Q&A: GSA CIO David Shive Talks Shared Services, Zero Trust and Modernization

FEDTECH: What changes have you seen in IT priorities?

Shive: First, agile delivery. The public demands and expects high-tech services. The federal government cannot spend months on investment decisions and take years before delivering products and services. Agencies are now focusing on smaller implementations and building proofs of concept and prototypes before scaling to the final implementation. 

Then there’s customer experience. Customers expect the same easy and intuitive services from the government that they receive when they interact with private industry. The administration’s recent customer experience executive order is critical for transforming customer interactions and rebuilding trust with the federal government. 

As the past few years have shown, traditional approaches to cybersecurity and network defense are no longer commensurate to the threats we face as a government. We need to raise the security bar, integrating zero-trust concepts into everything we do at the IT, security and assurance levels.

LEARN ABOUT: The evolution of edge computing and data analytics in federal IT.

As for the future of digital work, the pandemic has forced agencies to rethink their workforce strategies. At GSA, we’re thinking about the future of digital work and building upon the tools our employees already possess to connect with colleagues from any location. 

Finally, there is a constant stream of new and emerging services and technology that we’re evaluating to support our business lines. The Internet of Things — the ever-growing number of smart devices connected to the internet — make it easy to connect to the world around us. But IoT devices also share a lot of valuable information. At GSA, we’re investing in technology to drive smart buildings. Big Data and analytics are becoming more important, and we’ll need advanced tools not only to collect, store and retrieve the ever-growing amount of data, but also to conduct predictive data analysis and support advancements in AI and machine learning.

These two technologies, by the way, will continue to transform the way we use technology in the future. As machines learn and act intelligently, it will transform the way we, as humans, use technology to support everyday events.

FEDTECH: What are your agency’s current priorities, and what are you doing to meet them?

Shive: GSA strives to provide innovative, collaborative and cost-effective IT solutions, while delivering excellent customer service to our federal partners and agencies. We’ve focused on five key pillars of modernization for our digital transformation — most important, our people and our culture.

As the rapid pace of technology changes exponentially, our challenge is maintaining a skilled IT workforce to meet the demands of tomorrow. It is critical for GSA to employ talented and experienced professionals who can embrace and adapt to these rapid changes and deliver quality IT products and services to our customers.

Mission delivery is another key pillar. Strong partnerships with our federal and industry partners are vital to the GSA mission. We strive to inspire and drive transformation for our customers.

Cybersecurity threats grow more intricate and sophisticated by the day. GSA is modernizing and strengthening our cybersecurity defenses to proactively address known and evolving threats. For example, our FedRAMP program provides a framework for agencies to use modern cloud technologies, with an emphasis on security and protection of federal information.

DISCOVER: The requirements for cybersecurity in a 5g environment.

In the area of operational excellence, GSA is implementing new and emerging technologies to deliver quality products and services. We are continually evaluating our internal operations to find opportunities to improve and maintain our standards of excellence.

In addition, GSA strives to be a leader in providing new and innovative IT solutions to our federal customers. As business demands increase and technologies change, we’re investing in the latest tech trends to deliver smart and effective solutions.

GSA has launched a shared services strategy to streamline the IT environment, reduce duplication, simplify technology and foster an environment of technology reuse and collaborative sharing. We want to deliver common IT business capabilities that best support GSA’s mission by accelerating modernization and adoption of common solutions across the enterprise; setting technical direction for the organization; reducing duplication and operational costs; increasing collaboration across GSA IT; and improving service delivery and overall customer experience.

FEDTECH: There was much talk at the GITEC conference about your expertise in remote work. How long has GSA been using telework, and how has that changed over the years?

Shive: Ten years ago, we made the investment in cloud technologies, policy and practice to support our mobile workforce and became a more mobile agency. So, our workforce was telework-capable. 

With the arrival of the pandemic, I think the greatest lesson I learned — or relearned — is that an organization’s end product is better when it focuses on its people. Technology is an enabler for sure, but it’s really about people. We don’t do tech for tech’s sake. We do tech for people’s sake and to support the mission of GSA. When you focus on the mission, it allows for agile pivots in what you deliver and how you deliver so that you are never far off from the business priorities of the agency, no matter how they change in response to things like a new administration.

We shared our technology best practices and lessons learned with other federal agencies that were newer to telework. But we also emphasized the importance of implementing policies and change management resources to support a successful hybrid workforce.

FEDTECH: What IT changes has GSA made to adapt to new procurement methods as IT modernization continues?

Shive: To drive IT modernization efforts, GSA is reassessing traditional processes for procuring and delivering IT services. Fixed-price contracts limit the federal government’s ability to take full advantage of the benefits of cloud technologies, Software as a Service solutions and other leading-edge technologies.

These pay-as-you-go technologies allow federal agencies to rightsize their procurements by offering the flexibility to buy services as they are consumed, instead of overbuying. They require lower upfront costs, can be scaled to meet changing customer needs and allow customers to change service providers when prices fluctuate over time.

FEDTECH: What does GSA need to do to create a zero-trust environment?

Shive: GSA recently was awarded TMF funding to modernize legacy network systems and advance our zero-trust architecture strategy. We are beginning by focusing on the three zero-trust building blocks that we believe are foundational. 

For users and devices, we are seeking to modernize and redesign our 20-year-old Active Directory stack and align to a new ICAM [Identity, Credential and Access Management] target architecture to ensure secure authentication and identity validation for key personas, including GSA staff, partners and public access, using cloud-based solutions where possible.

For networks, we are aiming to break down our traditional perimeter-based approach in favor of moving security directly to the users, devices, applications, and data. Here we have two key efforts focused on achieving microsegmentation. 

REVIEW: IT modernization efforts, as agencies work to upgrade legacy systems.

Deployment of a SASE [secure access service edge] solution will directly connect users everywhere, at home and in offices via broadband, to a central security stack that then achieves secure authentication, validates identities and negotiates access at the application level.

Achieving microsegmentation within our building security network in 500 GSA buildings that house operational technology and IoT devices will support the running of our buildings. This is key to addressing the nascent state of security in this area and will further our efforts to combat challenges like ransomware that target this space.

Last, we are focused on further modernizing our security operations center and expanding it to also cover our governmentwide shared services. Here we have invested heavily to achieve security for workloads in the cloud that is reciprocal to what we have on-premises. To achieve this, we are investing in security automation, custom dashboarding, detection aligned to application workflows and business functions, and ongoing curiosity hunting. 

By implementing these modernization efforts, GSA will improve user experience through seamless global connections to GSA-managed environments and applications while maintaining a zero-trust architecture. We will improve cybersecurity capabilities to continually verify the security of users, devices, applications and data, and achieve broad-based visibility across the GSA ecosystem with enhanced capabilities leveraging automation to manage and respond to threats in real time.