FedTech Magazine - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en What Is Single Sign-On? Developing Identity Access Management Strategies for Federal Agencies https://fedtechmagazine.com/article/2019/05/what-single-sign-developing-identity-access-management-strategies-federal-agencies-perfcon <span>What Is Single Sign-On? Developing Identity Access Management Strategies for Federal Agencies</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 05/24/2019 - 10:59</span> <div><p>There are some technologies federal agencies are adopting because of policy or because that is where the IT market is headed, with <a href="https://fedtechmagazine.com/article/2019/02/iaas-vs-paas-vs-saas-what-cloud-strategy-right-your-agency-perfcon">cloud being</a> a <a href="https://fedtechmagazine.com/article/2018/09/white-house-unveils-new-cloud-smart-strategy">perfect example of both</a>. However, there are some technologies prescribed by law for agencies to implement, and <strong>one of them is single sign-on</strong>.</p> <p>Specifically, <a href="http://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title6-section1523&amp;num=0&amp;edition=prelim" target="_blank">6 U.S. Code § 1523(b)(1)(D)</a>, a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication,” as developed by the General Services Administration in collaboration with the Department of Homeland Security. </p> <p>Single sign-on is not a new technology for government, and many agencies have been using on-premises instances of the technology for years to authenticate users and allow access to the applications. And in 2017, the GSA’s 18F unit and the U.S. Digital Service <a href="https://18f.gsa.gov/what-we-deliver/login-gov/" target="_blank">worked together</a> to create <a href="https://login.gov/" target="_blank">login.gov</a>, an <strong>SSO solution for government websites</strong> “that lets the public access services across select agencies with the same username and password.”</p> <p>As agencies move more apps to the cloud, they<strong> will likely adopt cloud-based SSO solution</strong>s to help users manage access to all of them, according to experts. Although adoption of cloud-based SSO from companies such as <a href="https://www.cdwg.com/search/?b=okt" target="_blank">Okta</a> and <a href="https://www.cdwg.com/search/?key=onelogin&amp;searchscope=all&amp;sr=1" target="_blank">OneLogin</a> is still nascent, it is <strong>almost certain to grow in the years ahead</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title=""><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">What Is Single Sign-On?</h2> <p>At its most basic, <strong>SSO is “a high-level term used to describe a scenario in which a user applies one set of credentials to access multiple domains,” </strong>Tracy David, a cloud client executive at CDW, <a href="https://blog.cdw.com/cloud-computing/single-sign-critical" target="_blank">explains in a blog post</a>. “Simply put, you sign in one time with a single high-strength password and gain access to all the applications you are authorized to use.”</p> <p>Under SSO, users no longer need to remember different passwords for each application they access. SSO uses the Security Assertion Markup Language protocol, which is an Extensible Markup Language standard that allows a user to log on once for affiliated but separate websites, David notes. Instead of using individual passwords to access apps, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.”</p> <p>For years, SSO systems or identity management systems were on-premises applications, from vendors such as <a href="https://www.cdwg.com/search/?key=ca&amp;searchscope=all&amp;sr=1&amp;ln=0&amp;b=CCF.COM" target="_blank">CA</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/ibm.html" target="_blank">IBM</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/oracle.html" target="_blank">Oracle</a> and <a href="https://www.cdwg.com/content/cdwg/en/brand/rsa.html" target="_blank">RSA,</a> notes Thomas Pedersen, CTO and founder of OneLogin. It was an age of cybersecurity defined by perimeter security and firewalls.</p> <p>“Single sign-on is really becoming<strong> one of the most important security products for companies that operate in the cloud</strong>, and these days you cannot operate if you are not in the cloud,” he says. “The only way to control access to the cloud is single sign-on.”</p> <p>Employees today in the federal government and the private sector use many apps at work, notes Ted Girard, Okta’s vice president of public sector, and they need a distinct password for each.</p> <p>“This actually makes organizations less secure, because users are reluctant to create multiple complex passwords and instead adopt poor habits, like using the same password across all of their apps,” he says. “This is one of the reasons why 80 percent of breaches are due to weak or stolen credentials. Instead, by having just one complex, single-sign-on password and protection with multifactor authentication, organizations can become more secure and help their workforces become more productive.”</p> <p>Pedersen notes that very few organizations forgo anti-virus software, but very few are willing to eliminate passwords. <strong>“The two weakest links in the security chain are people and passwords,” he says. “We can’t eliminate people. We can only eliminate passwords.” </strong></p> <p><a href="https://fedtechmagazine.com/article/2019/01/creative-cyberworkers-retain-their-place-workforce" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why creative federal cybersecurity workers will have more job security.</em></a></p> <h2 id="toc_1">Why Is Single Sign-On Technology Important for Feds?</h2> <p>According to <a href="https://resources.onelogin.com/onelogin-federal-IT-security.pdf" target="_blank">a survey</a> of 150 federal IT professionals <a href="https://www.onelogin.com/press-center/press-releases/new-federal-research-reveals-strong-reservations-among-it-professionals-about-cloud-data-security" target="_blank">OneLogin released in February,</a> federal IT teams said they have<strong> 51 percent </strong>of their apps in the cloud and<strong> 49 percent</strong> on-premises, on average. “Most use less than 50 business apps now but expect that number to grow significantly over the next two years,” OneLogin says in a press release.</p> <p>“As enterprises get familiar with and excited by the ease of cloud applications, they will start deploying single sign-on in the cloud as well,” Pedersen predicts, though he acknowledges that adoption of cloud-based SSO is low in the government right now.</p> <p>Earlier this week, <a href="https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf" target="_blank">OMB issued a new, formal policy</a> on identity, credential and access management, and while it does not specifically mention single sign-on technology, it does mention “cloud identity” being a possible result of continuing government innovation around ICAM. </p> <p>“The federal government has a mature practice around identity management and single sign-on and has been doing it for a while — they’ve just been doing it with legacy solutions,” Girard says. “Federal agencies are now realizing that they need to modernize IT, and the Office of Management and Budget’s identity and security memo is rooted in that realization. Legacy systems are brittle and don’t serve modern needs, so federal agencies are pulling them out at the root.”