Stephen Gatchell, VP of Data and AI Strategy at BigID

Together, they explored how AI is being responsibly deployed in federal environments and what practical lessons the commercial SaaS community can draw from those experiences.

Start with Data Readiness, Not the Model

Before AI can deliver results, the integrity and structure of its training data must be assured. At the U.S. Department of Veterans Affairs, this meant years of engineering effort to unify fragmented legacy systems, standardize data formats, and enrich metadata across millions of medical records. According to Carrie Lee, this foundational work was non-negotiable for building reliable AI systems.

“You can’t train what you can’t trust,” Lee explained. “Getting our data stewards to enrich metadata was the hardest and most important step.”

Her experience shows that without defined data lineage and validation processes, even advanced models will inherit bias and inconsistency. In large organizations, data readiness is not a one-time exercise but an operational discipline that determines whether AI improves decision-making or simply automates uncertainty.

Compliance as a Catalyst for Confidence

Regulatory frameworks once seen as obstacles are now driving innovation. Brian Rosson emphasized that compliance requirements such as FedRAMP and NIST can accelerate AI adoption by forcing clarity around visibility, classification, and accountability.

“Most organizations think they know their data,” Rosson said. “But until you see it, classify it, and control it, you can’t trust it.”

By building compliance into architecture and development cycles, SaaS providers can strengthen customer trust, improve security posture, and shorten the path to government certification. Compliance, when done right, becomes an enabler of innovation rather than a constraint.

Automation Is Redefining Risk Management

Federal agencies are using AI to monitor their cloud and software environments continuously, replacing manual compliance reviews with automated oversight. Carrie Lee described how AI-driven monitoring tools now assess system risk in real time, helping teams prioritize remediation more accurately.

David Epperson added that upcoming frameworks such as FITARA 2.0 will push agencies to measure their AI systems on accuracy, robustness, bias, and model drift.

“We’re being attacked at machine speed,” Epperson noted. “So we have to defend at machine speed too.”

For both public and private sectors, automation in risk management is evolving from an optimization tool to an operational requirement.

Synthetic Data Is Reshaping How Models Learn

When real data cannot be shared for privacy or security reasons, synthetic data provides a safe and effective alternative. David Epperson explained that federal teams are increasingly using synthetic datasets to simulate sensitive environments while maintaining performance accuracy.

“We’re seeing less than a two percent performance gap between synthetic and real data,” he said. “That’s a trade-off worth making.”

This approach enables secure experimentation, lowers compliance risks, and accelerates innovation. For SaaS companies developing AI models in regulated markets, synthetic data offers a pathway to scale responsibly.

Secure Cloud Partnerships Unlock Scale

Every speaker agreed that the next phase of AI adoption depends on secure and transparent cloud ecosystems. Knox CEO Irina Denisenko closed the session by emphasizing that managed federal cloud environments enable both compliance and operational speed.

“You can scan everything, all the time,” Denisenko said. “AI lets us detect issues before they impact customers and remediate them instantly.”

Stephen Gatchell, VP of Data and AI Strategy at BigID, reinforced this perspective by highlighting the importance of maintaining visibility and control as data environments evolve.

“Responsible AI isn’t just about model accuracy, it’s about governance, traceability, and knowing exactly where your data lives,” Gatchell said. “You can’t secure what you can’t see.”

By partnering with trusted, FedRAMP-ready infrastructure providers, SaaS companies can deliver products that meet government-grade security standards while maintaining the agility of modern software delivery.

From establishing clean data foundations to embracing real-time automation and secure cloud delivery, federal leaders are setting a new benchmark for responsible AI. These lessons extend beyond government programs and serve as a blueprint for any SaaS company aiming to build trust, reliability, and long-term value into its technology stack.

Knox helps SaaS companies achieve FedRAMP in 90 days or less, at 90% of the traditional cost.

Watch the full virtual session on demand: How to Win In The Federal Cloud with AI & Speed