Your Roadmap to IT Modernization
Contents 22
PLAY 1 Assessment & Roadmap
25
Why IT Modernization?
A Look at the IT Modernization Fund
26
PLAY 2 Modernization Readiness
7
The Benefits of IT Modernization and Consolidated IT
8
Department of Energy’s 10 Steps to IT Modernization
29
Taking Advantage of the Application Economy at Your Agency
11
How APIs Can Help Government Address Today’s IT Challenges
30
PLAY 3 Modernization Execution
33
Leveraging Mobile Solutions at Your Agency
12 The Role of DCOI in IT Modernization
34
PLAY 4 Modernization Deployment
15
37
Advancing the Digital Flow of Government Business with Micro Service Architectures
3
Executive Summary
4
IT Modernization & the New Administration
5
Using Data Optimization for IT Modernization
16 How Agencies are Modernizing 19 The Definition of IT Modernization 21 Modernizing Culture & Technology for Effective Transformation
2 // A GovLoop Guide
38 PLAY 5 Post-Modernization 41
How Cloud Solutions Can Help Your Agency Consolidate
42 Conclusion 43
About & Acknowledgments
Executive Summary Information technology (IT) modernization is
GovLoop’s latest playbook answers those
one of the hottest topics across government
questions and more. This guide provides
today. IT modernization has revolutionized
agencies with:
efficiency, convenience and effectiveness for all users. That’s why agencies within federal, state and local government are eager to take advantage of all that modernization efforts can offer. Frankly, IT modernization for government is a must. Modernization is important to deliver the necessary levels of security, functionality and efficiency to help government employees in their roles. More important, modernization will help government deliver better services to the American public. But due to poor management of technology investments, costly IT projects that often result in failure and the delivery of technologies that are obsolete by the time they are completed, government has largely missed the mark on this needed transformation. Of the $82 billion in federal IT spending planned for 2017, approximately 78 percent ($63 billion) is
• A five-play roadmap to help government employees, both IT professionals and nonIT professionals alike, get a better sense of where to start on modernization projects; • An overview of the Information Technology Modernization Fund (ITMF); • Featured government success stories highlighting their modernization projects; and • The IT Modernization Lifecycle, based on the recent report by the American Council for Technology-Industry Advisory Council. Ultimately, this guide provides agencies with a plan for defining IT modernization for their unique needs and infrastructures. It provides concrete steps to help you plan for the future, even amid resource constraints and administration changes.
dedicated to maintaining legacy IT investments. But even with all the focus on IT modernization, there still seems to be a lot of confusion, especially with a new administration coming in with new ideas and policies. What does modernization really look like? Is it the same for every agency? Is modernization even achievable with limited budgets and an uncertain future for federal government?
Your Roadmap to IT Modernization // 3
IT Modernization & the New Administration With the election of Donald Trump, there are questions about how the new administration will handle technology policy. What will the new president do to continue IT innovation and modernization? What can policymakers, agency leaders, employees and IT staff as well as the general public expect moving forward?
However, defense agencies and other big users of IT may actually be largely unaffected by the executive action. This is because hiring is still a major impetus at civilian agencies. Depending on how broadly the government defines IT jobs related to “public security,” there could still be quite a bit more hiring. Specifically, opportunities with federal IT contractors may open up.
While we may not know all the answers to these questions yet, one thing is certain: IT modernization is just as imperative for government and the new administration as it ever was before.
When it comes to technology modernization, President Trump seems to be largely in support of public-private partnerships and innovation. This was demonstrated by his praise of tech leaders in a recent summit that brought together many heads from Silicon Valley.
According to the Information Technology and Innovation Foundation, President Trump has argued that the U.S. has obsolete capabilities and has expressed that cyber should be in the “nation’s thought process.” The new president has also vowed to “enforce stronger protections” against foreign hackers. Cybersecurity-related hiring was a top IT priority in the last year of President Barack Obama’s administration. It followed high-profile government security breaches, including some 20 million records stolen from the U.S. Office of Personnel Management. In terms of the IT workforce, President Trump recently signed an executive order preventing the filling of vacant positions across federal government except when necessary to meet national or public security responsibilities. This may raise some questions as to how government could sustain IT modernization projects without the necessary staff to manage new equipment and technologies.
4 // A GovLoop Guide
In fact, advocates for innovation in government are optimistic that President Trump will continue the push to use technology in order to enhance government. According to Rob Atkinson, President of the Information Technology and Innovation Foundation, “Whereas Obama tried to use IT for innovation in government, Trump will probably try to use IT for efficiency and cost-cutting in government,” he said. Overall, it is difficult to predict the exact future of IT modernization so early in the Trump administration. Legislation may change, budget priorities may be shifted and agencies may increase or cut IT staffs depending on the impact of hiring freezes. Regardless, technology modernization will continue as more innovations, like apps and cloud platforms and new devices, develop in the years to come. Though it’s unclear exactly what direction the new administration will take, signs currently point to modernization continuing under the Trump agenda.
A Look at the IT Modernization Fund A comprehensive review of federal cybersecurity last year found that government largely still relies on legacy systems, software, applications and infrastructure, which are harder to defend against sophisticated cyberthreats and are less costeffective. Currently, civilian agencies spend 71 percent ($36 billion) of their IT budget maintaining legacy IT investments, which limits funding for the development of more secure and efficient technology solutions. To address such issues, the Obama administration recently proposed legislation to establish a $3.1 billion Information Technology Modernization Fund (ITMF). As the name suggests, that fund would help the nation modernize its IT infrastructure and further improve its cybersecurity posture. The fund is housed under the Cybersecurity National Action Plan (CNAP), which outlines short- and long-term strategies to enhance cybersecurity awareness and protections, protect privacy and maintain public safety. The ITMF specifically would help retire, replace and modernize the federal government’s IT legacy systems, which are costly and difficult to secure. To address such challenges, the proposed ITMF would be administered by the General Services Administration (GSA) to fund a governmentwide transition to more secure and efficient modern IT systems and infrastructure. Additionally, the fund would establish a self-sustaining mechanism for federal agencies to regularly refresh their IT systems based on up-todate technologies and best practices. More specifically, the ITMF proposal addresses the challenges associated with legacy IT in a number of unique ways:
Governmentwide prioritization: An independent board of experts will identify the highestpriority projects across government, ensuring that the federal government’s most pressing and highest-risk systems are targeted for replacement.
Self-sustainment:
to support modernization projects over the long term. As a result, $3.1 billion in seed funding for fiscal year 2017 will address at least $12 billion in modernization projects over the first 10 years and will continue to remain available in the future.
Expert management: Experts in IT acquisition and development at GSA will provide modernization expertise to help agencies as they’re implementing their modernization projects. Every investment that receives funding will allow agencies to receive oversight and expertise to improve the chances of successful projects.
Transition to common platforms: In order to reduce risks and save money, the ITMF would facilitate a transition to common platforms across government. By collecting modernization proposals from many agencies, the board can identify opportunities to replace multiple legacy systems with a small number of common platforms – something that is relatively difficult for agencies to do on their own.
Strong incentives: By establishing a central fund that agencies must apply to and compete for, the legislative proposal would provide strong incentives for agencies to develop comprehensive, high-quality modernization plans. Additionally, the funding allows for more long-term thinking than costly one-off fixes. Ultimately, the ITMF would be a $3 billion kickstart fund to help agencies by relieving extra costs for their modernization efforts. The legislation would be an important first step in changing the way federal government manages its IT portfolio, would help save money and strengthen security. Regardless of whether the legislation passes, modernization is an inevitable part of the future and government agencies need to be ready to take the plunge.
Agencies would be required to repay the funds, ensuring the ITMF is not only self-sustaining, but also can continue
Your Roadmap to IT Modernization // 5
Solve for today and plan for tomorrow with scalable, end-to-end IT monitoring and management software. solarwinds.com/federal
6 // A GovLoop Guide
INDUSTRY SPOTLIGHT
The Benefits of Modernization & Consolidated IT An interview with Joe Kim, Global Chief Technology Officer, SolarWinds
Going into 2017, government still has many concerns surrounding IT modernization and security. And those concerns aren’t going to diminish. As more agencies look to modernize their IT infrastructure, many run into challenges with increasing complexity surrounding compliance, authentication policies and vulnerabilities in their networks. Rather than addressing these challenges through patchwork solutions and disparate IT systems, agencies should consolidate their IT solutions, platforms and infrastructures. In an interview with GovLoop, Joe Kim, Global Chief Technology Officer at SolarWinds, explained the benefits of IT consolidation. He also explained what agencies should do to get started in their modernization efforts with five simple steps as well as tools from IT operations management (ITOM) to help. SolarWinds partners with DLT to offer IT management and monitoring solutions for IT consolidation. With disparate IT systems, many agencies run into challenges managing authentication, authorization and a variety of security tokens. Managing all of these independent processes, tools and platforms can get pretty complicated. “When you don’t centralize your IT modernization efforts, not only is it less efficient, but it leaves your systems vulnerable,” Kim said. Kim explained that with consolidated IT services, agencies can use new platforms to better organize data and combat cyberthreats. This is because consolidated IT means fewer systems to monitor and the ability to quickly identify and address cyberthreats, as well as any issues in applications and infrastructure. “Modernizing and consolidating ensures
that you know the specifics around hacks and that they’re quickly getting addressed by whoever’s supporting your platforms (internal employees or vendors),” Kim said. With consolidated IT, agencies don’t have to worry about disparate software or applications not complying with certain standards. Having tools and solutions centralized means greater availability of applications and improved compliance. To get started with IT consolidation and optimization, Kim recommended five steps for agencies to use in their modernization efforts 1. Define the scope. Understand at multiple levels what your agency is trying to achieve. Then start deep diving into technology products and services. 2. Perform an inventory. Find the baseline of your agency’s IT resources. Take the time to find what you already have in place, specifically regarding tools, policies and procedures. Then, start to understand where you need to go to reach a desired end state. 3. Conduct a needs assessment. Look for what tools will drive the most efficiency in your agency’s modernization project based on the inventory’s findings. 4. Look outside the agency. Research what the market standards are regarding tools and services. Consider hybrid cloud infrastructures of different products for shared services. Who are the players and what are the differentiators between IT solutions? Have a set of prioritized features and functions that your agency must cover and assess vendors accordingly.