</p> <p>As agencies modernize and roll out more apps, their <strong>IT leaders are realizing that SSO becomes more and more important</strong>, Girard says.</p> <p>“Agencies and their workers are using cloud-based services, with a focus on best-of-breed,” he adds. They are using <a href="https://www.cdwg.com/search/?key=skype+for+business&amp;searchscope=all&amp;sr=1&amp;ln=0&amp;b=MIC" target="_blank">Skype for Business</a> for communication, Salesforce for customer management, and so forth. “Identity needs to be its own independent platform that allows users to choose what service is best for them,” he says. </p> <p>Both Pedersen and Girard say that as agencies shift more apps to the cloud, adopting a cloud-based SSO solution will become more necessary and make more sense.</p> <p><a href="https://fedtechmagazine.com/article/2019/04/post-shutdown-cisa-carves-out-space-cybersecurity" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>See how CISA is establishing itself in the federal cybersecurity realm. </em></a></p> <h2 id="toc_2">The Shift to Cloud-Based Single Sign-On</h2> <p>Adoption of cloud-based SSO is low in the government right now. Pedersen notes that fewer than 10 agencies in the <a href="https://marketplace.fedramp.gov/#/products?sort=productName" target="_blank">Federal Risk and Authorization Management Program marketplace</a> are using it.</p> <p>Many agencies are still using on-premises SSO, he says. However, he predicts agencies will face challenges with those solutions as they shift more apps to the cloud. <strong>“It’s expensive and labor-intensive to turn on single sign-on for just one app,”</strong> he says.</p> <p>OneLogin, which has achieved “FedRAMP Ready” status, is working with a handful of agencies on projects. Pedersen says he expects to get full authorization to operate from FedRAMP later this year.</p> <p>Girard notes that the Defense Department’s forthcoming <a href="https://fedtechmagazine.com/article/2019/02/dod-cloud-strategy-emphasizes-jedi">Joint Enterprise Defense Infrastructure cloud contract</a> is a signal that cloud adoption is hitting its stride in government. Many other agencies are <strong>continuing their push to the cloud and will accelerate the “the idea of moving identity with it,”</strong> he says.</p> <p>Okta became FedRAMP certified in April 2017. It also added native integration with Personal Identity Verification cards/Common Access Cards, and has a Federal Information Processing Standards 140-2 accreditation. Okta currently works with the Centers for Medicare and Medicaid Services, the State Department and other civilian and defense agencies, Girard says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 24 May 2019 14:59:31 +0000 phil.goldstein_6191 42611 at https://fedtechmagazine.com DOJ Outlines Strategic IT Plan, Focuses on Innovation and Security https://fedtechmagazine.com/article/2019/05/doj-outlines-strategic-it-plan-focuses-innovation-and-security <span>DOJ Outlines Strategic IT Plan, Focuses on Innovation and Security </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/23/2019 - 10:14</span> <div><p>The Justice Department has a clear vision for where its technology is headed in the next few years, and it is squarely focused on driving innovation and enhancing cybersecurity at the same time. </p> <p>In March, the DOJ released its “<a href="https://www.justice.gov/jmd/page/file/1141946/download" target="_blank">Information Technology Strategic Plan</a>” for fiscal years 2019-2021, which outlines how the agency and its components will “better meet customer needs, enable innovation in technology, manage risk, and reduce costs by moving to new models of service delivery.” </p> <p>The plan has four key goals:</p> <ul><li><strong>Continuously improve service delivery </strong></li> <li><strong>Effectively invest in technology </strong></li> <li><strong>Protect critical mission assets </strong></li> <li><strong>Build innovative capabilities </strong></li> </ul><p>To get there, the plan calls for specific actions to transform the agency’s IT. Those include “delivering reliable and resilient systems and services, and timely and effective customer service”; allowing for “trust through communication and collaboration” across the agency’s technology environment; and <strong>moving to “standards to simplify and standardize technology.” </strong></p> <p>DOJ will also focus on improving the return on investment of IT assets; <strong>“reducing costs through shared services and strategic sourcing” of IT;</strong> enhancing security in particular areas, including access management and incident response and recovery; optimizing the agency’s ability to “share information and build enterprise data management capabilities as a collective and unified department”; and “supporting innovation and modernization to enable the DOJ mission.” </p> <p><a href="https://fedtechmagazine.com/article/2019/01/how-federal-it-leaders-can-adapt-accelerating-tech-change" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how federal IT leaders can adapt to accelerating technological change. </em></a></p> <h2 id="toc_0">Cloud, Technology Simplification Are Key to DOJ’s Innovation Push</h2> <p>The agency says it will work to support reliable and resilient IT services that maximize use of cloud services, modernized on-premises applications and securely managed systems. It also plans to increase user productivity through the use of communication of collaboration tools by enhancing DOJ’s Email and Collaboration Services. </p> <p>Over the next two years, the agency intends to <strong>fully complete the deployment of the ECS program, close and optimize its remaining data centers, and standardize IT support services</strong> in this arena. </p> <p>“<strong>Cloud adoption is critical </strong>to achieving our objectives for these programs, and we will continue to migrate systems to the cloud over the next three years,” the plan states. For example, <a href="https://fedtechmagazine.com/article/2016/08/fbis-biometric-center-excellence-peers-future-id-technology">the FBI’s Next Generation Identification biometrics system</a> will be hosted in the cloud, allowing on-demand access to law enforcement resources. Other DOJ components are also planning new or additional cloud services.