Appointed federal CIO by President Obama on Aug. 5, 2011
Previous positions include:
- Executive Director of Citizen and Organizational Engagement at the U.S. Agency for International Development (USAID)
- Managing Director of the Federal Communications Commission
- Senior Director of the Windows Server and Tools Division at Microsoft, where he worked from 1994 to 2009
Bachelor’s degree in management of information systems from Iowa State University
As the second federal CIO, Steven VanRoekel inherited an ambitious agenda from his predecessor, Vivek Kundra, including efforts to implement cloud computing and to consolidate the number of federal data centers, among other priorities laid out in 2010’s 25 Point Implementation Plan to Reform Federal IT.
VanRoekel has overseen the emergence of numerous efforts that have had a huge impact on governmentwide IT, such as the Digital Government Strategy and PortfolioStat reviews. Agencies have made significant strides in improving IT operations, and VanRoekel shared his vision for continued progress in an interview with Jimmy Daly, FedTech’s online content manager.
FEDTECH: What are the key elements of the federal mobility strategy?
VANROEKEL: Last May, the president and I issued a policy memo describing a broad set of initiatives around the way we use and consume and disseminate data, the way we use mobility in government, the way we think about citizen-centric access to government.
This digital strategy we issued last May really is a comprehensive way of addressing the opportunity and bringing 21st century notions to government. It describes a lot of different aspects — from security and privacy of mobile through how we think about device management within government and how we use our buying power to buy devices more efficiently. Then it addresses how we develop services, applications and other things for the federal worker or for Americans to utilize the services of government.
FEDTECH: Are there any particular challenges to mobile computing that the government has had a hard time facing?
VANROEKEL: Challenges are always present. We look at them as opportunity areas to improve our processes and procedures. If you look at the pace of innovation in mobile, our ability within government to certify mobile devices just doesn’t keep up. You have to match the pace of innovation with the pace of how you adopt technology to take full advantage of the productivity gains from those technologies. A lot of what the digital strategy thinks about is how we close that gap. How do we think about device management?
The other big element we think about in the mobile space is tackling BYOD [bring your own device], which has been adopted pretty extensively in the private sector. We want to make sure that we do that in a way that is secure and that respects someone’s use of that device on the private side as well as the work side. We also want to pay attention to security and privacy in the mobile space.
FEDTECH: What’s the conversation you would like to be having about mobility in five years?
VANROEKEL: I think in five years we will be to a place where you will bring your mobile device to work and you’ll pop it into a dock and it will just use the screen that’s in front of you on your desk. You’re going to be utilizing mobility in day-to-day life.
FEDTECH: What progress have agencies made toward the governmentwide adoption of cloud computing?
VANROEKEL: We’ve made great strides. We launched the cloud-first strategy in 2010, and since then, agencies have been pretty steadily moving to the cloud in a lot of big and small ways. Initially, we had about 70 services that moved to the cloud to meet the goal that we outlined in the 25-point IT reform plan, and there have been other big notable moves to the cloud.
As we were moving to the cloud in the federal government, we were approaching the cybersecurity aspects of that in a very different way across all the different agencies of government. We decided that we needed to develop a more consistent approach to cybersecurity in the cloud, so we launched FedRAMP, the Federal Risk Authorization and Management Program.
FedRAMP creates a very predictable way for the government to buy cloud services, but also — and probably more important — a predictable way for the private sector to supply cloud services to government. We announced the launch of FedRAMP in December 2011, and last June we were operational, which meant that vendors could start work on getting certified to be FedRAMP-compliant. In the last few weeks, we have been announcing that these companies can be utilized by government contracts. We have two of those that have cleared that hurdle and about 75 or more that are right behind them.
FEDTECH: It sounds like you’re pleased with the progress of FedRAMP.
VANROEKEL: Yeah, very much so, and I think it’s a model that we actually need to look at across other sectors inside government.
On purpose, we named FedRAMP without the word “cloud” in it, because I think it’s a model that we might be able to take to other things like mobile and to get certification of devices. This notion of “do once and use many times” as both a predictability and an efficiency mechanism is something that I’m really encouraged by and I think is going to be a great thing going forward.
I think mobile is probably next. As I mentioned earlier, the pace of devices coming out is about every six months. Our current processes to certify mobile devices take a year or more — mostly more. If we can get certain agencies to certify providers in a faster way and then use that certification across government, it would be an area where we can really do some great things.
In the digital strategy, we call for a lot of these aspects — looking at using our buying power, setting up a governmentwide contract to take full advantage of the size of the government. It’s a win-win for everyone.
FEDTECH: Are you satisfied with the progress that agencies are making toward federal data center consolidation goals?
VANROEKEL: I’m very satisfied. I think some important things have happened in the last year and a half on data centers. Our original take on data center consolidation was really just looking at the numbers, defining a data center and getting an inventory, then going after closures.
We found that this wasn’t getting at the heart of the opportunity. If you just tell someone to close the data center, you could see people taking a little data center and just moving into one big data center. That will take it from a larger number to a smaller number, but it doesn’t really get to the heart of what we’re trying to accomplish, which is really about optimization and service delivery.