5. Move forward. Identify what can be achieved most quickly from steps 1-4. Then focus on one thing at a time and build on that. Minimize transitional states in modernization to avoid the process becoming complicated, costly and unsecure. In addition to these five steps, agencies can also use solutions like ITOM tool integration to help consolidate IT systems and address any lingering security challenges while still realizing the benefits of modernization. ITOM stands for IT operations management. ITOM includes tools to help manage provisioning, capacity, performance and availability within the computing, networking and application environment. For example, with ITOM tools like AppStack, you can reduce systems downtime with a single view into an agency’s entire application stack. This allows IT staff to quickly identify the root cause of application issues within a unified dashboard as well as provides full visibility into the performance of the environment across all layers. Another example of ITOM in government would be integrating ITOM tools into an agency’s helpdesk system. Helpdesk integration unifies IT management and support allowing streamlined ticket creation and assignment. This helps notify network and systems admins of infrastructure issues and automate help desk ticket creation, which allows technicians to resolve any issues faster. Ultimately, agencies can improve their modernization projects by consolidating their IT solutions with the help of ITOM and the five-step strategy. Not only will consolidation help with modernization efforts, but it will also address concerns around security while improving efficiency and cost-savings. Your Roadmap to IT Modernization // 7
Department of Energy’s 10 Steps to IT Modernization While legislation like the ITMF comprehensively addresses government IT, some agencies are already tackling modernization according to their unique needs. Take a look at the Department of Energy (DOE), for example. As early as 2012, the DOE Chief Information Officer (CIO) and the National Nuclear Security Administration (NNSA) CIO were jointly tasked with developing a strategy to modernize DOE’s IT environment. They were to identify opportunities to share services, reduce costs and leverage new technologies. What emerged was DOE’s very own IT modernization strategy with three overarching objectives, including: Transform. Use existing and new activities to enable new technologies to be inserted into the overall architecture in a lean and agile manner. The goal was to improve effectiveness and fiscal efficiency.
8 // A GovLoop Guide
Protect. Leverage the DOE’s Joint Cybersecurity Coordination Center to improve information-sharing, provide better operational awareness of security for corporate infrastructure, respond to incidents and proactively build cybersecurity into new technology investments. The goal was to ensure new technologies were appropriately secured throughout their lifecycle from design to retirement.
Advance. Leverage the national laboratories’ world-class research and development capabilities through the cornerstone of the Cyber Sciences Laboratory (CSL). CSL is a virtual research and development (R&D) center that combines the capabilities of national laboratories, academia and industry to investigate the theory behind cyber.
Under these three objectives are 10 direct steps DOE developed to execute its modernization strategy: Transform 1.
Consolidate and connect networks and services to
3.
6. Strengthen cybersecurity risk management,
create the DOE “Cloud of Clouds.” Reduce the number
including understanding and managing the IT supply
of redundant infrastructures and services (i.e., data
chain. Establish structures, processes and people
centers, email systems and collaboration tools) to
to continuously improve DOE’s management of
create an optimum suite of services that leverages
cybersecurity risk, including risk imposed by non-
commercial providers. This helped the agency better
trusted supply chains.
meet mission support requirements. 2.
Protect
7.
Establish full operational capability for
Align IT management and governance. Address
information-sharing, shared analytics, reporting
structure, process and people to improve
and collaborative incident response. Leverage the
management and decision-making effectiveness by
collective, collaborative power of DOE contractor
aligning IT personnel and resources to optimize their
expertise to provide site and enterprise cyber
use as well as decision-making to mission outcome.
situational awareness and cyber incident response.
Establish architecture, policy and standards that
8. Improve cybersecurity training and awareness.
embrace platform and device diversity. Establish
Address the weakest link in the cybersecurity
the DOE CIO as broker-advisor who coordinates
value chain by delivering a rich training and
the architecture, policy and standards necessary to
awareness program that is tailored to the roles and
enable mission outcomes.
responsibilities of each individual.
4. Streamline, simplify and reduce the cost of IT solutions and acquisition. Reduce the number of product and service procurement vehicles. Leverage the collective buying power of DOE to simplify and reduce the cost and complexity of acquisitions. 5. Develop a corporate data and information management strategy. Create a data and information lifecycle plan that ensures the right information is available at the right time. This helped improve mission effectiveness by enabling data-driven decision-making.
Advance 9. Establish and advance the cyber sciences laboratory and establish a cyber innovation center. The CSL was to establish and sustain an enduring, national cybersecurity R&D center of excellence at the National Laboratories to address cybersecurity threats to the nuclear deterrent, energy infrastructure and the nation’s reliance on cyber infrastructure at large. 10. Enlarge and leverage the best of government, industry, academia and innovators. Improve the effectiveness and efficiency of modernization efforts by establishing structures and processes that maintain collaborative relationships with the best of government, industry, academia and innovators.
As the agency that manages the nation’s electric grid systems, it seems requisite that DOE stay ahead of IT modernization. But laying out a modernization strategy certainly helped. Within a year, DOE made strong progress toward its outlined goals and has since continued working toward moving away from maintaining legacy systems to developing new solutions and platforms that are up to date. Agencies like DOE certainly set high standards and precedents that other government agencies can look to for their own modernization strategies.
Your Roadmap to IT Modernization // 9
When everything is connected anything is possible. Meet Anypoint Platform. It marries data transformation with full API lifecycle management, all on a single runtime. Government agencies use Anypoint Platform to more efficiently and securely connect across legacy and cloud systems, increasing IT efficiency while reducing costs. Learn more about how MuleSoft drives accelerated digital transformation in government: Webinar
Leveraging APIs to accelerate legacy modernization initiatives at the FCC
Case study
Accelerating medicaid expansion initiatives at the State of Colorado
Case study
Powering legacy modernization in a US federal civilian agency
Whitepaper API-led connectivity for government
10 // A GovLoop Guide
INDUSTRY SPOTLIGHT
How APIs Can Help Government Address Today’s IT Challenges An interview with Christopher Aherne, Vice President of Federal Sector, MuleSoft
Today, government IT teams are expected to deliver more services with fewer resources. Consequently, many agencies have prioritized legacy modernization, interoperability and shared service models as a means towards increasing IT delivery capacity. But those approaches are easier talked about than executed. As agencies embark on legacy modernization, it becomes imperative to open up the existing technology so that new innovations can be delivered as needed in a secure way. One way to do this? A new approach to integration, one centered around application program interfaces, or APIs. GovLoop sat down with Christopher Aherne, Vice President of Federal Sector at MuleSoft, a provider of a leading platform for building application networks. “Legacy modernization is critical because legacy systems are relied upon every day to fulfill vital government missions,” Aherne said. “Maintaining the status quo of these critical systems is very expensive and growing, consuming large portions of agency budgets and resources.” Additionally, Aherne explained, with these old systems, there’s a perception that system integrity and security exists. But that may be because the systems are mostly kept locked and access is severely limited behind a firewall. “The best strategy to solve these challenges is to leverage service abstraction techniques using technology and organizational processes that accelerate the pace of incremental change” Aherne said. “The modern service abstraction technique is the API.” APIs are software intermediaries that allow two applications to talk to each
other -- bundles of separate routines, protocols, security software and software assembly tools designed to speed up and simplify communications with computer devices, internet communication systems and organizational databases. For example, when you use almost any smartphone application, the application connects to the Internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions and sends it back to your phone. The application then interprets that data and presents you with the information the user wants in a readable way. This is possible because the server defines a contract, allowing the application on your phone to communicate with it in a defined way. And in terms of legacy modernization, APIs can be an enabler to reducing complexity, increasing security, maintaining system integrity, and driving the pace of incremental development towards modernization. “Modern APIs are designed to give developers the ability to create such experiences quickly and effectively while maintaining the required security and policies of the backend systems of record,” Aherne explained. This is important, given that today’s digital enterprise has to be change-ready as expectations, policies and new technologies are evolving at a much more rapid pace than in the past. The mindset has shifted from requiring users to adjust to the backend systems, to a strong desire for the backend systems to adapt better to what the business or mission requires. “By pursuing an API-led connectivity strategy, where enterprise assets are available in smaller, reusable, secure building
blocks, many of our customers have been able to rapidly modernize without having to make wholesale changes on the backend first,” Aherne explained. MuleSoft’s Anypoint Platform helps agencies achieve these goals by combining data integration with API lifecycle management on a single platform. Both of these capabilities are required to unlock data and services from legacy systems, and expose them in a secure and governed manner in a useable fashion for modern applications. “MuleSoft provides the functionality required to address the full lifecycle of APIs and the ability to compose data for richer experiences. Furthermore, the platform affords full visibility, security and governance of the data exposed through APIs, without extra work needed on the developers or operators,” said Aherne. “API building blocks can be deployed on-premise within an agency’s data center, on a public or private cloud of the agency’s choice, or deployed on MuleSoft’s iPaaS as a service in the cloud.” This specific combination of API lifecycle management, data integration and connectivity on a single platform allows an agency to deliver projects faster, respond quickly to changing requirements, and create new services, leveraging work already done. The proliferation of cloud technologies and the growing IT delivery gap in federal government are forcing agencies to re-evaluate their approaches to IT. By using an API-led approach to address connectivity challenges faced by the federal government, IT teams can enable their agencies to better support citizen and department needs.
Your Roadmap to IT Modernization // 11
The Role of DCOI in IT Modernization A large part of IT modernization for government is using, sharing, storing and managing data more efficiently. A significant challenge for agencies has been the exponential growth of datacenters, which has become increasingly complex and costly for government to manage. The growing number of datacenters has now become unsustainable for government. That’s why understanding the role of the Data Optimization Initiative (DCOI) in IT modernization can help agencies get a better sense of how to prioritize data and IT needs while also figuring out where to put all their data as part of their modernization efforts.