</p> <p>DOJ will also aim to foster strategic relationships with business partners to improve the way its IT shop does business and will work to integrate self-service processes through intelligence and automation to enhance customer support, the plan says. </p> <p>Another key element of the DOJ’s plan is to<strong> standardize and simplify technology to become more efficient</strong>. “DOJ will continue to define and adopt technology standards to improve interoperability and avoid unnecessary short and long-term costs,” the plan says. “For example, many of our components are migrating to the cloud, and we must ensure we are working collectively to design standardized platforms that are scalable and are able to integrate across the enterprise.” </p> <p>The agency says it will ensure open source alternatives to high-cost proprietary platforms and encourage reuse of any newly developed custom source code. “This makes it easier to conduct software peer review and security testing and to share technical knowledge,” the plan says. “These strategies will result in better aligned, integrated, and optimized service performance, and more efficient and modern systems from best-in-class service providers.” </p> <p>DOJ Technical Reference Architecture, which provides agencywide technology standards to guide investment decisions, sharing of services and implementation of technology, will help in this regard, the plan notes. </p> <p><a href="https://fedtechmagazine.com/article/2019/03/what-fog-computing-tech-can-spur-government-it-modernization-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how fog computing can help your agency.</em></a></p> <h2 id="toc_1">DOJ to Focus on Protecting Critical Assets, Cloud Security</h2> <p>In terms of cybersecurity, the agency plans to conduct “robust and continuous monitoring and planning,” and increase its resiliency through enhancements to connectivity and recovery tools. </p> <p>The agency also plans to improve its incident response through <strong>“rapid-response technology and automated detection and remediation” solutions</strong>. And it will also ensure “secure access to mission-critical information through strengthened identity and access management.”</p> <p>As part of DOJ’s strategic enterprisewide view of risk that accounts for all critical business and mission functions, the agency is “focused on recovery, reconstitution, and continuity of operations for high value assets and mission essential systems.” </p> <p>Two of DOJ’s most critical initiatives support these principles, the plan notes. The Justice Cloud-Optimized Trusted Internet Connection Service gives the agency “fully redundant, high-speed connections to the internet and direct links to cloud providers for high speed access to critical applications.” </p> <p>DOJ will also continue to accelerate adoption of the ECS program, which uses “commercial cloud for high availability, automatic failover, and data synchronization for these services<strong> — making email, video conferencing, and document sharing capabilities accessible from any device, at any time</strong>.” </p> <p>The agency also plans to deploy “a fully resilient, scalable network by increasing network capacity and high-speed access to our Core Enterprise Facilities and cloud services.” As part of this effort, the agency will “enhance connectivity, shorten provisioning time, simplify network complexity, reduce the number of firewalls, and increase bandwidth for field locations.”</p> <p>Additionally, the agency will work to “enhance <a href="https://www.cdwg.com/search/?key=%22incident%20response%22&amp;searchscope=all&amp;sr=1" target="_blank">enterprise-wide incident response</a> and invest in cyber hunt capabilities.”</p> <p>“Incident response<strong> limits damage and reduces recovery time and costs to the organization</strong>, while cyber hunt capabilities will allow us to proactively identify and remediate cyber threats before they become major issues,” the plan says.</p> <p>From an innovation perspective, the plan notes the DOJ intends to deploy new technology, including machine learning and advanced analytics. It will also seek to ensure “timely access to and use of reliable data for decision making” and give users more mobile solutions that can be accessed anywhere and anytime.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 23 May 2019 14:14:48 +0000 phil.goldstein_6191 42606 at https://fedtechmagazine.com In a Borderless World for Feds, Human-Centric Security Is the Best Defense https://fedtechmagazine.com/article/2019/05/borderless-world-feds-human-centric-security-best-defense <span>In a Borderless World for Feds, Human-Centric Security Is the Best Defense</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/21/2019 - 12:13</span> <div><p>Protecting data has always been a core objective, but doing so has become much more challenging since the advent of the cloud. Today, applications and infrastructure <a href="https://fedtechmagazine.com/article/2019/05/cloud-access-security-brokers-give-agencies-view-cloud">are routinely hosted in the cloud</a>, away from the control of federal CIOs. As such, the protective perimeter that once existed around agency data has given way to <strong>a boundaryless environment in which data is widely distributed, dynamic and difficult to contain and protect</strong>. </p> <p>This massive data sprawl is creating fundamental problems for cybersecurity managers. First, it’s <a href="https://fedtechmagazine.com/article/2018/12/what-casb-and-how-will-cloud-smart-strategy-increase-its-use-perfcon">hard to defend against what you can’t see</a>, and highly dispersed data creates a lack of visibility. </p> <p>Second, traditional security technologies — firewalls and endpoint protection solutions, for example — are not as effective in this environment, considering the fact that they were primarily designed to protect a perimeter that no longer exists and keep people away from data.<strong> Today’s agency employees need access to information, uninhibited by cybersecurity controls</strong>, to ensure the success of their missions. </p> <p>All of this adds up to a rich landscape for potential exploitation. Adversaries don’t see confusion; they see opportunities at intersection points where employees interact with data as it passes between their on-premises and hosted environments. </p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title=""><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">Employees Are the First Line of Cybersecurity Defense</h2> <p>The upshot of all of this is that just as we have evolved from exclusively on-premises infrastructures to cloud-based ones, so must agencies now make the next leap in cybersecurity. Government organizations would do well to <strong>shift their focus away from the security architectures they’ve used for years and move their efforts toward their own people</strong>. In a perimeterless world, employees can be the ultimate bulwarks that stand between hackers and their agencies’ data. </p> <p>People are the beating heart of every organization, but they’re particularly important to federal agencies. People are the instigators of innovation, necessary cogs in the wheels that drive agencies forward, but <strong>they need access to information, nearly at machine speed, to accomplish their goals</strong>. </p> <p>Therein lies the rub. How do you protect data without inhibiting access, especially when that data is in the cloud, beyond your immediate control?