While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
What does it mean to modernize government IT? And what does it take? The answer to the first question is complicated and varies from agency to agency. The latter question also has a complex answer, but there is one essential element: money.
Those were some of the key takeaways from an opening panel on IT modernization at the GITEC Summit 2017 in Annapolis, Md., on Monday. On the panel, Agriculture Department CIO Jonathan Alboum and Alfred Rivera, director of the development and business center at the Defense Information Systems Agency, said that to upgrade legacy systems and networks, agencies need buy-in from the components or bureaus doing the updates. However, funding is a key concern.
The officials also said that their agencies are focused on moving applications and data to the cloud, but that some agency components are more willing or able than others to do so. That means that, for the foreseeable future, there will continue to be hybrid IT environments in which some apps are in the cloud and others are maintained in onsite data centers and inside legacy hardware and networks.
Updating legacy IT requires a combination of factors, according to Rivera, but “dollars [are] the largest issue.” Rivera, who focuses on the development of DISA’s core services and capabilities and bringing in new capabilities to the Defense Department’s unified IT services provider, said that DISA is focused on moving DOD components to more agile applications.
At the same time, he noted, DISA manages 124 applications that are still on IBM mainframes, and it has apps written in the COBOL programming language popularized in the 1960s by employees who are long gone.
Upgrading IT involves figuring out how to improve or add value to legacy systems that exist, he said. Moreover, some agency components say it is difficult to upgrade to newer architectures. On the other hand, some components have the budget and willingness to do so.
Rivera pointed to the Global Command & Control System – Joint (GCCS-J) service as an example of an IT service that DISA is upgrading. The service, according to DISA, offers “vital connectivity to systems used to plan, execute and manage military operations for both joint and multinational operations.” GCCS-J fuses select command and control capabilities “into a comprehensive, interoperable system by exchanging imagery, intelligence, status of forces, and planning information.”
The GCCS-J service had been running on a legacy IT environment, but DISA is moving it to a cloud-based and web-based architecture, according to Rivera. Such a shift is happening because DOD components have the funding and ability to do so, Rivera said, but not all agency components or agencies can count on that.
Meanwhile, Alboum said that he personally does not like the term “modernize” and considers it too broad, noting that even though it is in vogue right now, the USDA has always been modernizing its IT systems. The key, Alboum said, is to be strategic about which systems are updated.
At USDA, the agency is focused on consolidating its 17 different networks. It kicked off an effort in 2014 called Universal Telecommunications Network 2020 to prepare for a transition to modern networks. The agency worked with its component agency CIOs and IT leaders to produce reports on agency needs, cost/benefit analysis and business cases. The agency has also been working with the Office of Management and Budget and the General Services Administration on the transition.
Alboum says USDA sees “a great opportunity” in the GSA’s Enterprise Infrastructure Solutions (EIS) contract, a $50 billion, 15-year telecommunications infrastructure vehicle, expected to be awarded this spring. EIS is designed to allow agencies to modernize, take advantage of new technology, improve cybersecurity and achieve cost savings. The EIS contract is expected to allow agencies to invest in more modern network technologies, like software-defined networking, and slash costs in the process.
What is slowing down USDA is the “idea of transition costs,” Alboum says. The cost to move to a more modern and unified network is not going to be in the “hundreds and hundreds of millions of dollars,” Alboum said, but it’s not free either. A working capital fund for IT modernization, which Congress is considering, could help fund the network upgrade. It’s a “really intriguing idea,” Alboum said of the fund that would be a part of the Modernizing Government Technology Act.
One of the key steps of IT modernization involves migrating apps and data to the cloud. Yet a crucial challenge of that process, Alboum said, especially for an agency like USDA with 100,000 employees and 17 component agencies, is that it’s often difficult to get a handle on how the components are each moving to the cloud.
An agency can have a lot of cloud initiatives, but without an enterprise-level approach, agency components often wind up moving to the cloud in the way that makes the most business sense for them but might not be best for the overall agency, Alboum said, especially in terms of cost. That was the case at USDA before the agency established a cloud strategy and policy office in 2015 to guide cloud migrations and help agency components decide how best to adopt the cloud.
Amid such shifts, those employees who have run in-house data centers wonder what will happen to them, Alboum notes. In many cases, agencies will wind up with a blend of cloud and onsite data centers, since not every app can be moved to the cloud. The goal is to be more agile and flexible, even if, over time, moving to the cloud does not cost less due to transition expenses.
Meanwhile, DISA is taking a three-pronged approach to the cloud, Rivera said. The agency is allowing traditional computing, while also moving to off-premises commercial cloud service and on-premises commercial cloud service.
DISA is encouraging DOD components to embrace the cloud, but Rivera acknowledged that there is still “a community out there that isn’t ready to move to the cloud.” That may be because they have fears about the security of their data in the cloud despite DISA’s assurances or simply because apps, as they are currently written, cannot be moved to the cloud.
Alboum added that, within USDA, there are “a lot of organizations, all with different levels of maturity and readiness” when it comes to cloud migrations. The key is to help them and be ready to respond to their needs. Some components have well-established, on-premises legacy IT systems that they do not want to move.
“Telling an agency, you have to take this very stable thing you have and you have to move it to the cloud because [of the government’s cloud-first policy], it doesn’t go over well,” Alboum said, especially in an era of shrinking budgets.
“We’re going to live in this hybrid environment for a long time,” he said.