Before the DCOI, there was already a focus on reversing
Some argued that the FDCCI was a noble effort met with
the unsustainable growth of datacenters. In February 2010,
some successes but ultimately too inefficient to yield real
OPM established the Federal Data Center Consolidation
results. That’s why the initiative eventually evolved into the
Initiative (FDCCI) to consolidate datacenters. The Initiative
Data Center Optimization Initiative (DCOI), which supersedes
sought to curb datacenter increase by reducing the cost of
the original FDCCI. The DCOI requires agencies to:
datacenter hardware, software and operations and shifting IT investments to more efficient government platforms, like cloud or shared services. The results of this initiative were a mix of positive and negative. During its nascent stages, the tally of datacenters run by the federal government rose from around 1,100 in 2009 to over 3,100 in 2015. However, by October 2013, 640 centers had been closed. A further 470 closures were scheduled to happen by September 2014. The FDCCI also aimed to save $3 billion to $5 billion by 2015. While the FDCCI was initially off to a great start, the datacenter count only continued to skyrocket. A look at some FDCCI statistics from Data.gov shows that even though 746 closures had been completed by 2014, there was a final tally of datacenters that exceeded 7,000.
12 // A GovLoop Guide
1. Develop and report on their datacenter strategies; 2. Transition to more efficient infrastructure, such as cloud services and inter-agency shared services; 3. Leverage technology advancements to optimize infrastructure; and 4. Provide quality services for the public good.
To prioritize and measure agency progress for this initiative, OMB plans to focus on two key goals as the primary metrics: optimization and cost savings. Agencies would submit to the inventory on a quarterly basis.
Goal 1: Optimization
Goal 2: Cost Savings
In order to push agencies to reduce manual recording and
By the end of fiscal year 2018, agencies are expected
entering of data, the DCOI encourages agencies to instead install automated monitoring tools that can monitor and report information directly. OMB combined server utilization and automated monitoring as a single metric under optimization. This metric shows how well agencies’
to reduce government-wide annual costs attributed to physical datacenters by at least 25 percent. The hope is that government can save a total of up to $2.7 billion dollars by the end of 2018.
servers are being utilized, discounted by the fraction of servers being monitored by automated tools.
Physical Datacenters
Agency Metering and Power Efficiency
Automated Infrastructure Management
In addition to cost savings and optimization, agencies are expected to cut down their physical datacenters for the sake of reducing their environmental footprint. The DCOI provides that rooms with a least one server (whether in a production, test, stage, development, or any other environment) are considered datacenters.
The DCOI mandates that agencies install automated energy metering tools by 2018 so that agencies can report their energy usage in their datacenters. OMB will then monitor the energy efficiency of datacenters through a Power Usage Effectiveness (PUE) metric. Energy metering tools would then enable the active tracking of PUE for the datacenter.
Datacenters are also categorized into two groups: tiered datacenters and non-tiered datacenters. Tiered datacenters are defined as locations that use a separate physical space for IT infrastructure, and uninterruptible power supply, and an independent cooling system and a backup power generator in case of power outages. All other datacenters are considered nontiered datacenters.
Agency CIOs are required to ensure that existing tiered datacenters achieve and maintain a PUE of less than 1.5 by September 30, 2018. Effective immediately, all new datacenters must implement advanced energy metering and be designed and operated to maintain a PUE no greater than 1.4.
As part of OMB’s optimization goal, agencies are expected to eventually replace manual collections of reporting systems, software and hardware inventory housed within datacenters. These are to be replaced with automated monitoring, inventory and management tools (such as data center infrastructure management) by the end of fiscal year 2018. These tools can measure progress toward the server utilization and virtualization metrics laid out in the DCOI. Additionally, agencies should include automated infrastructure management requirements for all new datacenter service contracts or procurement vehicles. Any new datacenter contractor procurement vehicle must require the contractor to report to the contracting agency.
The DCOI serves as a strong initiative and incentive for agencies to consolidate datacenters and IT infrastructures and use their datacenters more efficiently. Not only can this initiative help agencies save on costs, but more importantly, keep up with the latest in IT modernization.
Your Roadmap to IT Modernization // 13
Fast Track IT Asset Discovery
Up to 100% accuracy in 15 minutes Map data center assets and relationships holistically for optimal insight — Bring IT to Life at bmc.com/publicsector
© Copyright 2016 BMC Software, Inc.
14 // A GovLoop Guide
INDUSTRY SPOTLIGHT
Using Data Optimization for IT Modernization
An interview with Mark Gaydos, Chief Marketing Officer at Nlyte Software, and Justin Williams, Federal Account Manager at BMC Software
It would be an understatement to say that data optimization is big in government right now. As agencies struggle to accomplish their mission with decreasing budgets and staffs, leaders are constantly looking for solutions to do more with less. By closing and consolidating under-performing datacenters, government can cut spending on underutilized infrastructure and increase efficiency with fewer datacenters to run and manage.
agencies to transition to more efficient infrastructures, such as cloud services and inter-agency shared services while reporting on their datacenter strategies.
In an interview with GovLoop, Mark Gaydos, Chief Marketing Officer at Nlyte Software, and Justin Williams, Federal Account Manager at BMC Software, discussed the challenges of the growing number of datacenters, the benefits of data optimization, and solutions that can help agencies make the most of their data. Nlyte and BMC have partnered to offer enterprise solutions that help optimize datacenters as well as speed datacenter migration.
Since the DCOI also highlights cost savings as a goal, more and more agencies are looking to Data Center Infrastructure Management (DCIM) tools as part of their solutions. “DCIM allows you to optimize the physical space you have,” Gaydos said. “You can also identify ‘zombie servers’ or those that have no function and consolidate accordingly.”
“There has been enormous growth in datacenters across federal agencies as well as data and applications,” Gaydos said. Specifically, the number of federal datacenters grew from 1,000 in 2010 to close to 10,000 in 2014. Much of this growth can be attributed to growing citizen demand for real-time access to government digital services. “With constituents becoming used to accessible, reliable and on-demand services from every other sector, government has to become more efficient in how they deliver their services,” Williams said. Gaydos and Williams emphasized that if you want to better understand the importance of data efficiency in government, you need to look at a key piece of data legislation. Specifically, the Data Center Optimization Initiative (DCOI) requires
“The DCOI helps drive agencies away from the manual collection of data and more toward systematic, automated collection,” Williams added. “This reduces human error, since you’re not relying on individuals to manually collect the data.”
To put the numbers in perspective, the government spent approximately $5.4 billion on physical datacenters in fiscal year 2014. DCOI’s goals are to reduce datacenter spending by $270 million in 2016, by $460 million in 2017 and by $630 in 2018 for a total of $1.36 billion over the next three years. DCIM tools like Nlyte Enterprise Edition for BMC Software automates the management, processes, policies and dependencies that surround datacenter infrastructure. Such solutions can help reduce the cost for resources (such as power, servers and service contracts) while increasing the efficiency of the people who manage the actual datacenters. This allows agencies to focus on other priorities and mission needs and respond to such demands faster, without having to worry about what’s going on in their data infrastructures. Gaydos and Williams recommended that when looking for DCIM solutions, agen-
cies should evaluate vendors by looking for comprehensive solutions that also help agencies comply with the DCOI. “Your vendors should help you cover all the areas: power monitoring, environmental considerations and virtualization,” Gaydos said. “You want the one that covers all the DCOI initiatives, allows you to manage processes better and has the functionality you need.” To achieve these results, look for a DCIM solution that allows you to optimize your datacenter with: • Workflow management: Execute changes more efficiently down to the main data center. • Reports and dashboards: Automate the measurement of your data center operations. • Asset management: Know what you have and where, and optimize your tech cycles. • Connection management: Avoid downtime due to human error with power and network visualization. • Virtualization management: Link your visualization layer to your physical and logical layers. Nlyte for BMC Software demonstrates how DCIM solutions can also maximize the use of datacenter space, available air condition and electrical power facilities. This allows for ease of use without heavy professional services or extensive user training, saving costs for your agency and time for your IT staff. The increasing demands of constituents, like real-time updates from government and easy access to public digital services, require agencies to rethink their data optimization strategies. What’s certain is that, when it comes to datacenters, less is more. Your Roadmap to IT Modernization // 15
How Agencies are Modernizing Modernization looks different for every agency. The following case studies feature agencies that have made significant efforts in modernizing their IT infrastructures. Each modernization project was aligned to the agency’s unique needs and goals.
NASA’s Enterprise Service Desk NASA’s modernization project focused on helping its employees deliver better services and allowing outside users to easily navigate the website and interact with the agency. As early as 2012, NASA decided to update its IT services to help create a one-stop shop for both internal employees and the public to easily access. NASA’s Information Technology Infrastructure Integration Program (I3P) has transformed NASA’s IT infrastructure to a standard, enterprise-based management and provisioning model shared across the agency. The scope of I3P is broad, entailing consolidation and central management of IT services in the areas of Tier-0/1 (faster level of storage) service desk and ordering, web services and technologies, enterprise business and management applications, integrated network/communications services and end-user services. To get a better understanding of the need for this modernization effort, GovLoop sat down with Paul Rydeen, Engineering Services Contract (ESC) Program Officer at NASA. Rydeen acknowledged that while the need to modernize might seem obvious, it might not be as obvious to everyone in your organization. “However, it’s important to get buy-in ahead of time to encourage more user acceptance and deliver a better user experience,” Rydeen said. What does modernization mean to NASA? In order to save on costs while updating platforms for the shared services center, NASA moved many of its services to the cloud. “For us, [modernization] meant moving to the cloud, finding the right software and virtualization,” Rydeen said. The NASA Shared Services Center (NSSC) provides services across the agency in five functional areas, including agency IT services and selected activities in financial management, human resources and procurement and business support
16 // A GovLoop Guide
services. The Tier-0 website acts as a gateway for NASA users. Employees or citizens with NASA accounts can access hundreds of knowledge articles, submit a ticket, check the status of a ticket, order a new service, check order status and view notifications. “We have two help desks on either side of the hall. One is about IT, and one is for the non-IT work we do for HR procurement,” Rydeen said. “This desk overall helps generate and track a lot of calls from members of the public.”