</p> <p>One way is by adopting a more targeted and personalized approach to cybersecurity than traditional measures were ever designed to accommodate. Instead of focusing on implementing more perimeter defenses, agencies need to begin focusing on their users’ actions and behaviors, particularly as they pertain to their interactions with sensitive information. </p> <p><a href="https://fedtechmagazine.com/article/2019/05/evolution-identity-and-access-management-solutions-federal-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>See how IAM solutions have evolved for feds. </em></a></p> <h2 id="toc_1">Why an Automated, Risk-Adaptive Approach to Security Works</h2> <p>People tend to behave in very predictable ways. An average federal worker might come into work every day, sit at his or her computer, check email, and access the same files and information. This is all very normal, all very stable.</p> <p>A change in that pattern can indicate that something is wrong. Perhaps the employee’s credentials have been compromised. Whatever the case, it’s incumbent upon the agency’s security team to<strong> respond in a targeted manner that ideally does not impact the work of other employees</strong>. </p> <p>This is possible through what’s known as <strong>a risk-adaptive approach to security</strong>. In this scenario, employees are evaluated and assigned a baseline score for their own “normal” behavioral patterns. </p> <p>They’re then monitored for any deviation from this baseline. A deviation triggers an alert that security administrators can react to quickly as well as a relevant automated enforcement response based on the anonymized digital identity’s elevated risk score. </p> <p>Based on a deviation in behavior patterns, security teams know exactly where the problem lies and can focus automated or manual enforcement efforts on observing or blocking specific activities based on the level of risk the activity represents. </p> <p>This is <strong>far different from the “zero trust” proposition that traditional security solutions typically offer</strong>. Traditional solutions aren’t exactly subtle. They tend to slam the door for the entire organization, and when someone is compromised or makes a mistake, everyone pays. Operations are curtailed, security policies are changed and employees get frustrated — causing them to find workarounds that not only lead to friction between IT and an agency’s users but can also compromise data security.</p> <p>An automated risk-adaptive approach is the better option. <strong>Automation increases the speed of determinization and requires less human interaction. </strong>Monitoring each user’s behavioral patterns — and <strong>streamlining managers’ response to only those incidents that exhibit anomalies in baseline patterns</strong> — can keep systems secure without penalizing everyone. In many ways it is delivering a one-to-one security model versus the one-to-many approach commonly used today.</p> <p>That’s important, because everyone is different. There may be instances where employees regularly require access to sites or technologies that are not typically authorized, for example. Security needs to be more personalized, both to be more effective and to allow people to work in today’s environment.</p> <p><a href="https://fedtechmagazine.com/article/2019/04/post-shutdown-cisa-carves-out-space-cybersecurity" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> See how CISA is establishing itself in the federal cybersecurity realm. </em></a></p> <h2 id="toc_2">Feds Are at a Cybersecurity Crossroads</h2> <p>That environment has led us to a crossroads in our cybersecurity journey. Traditional security measures still have their place in today’s world, but at the same time we can no longer simply put up a firewall to defend our agencies’ infrastructures. We must find new ways to protect data, wherever it exists. </p> <p>People are the most sensible solution. After all, the data is literally in their hands. <strong>By focusing their security efforts on monitoring user behaviors, agencies can effectively enlist users in the fight to protect that data.</strong> In doing so, they can turn the users that hackers may see as a vulnerability <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-dhs-partners-agencies-find-and-protect-high-value-assets">into their organization’s greatest cybersecurity assets</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11706"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/profile-sean-berg-2018.png.jpg?itok=v0VSR6h1" width="58" height="58" alt="Sean Berg is the senior vice president and general manager of global governments and critical infrastructure at Forcepoint." typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11706"> <div>Sean Berg</div> </a> </div> <div class="author-bio"> <p> <div><p>Sean Berg is the senior vice president and general manager of global governments and critical infrastructure at Forcepoint.</p> </div> </p> </div> </div> </div> </div> Tue, 21 May 2019 16:13:34 +0000 phil.goldstein_6191 42601 at https://fedtechmagazine.com Metadata Helps Agencies Get More Value Out of Vast Information Stores https://fedtechmagazine.com/article/2019/05/metadata-helps-agencies-get-more-value-out-vast-information-stores <span>Metadata Helps Agencies Get More Value Out of Vast Information Stores</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 05/20/2019 - 09:20</span> <div><p>When the <a href="https://www.cancer.gov/" target="_blank">National Cancer Institute</a> stores its genome data, naming a file after the type of cancer it contains isn’t enough. The study of cancer is so precise these days that scientists need other identifying characteristics to better target a possible cure, says Jeff Shilling, the agency’s acting CIO.</p> <p><strong>“It’s got to go past, ‘Where did you get it from?’ and ‘What is it?’” </strong>he says. </p> <p>NCI adheres to the notion that <strong>data is only as valuable as its metadata</strong>. <a href="https://whatis.techtarget.com/definition/metadata" target="_blank">As TechTarget notes</a>, metadata “summarizes basic information about data, which can make finding and working with particular instances of data easier.” The more granular the metadata, <strong>the more information agencies can store about it, and the easier it is to catalogue and analyze it</strong>. </p> <p>In the past, a file was associated with its name, the date it was created and when it was last edited. None of that information is useful for identifying the relative value of that data.</p> <p>This is why analysts say modern metadata management will become critical as agencies look to glean more information and benefit from their data. Artificial intelligence and machine learning are at the core of this trend. </p> <p>Using metadata, <strong>agencies can set archive and storage policies more easily and create more consistency</strong>, so data that was once unusable can be accessed, analyzed and shared.