Driving down costs while meeting users’ needs is one of the major challenges of federal IT. Commerce Department CIO Simon Szykman is finding a variety of ways to meet this challenge.
Szykman took over the department’s CIO position in May 2010, after having served for three years as the CIO of the National Institute of Standards and Technology within Commerce.
During his years in federal IT, which began as a member of the technical staff at NIST, Szykman also worked for the National Coordination Office for Networking and IT Research and Development, the White House Office of Science and Technology Policy and the Department of Homeland Security.
Szykman spoke with FedTech Managing Editor Matt McLaughlin about how Commerce is meeting its numerous IT challenges.
FEDTECH: Commerce last year said it hoped to save around $50 million in IT spending. What have been the results of that effort?
SZYKMAN: So far the results have been quite positive. That $50 million target was established by our chief financial officer for administrative savings, so it was broader than just IT. It included variety of other savings approaches. But within the context of IT, we are on track for several of the initiatives that we have put in place.
We have established a single contract for purchasing PCs, and we are improving our utilization and the effectiveness of our mobile phone management for both the devices and the plans that we have in place. We also have an initiative in place focusing on print management and efficiencies. We are projecting the savings from those initiatives to be about $11 million by the end of the fiscal year.
We also have additional savings that weren’t counted in that total, resulting from data center consolidation, of about $1.7 million this year. And we have a variety of additional initiatives that we’re currently looking at more in the planning stage — for purchasing certain types of software and hardware here at the department.
FEDTECH:How is the department moving forward with the strategy?
SZYKMAN: We have additional efforts that we’re currently working on at the planning stages. We have a strategic sourcing office that was established last year in the acquisitions organization under the office of the CFO. They have the lead for the strategic sourcing program, but obviously there is a strong collaboration with the CIO community here across the Department of Commerce for those initiatives that have to do with IT.
One of the areas where the administration has been pushing for cost savings is IT shared services. We have a long list of shared services that we’d like to look at, but we are looking initially at things like cloud-based e-mail. One of our bureaus has moved to cloud-based e-mail, and we’re looking at moving more broadly with several of our other bureaus. We’re also looking at cloud-based web-hosting and help desk consolidation within certain organizations.
FEDTECH:How is Commerce dealing with the different possibilities and demands that mobile computing brings?
SZYKMAN: Mobility is really being driven more by the demand that’s coming out of the consumer market than the enterprise market. We have a lot of people — both the public and employees here at the department — who are accustomed to mobile technologies in their daily life, and that’s creating new demand for us to be able to support these capabilities within the enterprise. That’s a little bit different from some of the more traditional ways that technology has emerged in the enterprise, which has really been driven by the enterprise itself seeking efficiencies or additional capabilities.
At the Department of Commerce, we’re currently still in early stages of planning our departmentwide mobility strategy, and we are heavily focused on developing a strategy that is in fact departmentwide. It's a relatively new type of technology, and we found ourselves facing a pretty much open field in terms of the options available to us for implementing mobility.
Because this is a new capability, new technologies, we want to avoid building silos in different organizations with different acquisition approaches, different device platforms, different mobile device management services. We have a department working group that’s focused on considering customer needs, requirements and participation from all of our bureaus and helping to formulate a single strategy for the department to move forward with.
FEDTECH: Have any pieces of the strategy solidified yet?
SZYKMAN: The things that have started to solidify are really different options. Over the past year to two years, many different parts of the Department of Commerce have been testing technologies. We’ve had a variety of pilot deployments that have been put in place in different bureaus. We are still at the evaluation stage. We haven’t made any firm decisions.
FEDTECH: How do you expect the federal mobility strategy to affect the strategy at the Commerce Department?
SZYKMAN: Hopefully, in ways that support the kinds of things that we want to do. We’re hoping to be able to leverage the plans to put in place the governmentwide contracts for device acquisition and acquisition of mobility-related services, to the extent that GSA puts in place contracts that meet our requirements. It will relieve some of the burden on our own acquisition organizations from doing similar types of acquisitions that everybody else in the government would want to be doing anyway.
FEDTECH: Bring-your-own-device is another big challenge that other agencies are facing. Does the Commerce Department have a strategy for dealing with BYOD?
SZYKMAN: At this point, we don't have a strategy. I view the Commerce Department as being definitely interested but probably not one of the leaders in BYOD. I think we’re probably going to wait and see what emerges in the way of governmentwide policies, see what other agencies are doing and learn from that before we move quickly into that area.
I think BYOD is one of those areas where some of the major challenges are not technology challenges but really administrative, legal and policy challenges having to do with records management, compliance with the Freedom of Information Act and the ability of the government to impose policy and security measures on personally owned devices. So a lot of the issues that need to be addressed are things that go beyond just the technology itself.
FEDTECH: What progress has Commerce made on the Federal Data Center Consolidation Initiative?