Takeaway: The NSSC helps employees and citizens alike easily access NASA’s vast array of services. Modernization projects that compartmentalize services into one resource center can help agencies deliver better services to citizens while also improving their employees’ experiences and overall productivity. If your agency is looking to modernize by consolidating your IT resources in a shared services center, you may want to consider the following examples from NASA: • Get user buy-in from the beginning. • Consider moving services to the cloud to save on costs. • Ensure enough staff is available to answer questions internally and to citizens accessing your agency from outside.
FCC Modernizes IT Enterprise The Federal Communications Commission (FCC)’s modernization program centered around a seven track strategy to improve the agency’s IT infrastructure while promoting the cultural change needed for success. The FCC is often touted as the golden agency for its massive IT overhaul efforts. As the agency responsible for setting modernization standards in IT and Internet/Wi-Fi access, the FCC leads by example. In an interview with GovLoop, Dustin Laun, Contractor and Technology Expert, explained what modernization at the FCC looks like and some of the challenges presented. “Modernization can mean a number of things like updating your technology stack but also updating your mindset about how that should work, how you should work and your methodologies,” Laun said. “It’s a total transformation from both the technology and mental aspects.” To help the American public, the FCC regularly updates modernization efforts, which includes projects such as ULS (Universal Licensing System) that aim to help enhance the way licensees currently interact with the agency as well as create an exceptional end user experience. When FCC started their modernization program, it laid out seven tracks and supporting goals: 1. Improve secure employee and telework mobility. Help personnel work from anywhere, anytime, on any device without compromising security. 2. Secure internal and external collaborations. Expand storage capabilities of email and use other cloud-based solutions to improve collaboration. 3. Strengthen IT security posture. Improve security of networks and privacy of user information by baking-in automated alerts, compartmentalized controls and system resiliency. 4. Transform access to enterprise data. Modernize systems by implementing web-based user interfaces as well as application programming interfaces (APIs) to make data more open to public and partner organizations. FCC
wanted to establish a working group that extracts data from old legacy systems. 5. Modernize legacy systems and tracking. Update FCC’s 200-plus systems by encouraging the bureaus and offices as well as relevant partners to storyboard their desired “to be state”. Then, produce modular components for systems and desired workflows. 6. Improve FCC.gov and complaint reform. Identify most useful parts of FCC.gov by outreach to the public and partners as well as data-driven analytics. 7. Increase transparency and system usability. Pursue mobile and cloud-based applications to make more open data available to others. The FCC journey to modernization certainly didn’t come without its challenges. “It’s always hard starting out on the track of modernization because people are really resistant to change,” Laun said. To address such challenges, Laun emphasized the importance of documenting every small win and sharing every step of the modernization project. That made the project both more feasible and widely accepted.
Takeaway: By simultaneously addressing both the technological and cultural aspects of IT modernization, the FCC can successfully roll out projects like ULS. IT transformation can be increasingly successful with detailed plans, like the seven tracks that the FCC used for its modernization program. To address both technology and culture through your agency’s modernization project, here are some examples you can take from the FCC: • Assemble a detailed plan with steps for each stage. • Document small wins every step of the way. • Share progress of your efforts with all stakeholders involved.
Your Roadmap to IT Modernization // 17
Illinois Consolidates IT The state of Illinois’ modernization project centered on creating a new agency to consolidate all information technologies and tools into one place. Illinois started its innovation journey in 2015. Last year, priorities included consolidation, customer-centric culture and cybersecurity. To achieve this, the state rolled out the Department of Innovation and Technology (DoIT), a new agency that brought the entirety of the state’s IT under one umbrella. Under this effort, the state managed to consolidate 38 IT silos into the new agency. This effort brought together 1,700 employees and a billion-dollar spend into a coordinated department. In an interview with GovLoop, the state’s CIO, Hardik Bhatt, shared Illinois’ new IT priorities and the state’s progress. “Our entire journey as an IT department can be mapped out in three steps: improving the business of IT, improving the business of the state using IT and finding areas where we can leapfrog,” he said. In addition to consolidation, DoIT will provide high-value, customer-centric technology to agencies to foster collaboration and empower their employees to provide the best services to their citizenry. While modernizing the nuts and bolts of Illinois’ technology has been beneficial, it’s equally important that cultural innovation take place. “We are focusing on building a borderless culture,” Bhatt said. “In order to do this, we brought together all the CIOs of different agencies and put them together in groups of five to seven and gave them enterprise strategy responsibility.”
18 // A GovLoop Guide
These groups include topics like cybersecurity, backend development and analytics. The working groups bring together technology leaders from across the state, further breaking down silos and creating a borderless culture across the state. As Illinois continues to champion innovation, Bhatt and his team want to mirror the governor’s priorities. “Our governor wants to make Illinois compassionate and globally competitive while providing the best citizen experience possible,” he said. Instilling these values into the state’s core IT mission allows Illinois to persistently champion IT advancement.
Takeaway: Illinois’ modernization project is an example of how consolidation across IT departments and collaboration among IT leaders and professionals can improve the citizen experience. If your agency’s modernization aspirations are consolidation, or even creating an entirely separate IT department, here are some tactics you can take from Illinois: • Identify your agency’s mission, business goals and areas where you know your agency could excel. • Foster collaboration by bringing CIOs and IT professionals from various departments to strategize and brainstorm ideas for modernization. • Create working groups to focus on specific issues for your project, like cybersecurity or the analytics components.
The Definition of IT Modernization As the previous case studies illustrate, modernization can mean a variety of things to different agencies. But with so many different takes on modernization, it can be hard to agree on what exactly modernization should comprise.
IT modernization has been defined as the continuous evolution of an organization’s existing application and infrastructure software, with the goal of aligning IT with the organization’s ever-shifting business strategies. For government, alignment means increasing cost efficiency while reducing expenses. IT modernization also lets organizations maximize their existing application assets as they move toward a more open, complete and integrated application and infrastructure platform. In simpler terms, an IT modernization project aims to create new business value from new and/or existing applications or systems. According to the American Council for TechnologyIndustry Advisory Council (ACT-IAC), a successful modernization program is one that combines business processes, people and technology to reduce risks, promote adoption and realize potential benefits. Modernization means agencies become more efficient and effective in performing the functions that support their missions. Modernization projects require frameworks that are pre-built, pre-modeled and pre-tested to accelerate transformation, reduce costs and mitigate operational risks. All modernization frameworks should provide processes, tools, resources and assets that reduce much of the risks of modernization. Such risks include deployment failure or security risks moving data to new systems. Using frameworks for modernization projects, agencies have more opportunities to be proactive in generating demand for updated enterprise architecture. Frameworks not only help agencies better plan but also better inform users and stakeholders. Anyone who is affected by the project in question
can easily follow along with a framework. This, in turn, aligns with long-term organizational objectives and enables managed adoption of enterprise architecture standards. Some agencies may need to completely overhaul current applications and systems. Others may need new platforms or databases.
Agencies can use the following tactics to define their modernization strategies Rehost. IT managers can shift an application to another platform while leaving the old system and agency-specific customizations largely untouched.
Rearchitect. Software engineers and managers can use tools to recover and reassemble the business-relevant code from legacy applications while eliminating technology-specific code.
Replace. Managers can switch legacy applications with new ones if the legacy application does not incorporate unique agency data and functionality.
Integrate. Architects can wrap legacy applications (support old systems that can’t be retired) and create a Service-Oriented Architecture (SOA) – a style of software design where services are provided to the other components by application components, through a communication protocol over a network. SOA can then be used to operate on a new platform but is implemented by the existing code.
Migrate. For some legacy applications, IT professionals can automate the migration to new technologies without changing the application design.
Your Roadmap to IT Modernization // 19
NASA'S DATA IS IN THE CLOUD, IS YOURS?
Wish You Were Here. When NASA needed a company to handle mission critical data from Mars - it turned to Amazon Web Services. Come see what AWS can do for your agency’s data.
aws.amazon.com/government-education 20 // A GovLoop Guide
https://aws.amazon.com/nasa
INDUSTRY SPOTLIGHT
Modernizing Culture & Technology for Effective Transformation An interview with Doug VanDyke, General Manager and Director of the U.S. Federal Sector, Amazon Web Services
Government needs to deliver new and better technologies, faster than ever to meet rising citizen demands. But agencies struggle to do so due to legacy systems and a significant lack of awareness about the latest technologies in the government IT workforce. So, how does government continue to modernize while addressing the challenges of educating the workforce? In an interview with GovLoop, Doug VanDyke, General Manager and Director of the U.S. Federal Sector at Amazon Web Services (AWS), said the answer requires a dual focus on both the technologies and the people. “In order to keep up with the changes in technology, it’s important to build an IT workforce that understands what the new technologies are and help them stay ahead of the technology learning curves,” VanDyke said. Specifically, VanDyke said that government can effectively modernize by applying agile development, serious cultural changes and modern platforms that enhance existing government applications. First, agile development is becoming more popular in both the public and private sector as it promotes iterative and incremental development of software. “Agile development is faster and less expensive as a way to deploy new technology,” VanDyke said. “Since it’s incremental, you can make changes in a more effective way if your program happens to fail or doesn’t meet all the requirements.” For example, an agency’s IT team may try to deploy a new website interface for its citizen base. With agile development, the team can deploy smaller code sets that are lower risk. The team can also respond faster to their users if there are problems or glitches with the website,
even after deployment. Since the team is taking an agile approach, instead of waiting two years to realize that the large program doesn’t meet all the requirements, the team can address problems early on in the modernization project. Second, in order for agencies to successfully keep up with modernization, there needs to be an openness to new technologies and processes. In many agencies, that requires cultural changes. It is understandable why government would be hesitant to adopt an approach like agile development that allows agencies to “fail early and fail often.” Government cannot afford to fail as easily as the private sector since there could be serious ramifications for the entire nation. However, VanDyke referred to digital services teams as a way that government is already easing itself into cultural changes needed for modernization. A digital services team is made up of individuals who help agencies use industry standard best practices in meaningful ways. It may be built from the ground up or a team can be created with existing staff who have been assigned new roles and augmented with new skilled staff. “Having digital services teams in every agency can help because it is their job to understand new technologies and translate them into government missions,” he said. Such teams help improve awareness and education in the IT workforce by having individuals, either from within or outside the agency, who are knowledgeable in the latest technologies and best practices. These groups can help government adapt to the cultural changes needed for modernization so that government is ready to embrace newer technologies and take sensible risks.