</p> <p>“Metadata that’s captured can then be used to identify files and to establish policy around them,” explains Steven Hill, senior analyst for applied infrastructure and storage technologies at 451 Research, an IT research and advisory firm. “And the cool thing is that it’s virtually unlimited in terms of scalability.”</p> <p>The more information an agency has about its data, <a href="https://fedtechmagazine.com/article/2019/05/hci-helps-feds-find-new-ways-store-and-analyze-data" target="_blank">Hill tells <em>FedTech</em></a>, the more flexibility it has in handling and automating it.</p> <p>“This is really about the re-emergence of object storage as the ideal framework for policy-based management because of its metadata capabilities, <strong>as well as its massive scalability</strong>,” he says. </p> <p><a href="https://fedtechmagazine.com/article/2019/03/what-fog-computing-tech-can-spur-government-it-modernization-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how fog computing can help your agency.</em></a></p> <h2 id="toc_0">The Role Metadata Plays in Data Lakes</h2> <p>Metadata is a key element that makes data lakes so valuable. <strong>Data lakes are repositories with flat architectures that can hold data from a wide variety of data formats</strong>, including unstructured data, allowing users to transform and visualize the data into new structures when needed.</p> <p><a href="https://www.linkedin.com/in/cchehreh" target="_blank">Cameron Chehreh</a>, CTO and vice president of pre-sales engineering at <a href="https://www.cdwg.com/content/cdwg/en/brand/emc.html#flash?cm_mmc=Vanity-_-EMC-_-NA-_-NA" target="_blank">Dell EMC Federal</a>, <a href="https://fedtechmagazine.com/article/2019/01/data-lakes-what-they-are-and-how-they-can-benefit-feds-perfcon" target="_blank">has told <em>FedTech</em></a> that data lakes enable agencies to take the data that drives information and insights for them and put the data into “a consolidated and scalable agile repository.”</p> <p>Chehreh notes that another key benefit to data lakes is that they can ingest any type of data. They then create a mechanism for agencies to add metadata around the data so that it can be tagged and easily searched by any user that has secure and proper access to the data lake. <strong>“This allows people the opportunity to drive those deeper insights,”</strong> he says.</p> <p>Agencies also need to strongly consider security when putting data into data lakes, Chehreh says. However, agencies can control access to the data in the data lake through the same security functions and authentication methods they used before, he says. “You control the access to the data through the same security functions you would use today, and then <strong>also have it correlate to the metatags and the metadata that is created around your core data sources</strong>, so that you can still protect the sovereignty of the core information you would protect in today’s world,” he says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/karen-j-bannan"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/bannan.jpg?itok=AUnlK_-q" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/karen-j-bannan"> <div>Karen J. Bannan</div> </a> </div> <div class="author-bio"> <p> <div><p>Karen J. Bannan is a freelance writer and editor who has written for a variety of publications including <em>The New York Times, The Wall Street Journal, Time</em> and <em>CIO.</em></p> </div> </p> </div> </div> </div> </div> Mon, 20 May 2019 13:20:28 +0000 phil.goldstein_6191 42596 at https://fedtechmagazine.com GSA Selects OPM as Third Centers of Excellence Agency https://fedtechmagazine.com/article/2019/05/gsa-selects-opm-third-centers-excellence-agency <span>GSA Selects OPM as Third Centers of Excellence Agency</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 05/17/2019 - 13:45</span> <div><p>The Centers of Excellence train keeps on chugging.</p> <p>On Friday, the General Services Administration <a href="https://www.gsa.gov/about-us/newsroom/news-releases/gsa-opm-partner-in-centers-of-excellence-initiative" target="_blank">announced</a> that it had selected the Office of Personnel Management as the third agency to go through <strong>the CoE IT Modernization program</strong> it has been running, <a href="https://fedtechmagazine.com/article/2018/09/gsa-names-hud-second-centers-excellence-agency">following the Department of Housing and Urban Development</a> and <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-usda-moves-quickly-meet-center-excellence-goals">the Agriculture Department</a>.</p> <p>In a statement, GSA said it will work with OPM to<strong> “help stabilize OPM’s legacy IT systems and enable the agency to modernize its IT capabilities and methods.” </strong>The CoE work that OPM will embark on will also help kickstart “structural change needed to support OPM’s critical human capital strategy mission with 21st century IT infrastructure,” according to the GSA. </p> <p>The five CoEs are run by the GSA and based around<strong> cloud adoption, IT infrastructure optimization, customer experience, service delivery analytics and contact centers</strong>. The goal of the centers is to accelerate modernization by leveraging private-sector expertise and talent, and to provide agencies with consulting and IT engineering services to radically improve the way they design services and interact with their citizens.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <p>The CoE and GSA IT teams will focus on four key areas identified by OPM: IT workforce planning; IT planning and governance; mainframe and disaster recovery planning; and OPM’s retirement services technology portfolio.</p> <p>“The time to address structural changes at OPM is now and GSA is helping us meet the needs of the federal workforce,” OPM Acting Director Margaret Weichert says in a statement. “Aging IT infrastructure at OPM has put the agency in an unsustainable position and hurt OPM’s critical human capital mission. By partnering with GSA — a proven leader in federal IT and technology contracting — through the CoEs, <strong>we are taking steps toward long-overdue transformation in OPM’s IT infrastructure and operations</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 17 May 2019 17:45:03 +0000 phil.goldstein_6191 42591 at https://fedtechmagazine.com Cyberattackers Can Cause Damage in the Blink of an Eye https://fedtechmagazine.com/article/2019/05/cyberattackers-can-cause-damage-blink-eye <span>Cyberattackers Can Cause Damage in the Blink of an Eye</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/16/2019 - 10:17</span> <div><p>Cyber experts may have been pleased that the average dwell time for intruders in 2017 was a mere <strong>101 days</strong>, but now there’s a new statistic to worry about: <strong>19 minutes</strong>.