SZYKMAN: We were definitely in the top couple of plans in a recent Government Accountability Office report that assessed federal agency data center consolidation plans.
We’re actually a little bit ahead of schedule in terms of the data center closures that we had projected. Certainly, we’re still only part way down the road, because it was a five-year plan. And we’re also finding as we dig further into our own infrastructure, assessing at a greater level of detail our own inventory and also dealing with some of the changes in data center definitions coming out of the Office of Management and Budget, that we have more in the way of an inventory than we had originally captured in our first iteration of a plan. So we are also currently updating our plan in order to reflect a better understanding of what our inventory looks like today.
FEDTECH: How are you dealing with the fact that you found some new inventory?
SZYKMAN: We’re just taking it as it comes. We’re focusing on getting a more accurate inventory and incorporating everything that we find into our plans. One of the challenges that we have at the Department of Commerce is that we’re a relatively decentralized organization; the data centers are not principally under the control of the department-level CIO. So a lot of the data center consolidation activity is actually happening at the bureau level under the management of the department’s bureau CIOs.
FEDTECH: What security challenges does Commerce face, and how is the department overcoming them?
SZYKMAN: We’ve been working to improve our vulnerability management, patch management, configuration management, the types of controls that are well understood as being essential to a strong security posture.
One of the first priorities I had when I came into this position was to develop a strategic plan for cybersecurity for the department. As a result of the planning that we’ve done — both the technical planning and budget planning — we are conducting an acquisition to put in place a departmentwide continuous monitoring system for cybersecurity. Although we’ve had continuous monitoring at the system level and the bureau level before now, this is going to be the first time that we’re putting in place a departmentwide operational security capability that spans the entire Department of Commerce. We believe that is going to significantly enhance our ability to manage security across the department, our ability to implement security controls and also the visibility that my office has regarding the departmentwide security posture.
FEDTECH: What kind of IT projects has the department conducted TechStat reviews of, and what have the results been?
SZYKMAN: We’ve had a variety of different TechStats. The origin of the TechStat process was really focused on troubled projects. We’ve had a number of TechStat reviews for projects that were either at risk of getting off track or had been identified as already being off track. We have embraced the process and have found it to be pretty successful. The benefit of the TechStat process is it’s really more focused on an action-oriented process to identify root causes and remediate performance problems.
One of the things that we have found through the process is that the technical issues are sometimes the easier issues to deal with, whereas in some cases, you’ll identify resource-related issues that don’t have an easy fix. But we have found, in at least one case, that by identifying issues related to resource shortfalls, we were able to significantly change our strategy for that particular investment. Over the longer term, this will change how that investment is going to meet its performance and its function within one of the bureaus, which will now change tracks to a more cost-effective way of providing that same type of capability.
Beyond looking just at troubled projects, we’ve also started to look at TechStat reviews for doing higher-level portfolio assessment. One of our bureaus has done an internal infrastructure portfolio review through a TechStat process, which we hope will result in more effective infrastructure management for that organization.
FEDTECH: What progress has the department made in meeting the federal cloud computing mandate?
SZYKMAN: We are on track for doing all of the cloud migrations that we had committed to in response to OMB’s cloud migration strategy. We’re looking at cloud really at a variety of different levels. We have some internally focused cloud deployments that are supporting things like service desk management for a help desk ticketing system. One of our other bureaus has already deployed a cloud-based system to support its internal project management activities and its enterprise architecture program.
We also have some larger, more commodity-type enterprise services that have moved to the cloud. The National Oceanic and Atmospheric Administration, our largest bureau, has moved its e-mail, collaboration and messaging infrastructure out into the cloud. NOAA is supporting its entire bureau population with a cloud-based deployment for e-mail, calendaring and collaboration services. When that contract was put in place, it was one of the largest cloud-based e-mail deployments in the federal government.
We also have some public-facing deployments. For example, the Census Bureau has used cloud computing technology for the front end of the 2010 Decennial Census website. That’s allowed them to provide a very cost-effective way of serving Census data to the public, and not just cost-effective in terms of the infrastructure but also dealing with the variety of spikes in demand that can occur, and avoiding the high level of infrastructure investment that needs to be made if you want to be able to support those spikes internally with your own infrastructure.
FEDTECH: How significantly will the department benefit from FedRAMP becoming a tool that agencies can use?
SZYKMAN: It’s hard to say for sure, but I expect that we, as well the entire federal government, will benefit significantly from FedRAMP. I think migrations to the cloud were not moving forward as rapidly as might have been possible because of the cost in time associated with having to do the assessment and authorization of cloud-based infrastructure to support government needs. With FedRAMP now in place and hopefully gaining some momentum in the next few months, I think it will enable both a more cost-effective way of dealing with security for these types of technologies and a more reusable framework for security, so that all of the authorizations can be done once rather than repeatedly across different organizations.
I think it’s a very important enabler, and I’m definitely looking forward to having it support the government’s migration to the cloud.