Finally, VanDyke suggested that government choose effective cloud solutions to aid government’s path to migration and adoption of new technologies and services. Private sector organizations, like AWS, offer cloud computing and other modern technologies that can fit government needs to balance resources with agility and security. Ideally, agencies should look for these qualities in their technology platforms: • Security: Cloud platforms and infrastructure that puts strong safeguards in place to protect government data and citizen privacy with information stored in highly secure datacenters. • Private, isolated resources: Cloud architectures can offer the right amount of isolation (degree of privacy) to protect government applications as well as the ability to choose how much to integrate with existing resources. • Compliance: Rich controls, auditing and broad security accreditations are essential to maintain compliance with federal requirements, such as those laid out in FedRAMP. • Hybrid: Architectures that combine on-premise and cloud capabilities can help government agencies extend their local resources more easily to the cloud. Ultimately, real modernization and effective transformation in government are dependent not just on the right technologies, but also on awareness in the IT workforce. Agile development, cultural change and the right platforms can be the best combination of people and technology to help agencies further their modernization efforts. Your Roadmap to IT Modernization // 21
P L AY 1
Assessment & Roadmap IT modernization begins with assessing where your agency is in terms of legacy systems and innovation. That process helps you identify needs and outline a roadmap for what you want your IT modernization project to achieve. This stage incorporates analysis of current and future business processes and capabilities to assess the extent to which the IT portfolio meets those needs. Based on this analysis, create a roadmap of application dispositions. You may decide to decommission, retire, remediate, re-platform, consolidate or enhance applications. Such actions can help optimize the portfolio to align with your agency’s constraints, dependencies, priorities and budget profile. To determine application dispositions, consider the best assessment topics for your agency. You may want your applications’ assessment topics to include security, functional health, technical health, strategic alignment and financial impact. Examining such topics provides your agency with the data-driven insight needed to make better decisions concerning applications. The assessment provides detailed understanding of the current environment, including individual application characteristics, and establishes a baseline scope and roadmap to reduce risk. During the assessment phase, the first step is to understand your IT modernization project scope and complexity. For example, suppose a system runs through one agency, i.e., the Department of Energy, and provides data to a second agency, i.e., Department of State, for reporting. The first agency wants to modernize its system, but the receiving agency cannot accept the data in a new format – what happens then? Does the second agency have to modernize too? That scenario illustrates why an assessment is so important as the first step in determining your best modernization approach. Next, the roadmap process should include an analysis of alternatives to help you consider the full range of feasible options and determine the best strategy before you invest. The roadmap breaks down the preferred option in multiple “waves”
22 // A GovLoop Guide
to plan, design, build, test and implement smaller components of the application, rather than modernizing the entire system all at once. Developing a modernization roadmap is critical, as it presents a comprehensive view of your agency’s technology strategies in the right sequence. Ideally, your roadmap should include multiple dimensions, including the application modernization technical approach, governance and lifecycle management functions and methods for closing any technology gaps. It should highlight enterprise-level information requirements, cross-enterprise and business partners’ integration needs, enterprise-level security and operational support measures. Ultimately, your assessment and roadmap will provide you with both a timeline for the expected modernization to occur and estimated costs. This is especially important for helping you make sure that cost and time estimates are based on a genuine assessment of your existing architecture rather than just guessing.
By assessing your current infrastructure and drawing out a roadmap for your IT modernization project, you’re more likely to have a realistic estimate for the scope of work and a more successful project overall.
Steps to Implement Conduct an assessment. Analyze your agency’s current state of IT. Understand your IT inventory (i.e., apps and legacy systems) from the top leadership in your agency to the bottom. Understand the project scope and complexity. Consider to what extent you want to modernize your IT systems. You may want a hybrid approach where you still maintain some of your agency’s legacy systems rather than a massive overhaul to entirely new systems. Finalize what you want the future state of your IT architecture to look like. Analyze alternatives. Conduct a risk analysis of each of your project alternatives. Once you identify a project with the lowest risk and highest payoff, select your preferred alternative (outcome) for your modernization project. Outline a roadmap. Consider the lifecycle costs and time constraints for your preferred alternative and plan accordingly. Break the path to your preferred option into manageable chunks or waves.
Your Roadmap to IT Modernization // 23
THERE’S NEVER BEEN
A BETTER
TIME to worry less and innovate more
cisco.com/neverbetter
©2016 Cisco and/or its affiliates. All rights reserved.
24 // A GovLoop Guide
INDUSTRY SPOTLIGHT
Why IT Modernization? An interview with Kapil Bakshi, Distinguished Systems Engineer, Cisco
Modernizing agency IT systems is about more than just refreshing IT assets. It is an opportunity to rethink and update agency business processes, enable new capabilities and refresh technology with those process changes in mind. IT modernization is about how agencies will evolve into the government of the future. To better understand the importance, steps, and benefits of IT modernization in the public sector, GovLoop interviewed Kapil Bakshi, a Distinguished Systems Engineer at Cisco, a FedRAMP-authorized cloud provider. He explained that the need to deliver new mission capabilities, improve cybersecurity and standardize platforms are three key drivers pushing agency IT modernization initiatives. The customers of government agencies, whether that is the public or other organizations, are increasingly using technology platforms in everyday life and business, so constituents expect that their government will be similarly accessible. As agency leaders plan their IT modernization initiatives, the customer experience has to be top of mind. Cybersecurity is another critical piece of IT modernization. The best protection will prevent as many cyberattacks as possible, detect and stop those that do get through a firewall, and gather data for later analysis. Bakshi emphasized that “cybersecurity can and should be incorporated into IT modernization strategy from the beginning of any project”. The third driver for IT modernization is the need to standardize platforms. According to Bakshi, this is important because, “If you standardize your infrastructure, applications and development methodologies, then you can easily share or consolidate them, and deliver them in a shared services model.” Having standardized, modern platforms makes it easier for organizations to migrate to
the cloud and share data with internal or external stakeholders.
ensure that a project is completed with end state in mind,” he added.
Once agencies decide to take on an IT modernization initiative, there are certain steps that Bakshi advised agencies to work through.
Another benefit of IT modernization is that it helps agencies migrate to the cloud more easily. If agencies update their IT systems, then they will be able to optimize seamless cloud platforms in their new infrastructures. “Cisco has been on the forefront of developing cloud infrastructures and products for cloud models,” Bakshi noted.
“First, agencies have to put together an ‘as is’ state, and have a crisp understanding of where things are,” he said. This baseline view informs IT buyers what their gaps and needs are, and provides a benchmark for measuring improvements. Next, agencies should develop a roadmap and business plan to determine the agency’s desired end state. The roadmaps will establish timelines for completion and create clear objectives for the projects. Most importantly, the plan will map out what the agencies future mission capabilities will look like. Lastly, agencies will need to determine which metrics to use to evaluate the progress of the IT modernization initiative. These performance metrics help leaders understand the status of the IT modernization project at any given point and they help leaders incorporate an IT maturity model. The maturity model gives agency leaders a way to benchmark successful completion of each stage of the project by comparing the actual outcomes to the expected outcomes of the end-state. Agencies that have modernized IT systems have seen benefits such as greater return on investment, an improved cybersecurity posture, optimized cloud systems, analytics and app development. “IT modernization creates greater return on investment for the taxpayer when the outcomes of the projects outweigh the investments,” Bakshi said. “The return on investment needs to be continuously evaluated as agencies progress along the maturity model to
Migrating to the cloud model will also allow agencies to modernize their applications and transform legacy applications into cloud native platforms. By modernizing IT systems, agencies will be able to easily migrate platforms and applications to the cloud consumption model, and as a result, a wider range of innovations will be available for improved efficiency and effectiveness. A key tenet of IT modernization is analytics-based insights. Agencies use data analytics to evaluate their missions, service delivery outcomes, and business processes. By gaining insight from increased analytics and performance metrics, government leaders can better target reform efforts, create more efficient organizations and determine how to best serve their citizens. IT modernization is important for the public sector because it will allow agencies to expand their mission capabilities, improve cybersecurity, and create standardized platforms. By evaluating the current state, determining the desired state and measuring progress during projects, agencies can reap the benefits of IT modernization. These benefits include increased return on investment, data analytics and the power of cloud computing and analytics. In turn new IT capabilities will help government better serve citizens and deliver on their missions.
Your Roadmap to IT Modernization // 25
P L AY 2
Modernization Readiness The second stage of IT modernization includes preparations to establish the technology architecture and project management goals. In this stage, leadership focuses on how to plan, communicate, organize and staff the modernization project. At the beginning of this stage, agencies need to identify if they are working with a pre-existing framework or not. If your agency does not have a common architecture stack, you should define it here. Agencies that do have an existing architecture framework should be evaluated for capabilities required for the modernized system. Once your agency has a framework in place, you can make your high-level roadmap (from stage 1) and extend it to include the detailed steps needed to track and deliver the project at a more micro level. These steps include developing a staffing and communication plan. When developing a staff plan at this level, it’s also critical to establish a team with key management oversight in each discipline. The leadership roles needed for a successful modernization initiative include a: • strong project manager • business lead • system architect • data architect • security architect • development and integration manager • test manager • configuration manager • operations manager • contracting officer Of those positions, the project manager is the most important role. This person has to work with other stakeholders and the executive board on key decisions throughout the project. The
26 // A GovLoop Guide
best way to ensure modernization governance and cooperation is through a single, transparent reporting relationship between the project manager and oversight governance board. Empowering agency leaders allows them to make decisions that bind their organization while simultaneously fostering stronger partnerships between the other stakeholders, i.e., employees and citizens. The modernization governance board should not try to take over for the project manager, but instead act as a forum where the project manager can elicit feedback on critical issues and trade-off decisions. The board should be informed, empowered and vested in the program’s success and should view the project manager as a trusted advisor and subject matter expert. After a modernization team is established, you can start developing mechanisms to drive alignment and proper decision-making for all stakeholders involved in the modernization effort. Many IT programs fail because of poorly defined and inadequately managed requirements through the program lifecycle. So, getting key stakeholders to agree on desired outcomes and the approaches to meet those outcomes at the beginning of the initiative is crucial. It is also important, however, to stay agile as you prepare to launch your modernization effort. This consensus-building isn’t a one-time exercise. Alignment is an ongoing process throughout the strategic planning, design and development and implementation of the modernization initiative. For complex IT systems, it’s important to align IT, finance, procurement, legal, security and privacy teams. Ensuring communication and cooperation between these groups is necessary to facilitate a successful modernization effort.