</p> <p>That’s the incredibly short amount of time it takes for Russian adversaries to <strong>move inside a network and cause damage</strong>, according to a report by <a href="https://www.cdwg.com/content/cdwg/en/brand/crowdstrike.html" target="_blank">CrowdStrike</a>. </p> <p>North Korean hackers are the second-­fastest, with a breakout time of 2 hours and 20 minutes; the Chinese come in third at 4 hours. Overall, the average breakout time is about 4 hours and 37 minutes, CrowdStrike writes in its <a href="https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/" target="_blank">2019 Global Threat Report</a>.</p> <p>“As defenders get better at hunting for and identifying intrusions, it has become more important for threat actors to raise their game and accomplish their mission as rapidly as possible,” the report states.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <p>The average breakout time has risen since 2017, when it was 1 hour and 58 minutes. The report attributes this to an increase in<strong> the number of slow-moving adversaries, plus improved security</strong>.</p> <p>But, notes the report, “it is not the sophistication of the tools — which can be bought or stolen from others — that determines the capability of the adversary, but rather their<strong> operational tradecraft and how rapidly they can achieve their objectives</strong>.”</p> <p>The fastest adversaries are not always the most dangerous, states the report: “It doesn’t account for volume of activity — just their speed of lateral movement within the network. Slow adversaries can still cause tremendous damage if they have the motivation to do so.”</p> <p><rc-c2d-menu class="_6772342E312E3130_src-lib-ExtensionContentRunner-_styles_c2dMenu_2ChJF"></rc-c2d-menu></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Thu, 16 May 2019 14:17:26 +0000 phil.goldstein_6191 42586 at https://fedtechmagazine.com Where Do Agencies’ EIS Network Transition Plans Stand? https://fedtechmagazine.com/article/2019/05/where-do-agencies-eis-network-transition-plans-stand <span>Where Do Agencies’ EIS Network Transition Plans Stand? </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/16/2019 - 08:52</span> <div><p>The General Services Administration’s $50 billion <a href="https://www.gsa.gov/technology/technology-purchasing-programs/telecommunications-and-network-services/enterprise-infrastructure-solutions" target="_blank">Enterprise Infrastructure Solutions contract</a> is the network contract that will carry federal agencies into the next decade and beyond. However, they need to transition to it first. </p> <p>EIS, which is <a href="https://fedtechmagazine.com/article/2018/12/how-eis-will-enable-agencies-update-mobile-devices">designed to let agencies modernize their networks</a>, especially via technologies such as <strong>software-defined networking and 5G wireless networks</strong>, replaces the existing Networx contract. Agencies had been required to transition away from the Networx contracting vehicle to EIS by the spring of 2020. However, in December, the GSA <a href="https://www.fedscoop.com/gsa-extends-agencies-deadline-implementing-eis-2023/" target="_blank">extended the deadline to 2023</a> to give agencies more time to switch.</p> <p>Agencies are making progress, according to a GSA spokesperson, and are “working hard, with support from GSA, to finalize their solicitations and get them released to industry as soon as possible.” </p> <p>As of April 16, <strong>47 solicitations</strong> had been submitted to the GSA for scope review, and <strong>20 of those had been released to industry</strong>, the spokesperson says. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">GSA Pushes Agencies to Meet EIS Deadlines</h2> <p>The rate of submission to the GSA and release to industry continues to increase <strong>as agencies strive toward Sept. 30, 2019 awards</strong>, the spokesperson adds. That date is the deadline for agencies to award EIS task orders. On March 31, 2020, the GSA will limit the use of the extended contracts for agencies that have not made task order awards. </p> <p>“Not making this deadline is a yellow light,” Laura Stanton, the GSA’s deputy assistant commissioner for category management in IT category at GSA, said in remarks at an ACT-IAC conference on May 8, <a href="https://fcw.com/articles/2019/05/08/eis-deadline-yellow-rockwell.aspx" target="_blank">according to <em>FCW</em></a>. </p> <p><strong>If an agency misses the Sept. 30 deadline to award an EIS task order, the GSA will increase its efforts with that agency to move to EIS</strong>, according to Stanton, and will work directly with that agency to see how it can aid in the transition.</p> <p>According to <em>FCW</em>, while the September deadline is important, Stanton said that the March 2020 deadline is critical, and if agencies miss that target date, the light <strong>“will go from yellow to red.”</strong> By that point, “agencies may not have the time to make the transition” within the three-year window. </p> <p>According to the GSA, by March 31, 2022, <strong>90 percent</strong> of agencies’ telecom inventory must be off current contracts and moved to EIS. And on May 31, 2023, current Networx, WITS and LSA telecom contracts expire.</p> <p>The GSA is supporting agencies in their transition to EIS in several ways, the GSA spokesperson says. The GSA offers agencies access to its <a href="https://www.gsa.gov/blog/2018/12/06/Extending-Current-Telecommunications-Contracts-To-Allow-For-Successful-EIS-Transition" target="_blank">Transition Ordering Assistance program</a>, “which includes transition planning, solicitation drafting, and expert guidance.” </p> <p>The GSA has also designated agency managers to support each agency with its transition. And the agency hosts the Infrastructure Advisory Group, a customer executive advisory board that meets quarterly. </p> <p>“We published the Fair Opportunity &amp; Ordering Guide, which provides step-by-step guidance for developing agency solicitations,” the spokesperson says. “We also provide transition inventory analysis to collect, validate and maintain transition inventory from the 94 expiring contracts, in addition to Delegation of Procurement Authority training.”</p> <p><a href="https://fedtechmagazine.com/article/2018/09/why-disa-has-embraced-sdn-pentagon-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why DISA has embraced SDN for the Pentagon.</em></a></p> <h2 id="toc_1">How Agencies Plan to Upgrade Telecom technology</h2> <p>Agencies face two clear choices when using EIS to upgrade. <strong>One is a “like for like” transition</strong>, in which agencies would move to services under EIS that are similar to those they use now. <strong>The other route is “modernization,”</strong> in which agencies would jump forward technologically to solutions such as SDN and 5G wireless networks. </p> <p>EIS is designed as a best-in-class total solution, the GSA spokesperson says, “so agencies can access and implement technologies that best meet their mission-critical needs.”</p> <p>Almost every agency’s EIS transition plan proposes modernization efforts that will transform its IT infrastructure, the spokesperson says,<strong> including migration to carrier Ethernet and SDN</strong>. Additionally, the spokesperson adds “many agencies will be purchasing managed services as part of their efforts to modernize.”