Steps to Implement Plan the project. Have a strategy for how the project manager, project leadership, key stakeholders and executive board are going to communicate. Define expectations early to avoid miscommunication on requirements later in the project. Communicate throughout the project. Know who your key stakeholders are and involve them. Constant communication is key to understanding alignment and decision-making at every step of the effort. Organize and staff the project. A strong project manager and governance team leading the modernization effort is the single most important ingredient to success. Create a strong modernization management team by thoughtfully filling each of the leadership roles to make the subsequent modernization steps smoother.
Your Roadmap to IT Modernization // 27
Government, rewritten by software.
©2017 CA, Inc. All rights reserved. 28 // A GovLoop Guide
INDUSTRY SPOTLIGHT
Taking Advantage of the Application Economy at Your Agency
An interview with Jeremy Rissi, Senior Director, Digital Transformation Solution Sales, CA Technologies
Technology has changed and will continue to change the way government reaches out and communicates with citizens. Gone are the days when faxing forms to a central government office was the norm. In today’s application economy - a connected, mobile application-based world enabled through software - citizens want quick and reliable services at their fingertips, on any device they choose. In order to better understand how agencies can thrive in this software-driven environment, GovLoop sat down with Jeremy Rissi, Senior Director of Digital Transformation Solution Sales at CA Technologies, a company that provides software to modernize and secure applications. “Citizens expect immediacy and they expect better efficiency from government services, whether that’s applying for a permit, paying taxes, or registering a business,” Rissi explained. As a result, the public sector is leveraging application programming interfaces, or APIs, to build applications that allow them to deliver the services citizens expect in a quick, reliable, and secure manner. An API is an interface that lets one software program “talk” to another one, exchanging data behind the scenes. Using APIs agencies can link previously siloed legacy systems, eliminate boundaries between departments, improve internal processes, and most importantly provide a more efficient way of building new services. “Users don’t care about IT systems, about software applications, or about where data resides. They care about the things they want to accomplish; the tasks they expect to get done. Agencies must use APIs to separate functions and capabilities from the applications and the data sources” said Rissi.
As agencies increasingly rely on APIs to deliver citizen-centric experiences, they will need a means to efficiently create and manage these APIs. API management tools allow agencies to realize the benefits of APIs while mitigating the inherent security risk that come with opening up the enterprise. First, API management tools speed up application development which according to Rissi is a challenge for the public sector. “Slow application development is a huge obstacle. Many agencies are taking anywhere from one year to 18 months to create applications. In today’s application economy, agencies have to be more agile, and show iteration month after month”, said Rissi. API management tools simplify development and allows for seamless integration. When developers want to build a new service, they don’t have to start from scratch. API management tools allow services and components to be reused which in turn cuts the time it takes agencies to deploy new services to citizens. API management tools also help make the capabilities of an agency more accessible to developers and constituents alike. When asked about how CA Technologies addresses this challenge, Rissi said, “At CA, accessibility is achieved by helping our clients make systems themselves less complex and by taking advantage of the application economy”. CA Technologies’ management tools provide catalogs of available APIs as well as instructions. This in turn makes systems easier to maintain, allows internal developers to access agency systems and innovate around their APIs, and makes agency services more available to citizens. Most importantly, API management tools help agencies to eliminate data and
security risks and Rissi assured that CA Technologies’ tools and services have security built into it. “When we talk about security, we are talking about authorization, authentication, and access,” he explained. Thinking through these security paradigms as agencies build out new systems allows them to integrate security into the IT maturity model and IT department as a whole. An API management tool can secure and control access from a single interface allowing agencies to protect its data without sacrificing user convenience. In addition to providing the tools agencies need to modernize their IT infrastructure, CA Technologies and Three Wire Systems, an application development systems integrator and trusted CA partner, also provides expertise to agencies on their modernization journey. “Agencies need to think about what services they provide to their constituents, how they want to deliver those services, and the ecosystem of capability that makes this possible,” Rissi said. Three Wire Systems works with agencies to clearly define what they want to achieve and who the stakeholders in the delivery will be to make sure agencies set clear objectives for their IT modernization projects from the start. Looking forward, government can benefit from the continued growth of the application economy by collaborating with private sector partners, like CA Technologies and Three Wire Systems, to integrate their IT infrastructure and efficiently develop and manage their applications. By leveraging solutions that help unlock the value of data, accelerate development, and reduce data and security risk, agencies will be able to better drive their mission and thrive in today’s application economy.
Your Roadmap to IT Modernization // 29
P L AY 3
Modernization Execution Now that you’ve detailed the necessary steps to track and deliver your agency’s modernization project, it’s time for the execution stage. For agencies that have successfully tackled such a massive undertaking, strong engagement and communication between government and industry was vital. For example, the Federal Communications Commission moved hundreds of servers and apps, plus terabytes of storage, to a new platform by outsourcing data center operations and upgrading infrastructure. Key to the project’s success was a strong engagement with industry, agile implementation and a solid governance approach. During the execution phase, agencies are primarily focused on designing, building and configuring the new IT environment and applications, all while keeping cybersecurity top of mind. You’ll want to ensure any configuration efforts align with government standards and policies that minimize risk and reduce your agency’s overall attack surface, or the paths and methods that hackers can use to exploit vulnerabilities. “Integrating security is critical for the modernization program,” according to the ACT-IAC report. “It is imperative to begin early in the lifecycle and use an architectural review of applications security measures to identify and address potential security vulnerabilities. This involves leveraging proven security strategies and using security testing processes, such as code testing, code reviews, and vulnerability/penetration testing throughout the modernization program to proactively identify and remediate security vulnerabilities.” The overall strategy for modernization execution will vary based on the agency and can include different approaches for installing hardware and software. But despite these differences, there are common themes that span across all implementations: • Comply with the organization’s System Development Life Cycle (SDLC) process, which defines the various steps for developing information systems. It’s important to comply with this process to ensure that modernization efforts are subject to and enforced by the established rigor for any application development or maintenance activity.
30 // A GovLoop Guide
• Modify and standardize across all modernization programs, especially if the current SDLC does not map to the modernization process. • Enforce compliance with the organization’s architecture guidelines so that it is easier to maintain modernized applications. All agencies should have an enterprise architecture, which is a blueprint that guides how their information technology and information management elements work together to accomplish their mission. • Incorporate early performance tests, especially when moving hardware to a new platform or hosting environment, to verify that the modernized application will deliver required performance once it’s placed into production. Testing for a modernization program is a complex task. Many systems lack documented requirements and test cases for applications. These test cases should define the steps and preconditions needed to determine if that system functions correctly. The testing strategy should also identify the test case sources and the environment in which the system will be validated. Keep in mind that the testing strategy also depends on the modernization strategy, which can vary by project and agency. At the Housing and Urban Development Department (HUD), for example, the agency used a phased approach with shared services for its modernization strategy. When it comes time to execute your modernization project, communication and stakeholder inclusion are key. Integrate security early on from the get-go, incorporate numerous tests and be sure that as you’re modernizing, you’re also standardizing across all programs.
Steps to Implement Define your strategy for modernization execution. Each strategy has unique business cases, business drivers and strengths and weaknesses, so evaluate carefully. Align the strategy with your agency’s SDLC process. Doing so will help to ensure your system meets agency standards for development and maintenance. Make cybersecurity a priority. Review the architecture of applications early on in the process to identify and address potential security vulnerabilities. Execute a solid testing strategy. Use test cases for your systems that define the steps and preconditions needed to determine if that system functions correctly before it’s placed in an operational environment.
Your Roadmap to IT Modernization // 31
HP Elite x3 The one device that’s every device The HP Elite x3 is HP’s first built-for-business mobile device to deliver seamless phablet, laptop, and desktop business productivity in a single device.1
Travels light, docks large
Total security
Built for business
Effortlessly switch between phone, desktop, and laptop experiences.2
Business-class security features help protect your sensitive data.
Enjoy on-the-go access to your corporate apps through HP Workspace.3
Apps sold separately; availability may vary. Not all features are available in all editions or versions of Windows. Systems may require upgraded and/or separately purchased hardware, drivers, software, or BIOS updates to take full advantage of Windows functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See microsoft.com. 1. Based on HP’s internal analysis as of January 14, 2016, of mobile devices preinstalled with Windows 10 Mobile, designed to pass MIL-STD-810G and IP67 testing, the ability to run virtualized corporate apps on a big screen using an optional dock, and a biometric solution for security. 2. Optional dock required and sold separately. Peripherals sold separately. 3. HP Workspace software update for Windows 10 required and planned in a future release. Subscription required. Corporate application must be licensed on corporate network for virtualization. © Copyright 2016 HP Development Company, L.P. The information contained herein is subject to change without notice. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries.
INDUSTRY SPOTLIGHT
Leveraging Mobile Solutions at Your Agency An interview with Andy Nuttall, Director of Strategy, HP Mobility
As agencies continue to modernize, leaders are looking for new and innovative ways to promote efficiency to drive their organization’s missions. Whether it’s eliminating physical data centers or updating servers, the public workforce is quickly learning that they need to leverage new technologies in order to do their jobs effectively. One significant way that agencies are fostering modernization is through mobile solutions. The ability to seamlessly connect field workers back to headquarters and get work done anywhere, at any time and on any device, offers organizations the unprecedented ability to meet citizen needs. To learn how agencies can adopt a holistic mobile strategy, GovLoop sat down with Andy Nuttall, Director of Strategy for HP Mobility, an information technology enterprise that specializes in mobile solutions. Nuttall explained that the need for mobility is driven by three main trends that we are currently seeing in the workforce. The average age of employees is getting lower, workers are becoming less tied to the office and collaboration is becoming the dominant workstyle. However, for government organizations, there are some inherent challenges in adopting a mobile solution. While limited budgets, legacy systems and cultural barriers are part of the reason that agencies struggle making the shift to mobile, Nuttall emphasized that the most crucial challenge for agencies is simply making the most out of a transition to mobile. “When implementing a mobile solution, agencies must specifically work on integrating operating systems and managing employee expectations of the mobile
environment in order to meet the needs of an increasingly employee-centric workforce”, Nuttall explained. Despite these challenges, new technology is opening up opportunities to solve these problems. “When we look at the speed and processers of today’s mobile devices, we are experiencing breakthroughs in device capabilities, Wi-Fi speeds and availability, and LTE speeds across the globe,” Nuttall said. These trends are opening the market and allowing capabilities that were previously only available across multiple devices to be consolidated into one device. One example of a consolidated mobile solution is HP’s Elite x3. The mobile device combines the power and productivity of a PC with premium smartphone capabilities so public sector workers can do work anytime and anywhere. The value in the Elite x3 comes from its ability to function as a smartphone but also to be docked to give a full screen PC experience. “This allows for a high return on investment for budget stretched organizations because you can have a phone that also offers the PC experience as well when coupled with an optional dock,” Nuttall explained. Not only do such solutions offer a consolidated platform, but they also offer users ease of management through a single Windows operating system. The three-in-one device allows users to employ it as a smartphone, a small tablet and as a PC when docked. Additionally, the device ensures information security through features like multi-factor authentication and biometric scanning capabilities.
Ultimately, tools like the Elite x3 enable a more mobile public sector workforce by acting as the center point of operations. Nuttall gave an example of a police force using the device to streamline processes. “If you put an Elite x3 in an officer’s hands, they can take notes and write reports at the scene, as well as take photos of traffic accidents and record their daily workflow,” Nuttall said. “However, they can also go back to their police car and dock the Elite x3 to finish writing their notes in more detail instead of having to use a separate laptop in the car or go back to the police station to rewrite their field notes.” This versatility is critical for the public sector as it no longer has to spread its workflow across multiple devices and physical locations. Putting a single device at the center of a government employee’s workflow significantly increases manageability and efficiency while stretching IT budgets further. Looking forward, Nuttall is optimistic that consolidated mobile solutions will continue to permeate the government and drive efficiency. Nuttall concluded, “We think the opportunity for mobility can really transform how the public sector works. We are really just at the beginning in terms of what these devices are capable of.” * HP Workspace license required. Corporate application must be licensed on corporate network for virtualization. Requires the HP Elite x3 to be docked with the HP Elite x3 Desk Dock or connected to the HP Elite x3 Lap Dock, each sold separately or as part of a solution bundle.
Your Roadmap to IT Modernization // 33
P L AY 4
Modernization Deployment You’ve assessed your current IT infrastructure, drawn out a roadmap, prepared your modernization project and begun execution. Now it’s time to launch your new tools and strategies. Deployment during the modernization lifecycle can be a period of complex, interdependent, concurrent activities that need to be carefully orchestrated. This is a time where things may or may not go smoothly, so it’s good to be prepared for a variety of outcomes. Such outcomes can range from smooth transitions with satisfied users to deployments fraught with mistakes and dissatisfied users (even disruption to business). The difference between these results ultimately depends on the quality and execution of your deployment plans. Deployment can affect personnel, government and business processes, IT infrastructure and operations, data and even support functions like finance and contracting. Deployment can also “involve coordination with and reliance on external third parties introducing new relationships, additional complexity and potential risks,” according to the ACT-IAC report. “If anything is going to go wrong, the middle of a transition is when it is most likely to happen. There are several deployment strategies that can be applied to improve user adoption. Techniques that have been successful in both commercial and government sectors include A/B deployments to expose increments of capabilities to smaller sets of users and ‘dark launches’ that deliver specific increments of functionality to the users.” Dark launching is the practice of deploying the initial version of a service into a production environment well before project or product release. This way, you can test your project and find any bugs before you make functionality available to your users. For example, HUD overcame previous modernization failures and decommissioned outdated systems by focusing on phased replacement. It deployed its new program in increments and did a few dark launches before making the product available to its users. It’s especially important to deploy in stages so that any errors can be immediately addressed.
34 // A GovLoop Guide
“Take baby steps if you can and minimize customization,” Rydeen, ESC Program Officer from NASA, said. During the deployment stage, it is also essential to carefully plan all of the steps required and communicate throughout the process with users. Involve employees and end users alike throughout the process. User acceptance is particularly critical. They need to be informed about what to expect, what will change and how it will affect the performance of their jobs. To better ensure success of the modernization project, users also need to receive timely training, support and assistance that is well-packaged and easily accessible and understood. “The important thing is to make sure you’re understanding what you’re doing, why you’re doing it and educating yourself and your users,” Laun, Technology Expert from the FCC, said. It’s important that agencies plan in advance to provide sufficient support staff both during and immediately after deployment. Such staff needs to be readily available to answer questions for users and ensure a smooth transition as well as positive outcome. This is enabled best by strong governance, agile development methodologies and seamless communication from start to finish.
“
The important thing is to make sure you’re understanding what you’re doing, why you’re doing it and educating yourself and your users.” Dustin Laun, Technology Expert, FCC
Steps to Implement Determine who will be involved. Because of the complexity of the deployment process, it’s important to determine in advance who on your team will be responsible for each component. Decide whether there will be third parties (i.e., vendors or contractors) involved and introduce any new relationships to the deployment process accordingly. Plan all of the steps required. Make sure you carefully review your plan during the first three stages of the modernization lifecycle before you deploy. It’s better to take more time to address any issues now than having to fix errors in production later. Do a dark launch. Test your modernization project in a production environment before making it fully available to your users. Use A/B deployment to incrementally test new applications, websites or software so you can address any problems or user concerns as you go along. Anticipate what might go wrong. It’s almost impossible to avoid errors or mishaps during deployment. Develop contingency plans and fallback strategies so you’re ready for anything. Loop in your stakeholders. Communicate with every stakeholder to let them know what is happening during the duration of deployment activities. Inform involved team members, as well as the end users.
Your Roadmap to IT Modernization // 35
Once upon a time, this was the fastest way to do government business.
Those days are over. We’ve come a long way since the days of carrier pigeons, and the way governments are run should reflect that. Alfresco modernizes government business with automated content, process and information management solutions that create intelligence and deliver value for employees and citizens.
Welcome to Now.
Alfresco delivers integrated content & process management solutions including:
Records Management
Task Management
FOIA Management
Case Management
To learn more about our government business solutions visit us at alfresco.com.
INDUSTRY SPOTLIGHT
Advancing the Digital Flow of Government Business with Micro Service Architectures (MSA) An interview with Austin Adams, Vice President of the Public Sector, Alfresco
Every year, the IT wish list of government grows and billions of dollars are spent in the name of modernization. Yet, agencies continue to struggle to secure and manage their critical digital assets, improve digital business functions or make significant headway on their application backlog. The cost and time it takes to acquire, manage and update traditional legacy IT content and process management systems is increasing but many of those systems are incapable of meeting the needs of IT leaders who want to quickly, efficiently and cost effectively modernize and comply with new requirements and legislation. In an interview with GovLoop, Austin Adams, Vice President of Public Sector at Alfresco, shared how government can disrupt the legacy IT modernization “status quo” with a new approach to IT content and process management modernization - a Micro Service Architecture (MSA). By and large, the government’s modernization strategy is to take on one application at a time. If the problem is records, they put out an RFP for Records Management. If the problem is case management, a case management RFP comes out and so on for FOIA, grants, email management, etc. Each is awarded to a different vendor with a different platform or SaaS which adds another application to an already overwhelming, complex, fragile and non-integrated architecture. “Meeting individual system needs one at a time results in a patchwork of costly technologies that do not communicate with the rest of the enterprise. It also makes agencies more vulnerable to security breaches, particularly when the system becomes outdated,” Adams said. “This is because the IT portfolio eventually becomes too difficult and expensive to upgrade, modify, customize—or sometimes even properly operate.” In addition to creating cybersecurity vulnerabilities, these outdated systems affect accessi-
bility to data, records, and information and inhibits the ability to deliver efficient citizen services. To solve these issues, Adams advised that agencies pursue an MSA approach that eliminates the need for dozens, and in some cases hundreds, of solution specific COTS applications that don’t talk to each other and have different security vulnerabilities, upgrade paths, and vendors supporting them. “The government is not getting a good deal for their IT investments at a macroeconomic level and an MSA is a terrific way to take back control from IT vendors who are incentivized to create lock-in and system integrators who benefit from lengthy projects.” stated Adams. “Agencies that have had enough of the proprietary architecture lock-in will begin to reach critical mass in their plans to deploy modern architectures that offer enterprise micro services.” Employing an MSA with an open source, cloud enabled IT platform, that merges modern content management and business process management, will enable agencies to gain control of their information management modernization efforts and help agency leaders make more insightful, evidence-based decisions. • Modern Content Management: Communicates with multiple systems to allow easy retrieval, use and dissemination of information/content. • Business Process Management: Automates manual repetitive or complex processes to reduce errors and maximize efficiency. • Records Management: Ensures records can be properly secured, organized and archived for easy access during audits, FOIA requests, or e-discovery.