</p> <p>For example, the State Department wants to replace its legacy time-division multiplexing infrastructure throughout the continental U.S. and potentially overseas as well, Kurt Meves, division chief at the agency, said at the ACT-IAC event, according to <em>FCW</em>. </p> <p>Meves said<strong> “the challenge is getting people off the legacy mentality” that wireline TDM technology is more secure than IP-based services and technology</strong>, <em>FCW</em> reports. </p> <p>The Department of Homeland Security has a more ambitious transition plan, and its contract will cover its headquarters and components. Shawn Hughes, director of the agency's enterprise network modernization program and EIS, said at the conference that DHS components will issue task orders for EIS services from that contract. </p> <p>DHS plans to invest in 5G wireless capabilities to augment its “very brittle” <a href="https://fcw.com/articles/2018/10/30/dhs-onenet-follow-psc.aspx" target="_blank">OneNet backbone</a>, Hughes said. The agency also intends to move to agile software development and cloud services, he added, according to <em>FCW</em>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 16 May 2019 12:52:00 +0000 phil.goldstein_6191 42581 at https://fedtechmagazine.com Summer 2019 https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019 <span>Summer 2019</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 15:09</span> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <span> <span>May</span> <span>15</span> <span>2019</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fdestination%3D%2Fad%2Fimagine-nation-elc-2018%26_exception_statuscode%3D403" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> Wed, 15 May 2019 19:09:52 +0000 phil.goldstein_6191 42576 at https://fedtechmagazine.com OPM Wants Agencies to Plan for the Federal Workforce of the Future https://fedtechmagazine.com/article/2019/05/opm-wants-agencies-plan-federal-workforce-future <span>OPM Wants Agencies to Plan for the Federal Workforce of the Future</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 11:46</span> <div><p>As the federal government continues to address challenges in finding skilled workers for open jobs, especially in the IT and cybersecurity realms, the Office of Personnel Management recently directed federal agencies to detail the gains and obstacles they have faced in implementing workforce goals laid out in <a href="https://www.whitehouse.gov/wp-content/uploads/2018/04/ThePresidentsManagementAgenda.pdf" target="_blank">the President’s Management Agenda</a>.</p> <p><a href="https://www.chcoc.gov/content/human-capital-reviews" target="_blank">In a Feb. 13 memo</a>, Acting OPM Director Margaret Weichert requires the <strong>gathering and sharing of information across agencies about what works best in achieving a 21st-century workforce</strong>, and where federal hiring and reskilling continues to lag.</p> <p>“We’re trying to get a sense of what people are doing and what’s working well <strong>so we can share information about leading practices</strong>,” Weichert tells FedTech. “We’re also looking to find experiences that may challenge their ability to actually move forward and use that for continuous improvement.” </p> <p><a href="https://fedtechmagazine.com/article/2019/05/how-has-government-shutdown-impacted-federal-it" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Discover how the government shutdown continues to ripple through federal IT. </em></a></p> <h2 id="toc_0">How to Create a 21st-Century Workforce</h2> <p>The President’s Management Agenda lays out a long-term vision for modernizing the federal government in areas that will “improve the ability of agencies to deliver mission outcomes, provide excellent service, and effectively steward taxpayer dollars on behalf of the American people,” according to its mission statement. </p> <p>For many federal agencies, a hurdle to achieving those goals is having the right skilled workforce in place. Much like in the private sector, finding talented people for government IT and cyber jobs has been the toughest gap to fill. <strong>Nearly 314,000 cybersecurity positions are open in the U.S., and about 17,000 are in the public sector</strong>, according to <a href="https://www.cyberseek.org/" target="_blank">CyberSeek</a>, a <a href="https://www.nist.gov/itl/applied-cybersecurity/nice" target="_blank">National Initiative for Cybersecurity Education</a> online tool that collects jobs data. Weichert says that the federal government also has the unique challenge of finding skilled candidates for attorney and law enforcement jobs.</p> <p>Weichert says that one of the first things she saw when she took on her role was that IT modernization in government “overall wasn’t simply a challenge of old technology, but a challenge of the fact that <strong>we weren’t well set up from a human capital standpoint to actually do the changes that were needed</strong>.” </p> <p>She also noticed that modernization efforts had failed because no one had thought about <strong>how to upskill the workforce already in place</strong>, and that “we outsourced so much of our technology capability that we don’t have the resources in government to do many of the tasks that we need to do around modernization, including things like procurement,” she says. </p> <p>Steps toward filling in those gaps include addressing the need to bring in new talent and finding who in the current federal talent pool would be suitable for these jobs. </p> <p><a href="https://fedtechmagazine.com/article/2019/01/digital-twin-technology-what-digital-twin-and-how-can-agencies-use-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out what digital twin technology is and how agencies can use it. </em></a></p> <h2 id="toc_1">Finding New Talent Inside and Outside the Government</h2> <p>Of the Feb. 13 memo, <a href="https://www2.deloitte.com/us/en/profiles/semorris.html" target="_blank">Sean Morris</a>, government and public services human capital leader at Deloitte, says, “to me, this is a positive step in the right direction, to put policies and procedures and best practices in place so the government can continue to evolve.” </p> <p>Right now, he says, many government organizations have “mid-20th-century structures that worked really well in the Cold War” but not today, especially given how the economy has radically changed since then. </p> <p>“We need the ability to<strong> break down some of those structures</strong>, and more important, have the ability for those very talented individuals that are going to stay with the government<strong> to have mobility across those traditional hard structures</strong>. That’s a leverage point for the government to utilize — that becomes a huge asset for them,” he says.