With a single technology platform to build dozens of applications – records, FOIA, grants, case, email management, etc. – agencies can map out a strategic path to modernize and replace their legacy systems. “Once you employ an MSA strategy, you streamline the software and services acquisition processes. Additionally, the convergence of open source MCM, BPM, and RM in a single platform reduces spending on licenses, infrastructure, and maintenance,” Adams said. This integrated approach also makes agencies more flexible by: • Simplifying the integration of open source and open standards while speeding up deployment times. • Improving mobile and collaborative processes by facilitating dynamic systems for staff. • Increasing control over records management governance and compliance so staff can easily update and apply new policies. • Allowing for an easier migration to cloud services and other efficient infrastructure systems. Agencies that are building out an MSA are becoming more agile and are able to unify operations, reduce redundancies and show tangible results like error reductions, cost savings and improved efficiency. Complying with mandates, accessing actionable information and protecting data can be difficult for agencies when they are forced to manage patchwork solutions and incompatible systems. However, with an MSA powered by technologies like Alfresco, government employees will be able to effectively protect government data, save taxpayer money and deliver on their missions. Your Roadmap to IT Modernization // 37
P L AY 5
Post-Modernization You’ve completed the four plays: assessment and roadmap, readiness, execution and deployment. Now you’re ready for post-modernization. You need to consider what is needed after your new system has been deployed. This is the follow-up stage to your IT modernization project. Vendors may be required to provide post-implementation support while agency employees are caught up to speed on the new system. They may even continue supporting the system indefinitely, depending on the agency approach. Agencies need to create a process to deal with any glitches or defects accordingly. For example, if there was a specific new tool or software used during modernization (like Office 365) it’s important to plan for that tool and the relevant team to be available for sufficient duration after the modernization project is completed. This way, any defects detected after deployment can be efficiently addressed. To put it more specifically, modernization involves new technology, infrastructure and hosting options. When core technology language will be replaced (e.g., an application modernized from Java), make sure that the relevant skills needed to manage such technology are in place. For example, modernized applications that will be implemented in the cloud or private or public implementations will require changes in IT roles and responsibilities. Such changes subsequently will trigger organizational and cultural disruptions. It’s important to address such changes and the risks they may pose to an agency. Have contingency plans in place if business is interrupted or be sure to have extra staff on board to manage the new technology post-deployment. Post-modernization also includes decommissioning legacy hardware and software that is no longer needed. Additionally, effective communication with those inside and outside your agency is critical to increasing the chance of success for your modernization project. “As you document your strategies, wins and failures, hold open houses, communicate with the agency and press and keep talking about your modernization project,” Laun said. “Once you execute your project and get your wins, document your wins and tell people about them. That gets people excited about modernization.”
38 // A GovLoop Guide
For example, the FCC decided to redesign its main website, FCC.gov, by moving to a new platform and new host for the site. To follow up and make sure that users were included in the aftermath of the modernization project, FCC made sure to allow users to provide feedback to the new site. As a result, 85 percent of new visitors left positive comments about the website, allowing the FCC to dedicate adequate time to outstanding issues for those who left negative comments. A large percentage of modernization efforts result in failure due to lack of acceptance by users. According to a recent Meritalk report, only 29 percent of agencies have established an application modernization change management team. The CIO, senior IT management team and any senior managers, however, must consistently demonstrate commitment to the program. Without such leadership, agency employees may withhold support or actively oppose the effort. Ultimately, the post-modernization stage can be boiled down to two essential areas of focus: Consider what is needed after the new system is implemented and create a process to deal with any issues or defects.
“
As you document your strategies, wins and failures, hold open houses, communicate with the agency and press and keep talking about your modernization project. Once you execute your project and get your wins, document your wins and tell people about them. That gets people excited about modernization.” Dustin Laun, Technology Expert, FCC
Steps to Implement Make sure you have the necessary tools and staff available. After deployment, be sure you have the relevant teams you need to address inevitable glitches, issues or any questions users may have about the modernization project. Quantify the impact. Explain how the change fits into the overall strategy, who will be impacted and how the change will affect the organization and budget. Then put those values into numbers and determine return of investment (ROI) by analyzing how the project will save costs for your agency. Build the vision. Inform users how things would improve after the modernization project has been implemented. Have a compelling story that would persuade sponsors and users to support the change. Set up a communication plan. Decide how you are going to continually involve end users so that they are aware of the entire modernization process. This includes when to expect regular communications (i.e., weekly, semi-weekly) and how they can provide feedback and ask questions. Execute the change. Generate a detailed training plan to avoid issues with enduser acceptance. Define how and when the training will take place and identify leads within the community who can help coach others.
Your Roadmap to IT Modernization // 39
Secure on any infrastructure. Whether it’s in the cloud or on-site, Commvault knows the value of your data. • Embrace IT evolution while meeting your needs for email archiving, records retention and eDiscovery. • Choose the cloud provider that meets your security, application and cost demands. • Simplify information governance. Find out more at commvault.com/government
© 2017 Commvault Systems, Inc. All rights reserved. 40 // A GovLoop Guide
INDUSTRY SPOTLIGHT
How Cloud Solutions Can Help Your Agency Consolidate An interview with Craig McCullough, VP of Federal Sector, Commvault
Most government agencies are aware of the need to modernize their IT infrastructure and re-think how they manage the explosive growth of data. Legacy systems, outdated infrastructure and aged management strategies can hinder an agency’s ability to meet its mission needs and goals. Despite the need to modernize, many agencies are very cautious because of the inherent risk involved with modernizing systems and management strategies. To discuss challenges associated with adopting cloud-based solutions during modernization and how agencies can overcome them, GovLoop sat down with Craig McCullough, VP of Federal Sector at Commvault, a data and information management software company. While there are numerous ways agencies can approach IT modernization, adopting a cloud strategy is one of the most prominent. Some federal agencies are focused on and have successfully moved to the cloud, but many others are facing roadblocks in doing so. McCullough explained that overall, it is slightly more complicated for the federal government to adopt a cloud based strategy because of its well justified focus on data security, access and risk mitigation. Before moving into the cloud, agencies want to make sure their updated infrastructure is secure, that they have access to applications and data anytime and anywhere, and that they still have control of their data and systems. The perceived lag in the federal government’s adoption of cloud based strategies can be attributed to ensuring that all of these needs are met. Making things even more complicated is the ever decreasing budget that agencies must contend with.
Making the move to the cloud, however, can actually be more cost efficient. The efficiency comes, in part, from the decreased management required to run and maintain a cloud based strategy. “Today, agencies can implement a development and operational cloud strategy that, in the past, would require many folks to manage. Add to that the cost of maintaining a datacenter plus the hardware costs, and you are quickly running out of budget,” McCullough explained. Now, the burdens of management, labor, and hardware costs are placed on the cloud providers, saving money and resources for federal agencies. McCullough also emphasized that moving to a cloud-based strategy approach can help improve security. In an effort to quickly modernize their infrastructure, some agencies have implemented ad hoc systems in hopes of gaining new features and capabilities. But with additional systems, comes increased security risk. By consolidating IT infrastructure and moving to the cloud, IT administrators can gain a better grasp of the seemingly ever-expanding, complex environments they’re charged with managing. Commvault is an enterprise level software company offering a data platform for backup, restore, archive, replication, and search, on premise or in any cloud. Commvault specifically helps agencies reduce the risks of IT modernization and cloud mobilization through their single management platform. This platform allows agencies to change their infrastructure without losing data or having to invest in new data management tools. Additionally, the platform’s software driven capabilities allows for seamless workload and data portability from physi-
cal to virtual environments, to hyper-converged infrastructures, to the cloud. Such platforms allow government agencies to ease the cost of modernization, capitalize on modernized infrastructure and fully utilize the power of their data. Additionally, Commvault’s solution can be quickly adapted to individual, agency, and department needs, no matter what cloud or datacenter, their data is stored in. “One of the biggest benefits is that we make it possible for our government customers to manage data across hardware platforms and cloud based providers while still giving them the protection and security they demand,” McCullough explained. This agility was clearly seen in some of the success stories McCullough highlighted. For example, his team recently helped a federal financial agency consolidate their data protection infrastructure from three disparate systems into one comprehensive solution, reducing the number of IT engineers it took to manage the infrastructure from 60 to eight. This allowed the agency to re-direct resources and budget to other mission critical tasks. Additionally, Commvault’s solution has helped DoD healthcare agencies consolidate data and enhance security through a unified solution. This allowed the organizations to save money and resources by decreasing maintenance and administration costs. Ultimately, a unified IT architecture through solutions such as Commvault’s platform, mitigates risk, frees up resources, saves money and allows agencies to seamlessly move data from legacy infrastructures to the cloud.
Your Roadmap to IT Modernization // 41
Conclusion Modernizing IT systems is an increasing imperative for federal, state and local governments to deliver better citizen services, support mission programs and improve security and efficiency. Funds are being dedicated to the effort, new positions are being created according to needs and agencies are working to provide tools and resources to all stakeholders involved. It’s important to remember that there is no one-size-fits-all solution and that every agency’s IT modernization roadmap may be different. Various modernization strategies exist today and careful evaluation is needed to identify the best one for your agency. This can certainly be an overwhelming process. Fortunately, the modernization lifecycle can help agencies get started with five concrete stages: 1. Assessment and Roadmap; 2. Modernization Readiness; 3. Modernization Execution; 4. Modernization Deployment; and 5. Post-Modernization. With an IT modernization roadmap, agencies can execute their modernization efforts more confidently and increase the likelihood of successful projects.
42 // A GovLoop Guide
About & Acknowledgments About GovLoop GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com. www.govloop.com | @GovLoop
Thank You Thank you to Alfresco, Amazon Web Services, BMC, CA Technologies, Cisco, Commvault, DLT Solutions, HP, MuleSoft, and SolarWinds for their support of this valuable resource for public-sector professionals.
Authors Francesca El-Attrash, Staff Writer Courtney Belme, Editorial Fellow Nicole Blake Johnson, Technology Writer Michael Steinberg, Editorial Fellow
Designer Kaitlyn Baker, Graphic Designer
Your Roadmap to IT Modernization // 43
1152 15th St. NW, Suite 800 Washington, DC 20005 (202) 407-7421 F: (202) 407-7501 www.govloop.com @govloop