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <p>Since the release of the memo, he has seen government clients reach out and ask “how do we think this through? We are being asked increasingly to give our perspective on this and what the government could do to start to move the needle a little bit.” </p> <p>This move to bring more talent into the federal government has been paired with efforts to identify workers already there who are candidates for what Weichert calls “upskilling,” which is “giving them the skills so they will be able to fill some of the roles that are exceedingly hard to recruit for in government,” she says.</p> <p>In April, the agency <a href="https://www.cio.gov/reskilling/" target="_blank">inaugurated its first Federal Cyber Reskilling Academy class</a>. <strong>More than 1,500 federal workers with nontechnical backgrounds applied </strong>to be part of the academy, far more than OPM expected. “This was our first go-round with no major advertising push,” Weichert says. About 200 candidates passed the program’s initial aptitude test, which led the agency to <strong>expand the first class size from 25 to 30</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/how-federal-it-leaders-can-adapt-accelerating-tech-change" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how federal IT leaders can adapt to accelerating technological change. </em></a></p> <h2 id="toc_2">How to Speed Up Hiring in Federal IT</h2> <p>Helping with these efforts is <a href="https://www.federaltimes.com/management/hr/2019/04/03/agency-heads-to-get-special-hiring-authority-for-tech-workers/" target="_blank">an April 3 rule change</a> that allows federal agencies to declare special hiring authority if they can show critical need or severe staff shortages in IT positions.</p> <p>“The federal government has a notoriously difficult time navigating the labyrinth of the hiring process to fill important vacancies,” says <a href="https://www.grantthornton.com/people/bios/s/sf-si/shea-robert.aspx" target="_blank">Robert Shea</a>, principal and public sector strategy lead at Grant Thornton. “This allows them to circumvent those processes and hire someone without having to compete for the position. So, if you have those skills the agencies can hire those individuals.” </p> <p><strong>The key is for agencies to demonstrate they have a critical need.</strong> “Once they do that, they should be able to dramatically reduce the time to hire,” he says. </p> <p>Weichert says this rule change is not only crucial in order to bring new people into federal government but also to stop losing employees it already has to the private sector. </p> <p>“You might have someone who really wants to support the mission of the Veteran’s Administration, but if they’ve got five other job offers and we take six to nine months to fill a slot, people can’t wait around,” she says. That’s critical when it comes to law enforcement jobs, where local police departments can hire candidates faster. </p> <p>Morris says he is encouraged by these recent steps, and that they <strong>should make a big dent in skilled job openings in the federal government</strong>. “It’s an exciting time in the government. What Weichert and her team are putting out there is really good, and I think ultimately will get us where we need to go,” he says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/jen-miller"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/u--2vU_g_400x400.jpg?itok=X9PVb1Ma" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/jen-miller"> <div>Jen A. Miller</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=byJenAMiller&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Jen A. Miller writes about technology for CIO.com. She's also a contributor to the <em>New York Times</em>, <em>Washington Post</em> and the <em>Guardian</em>. Her most recent book, <em>Running: A Love Story</em> was published in March.</p> </div> </p> </div> </div> </div> </div> Wed, 15 May 2019 15:46:46 +0000 phil.goldstein_6191 42571 at https://fedtechmagazine.com Creative Workers Power the Government Engine https://fedtechmagazine.com/article/2019/05/creative-workers-power-government-engine <span>Creative Workers Power the Government Engine</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/14/2019 - 09:19</span> <div><p>No matter what issues grab public attention when it comes to the federal government, there is one consistent topic you should hear more about: the unending dedication of the people who have made government their career.</p> <p>This is an era of great change for the government. Agencies are <strong>modernizing their legacy technology, increasingly emphasizing customer service, keeping up with the ever-faster pace of private-sector IT developments</strong> — and they’re doing this even with limited budgets.</p> <p>The government itself is working on creative solutions to the agencies’ fiscal needs. It has turned to new vehicles <a href="https://fedtechmagazine.com/article/2019/04/how-are-agencies-modernizing-tech-their-tmf-funds">such as the Technology Management Fund</a>, which essentially provides loans to agencies trying to boost cybersecurity and improve their technology; <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-usda-moves-quickly-meet-center-excellence-goals">or the Centers of Excellence program</a>, designed to<strong> help agencies better coordinate modernization plans and develop new best practices</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/digital-twin-technology-what-digital-twin-and-how-can-agencies-use-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out what digital twin technology is and how agencies can use it. </em></a></p> <h2 id="toc_0">IT Leaders Should Remember That Ideas Come From Everywhere</h2> <p>Creativity, however, doesn’t only flow from the top. Take, for example, the agencies working to comply with the Continuous Diagnostics and Mitigation program, a Department of Homeland Security initiative to strengthen cybersecurity. In “<a href="https://fedtechmagazine.com/article/2019/05/sba-interior-energy-find-different-effective-ways-deploy-cdm">SBA, Interior, Energy Find Different but Effective Ways to Deploy CDM</a>,” officials at the Small Business Administration describe how they meshed their cloud migration plans with DHS’ standard on-premises requirements — <strong>a success that resulted in DHS pilots to test cloud-based cybersecurity tools</strong>.</p> <p>“<a href="https://fedtechmagazine.com/article/2019/05/va-sba-and-noaa-modernize-their-apps-improve-user-experience">VA, SBA and NOAA Modernize Their Apps to Improve User Experience</a>” discusses the Department of Veterans Affairs and its efforts to<strong> make agency application programming interfaces available to third parties</strong> while making sure that activity inside the network was still visible and protected.</p> <p>And the Army employs an agile structure, placing blue-jeaned civilians and uniformed personnel in an open-office environment to design an upgrade for its unwieldy payroll system (“<a href="https://fedtechmagazine.com/article/2019/05/qa-col-darby-mcnulty-commercial-tools-behind-armys-payroll-modernization">Q&amp;A: Col. Darby McNulty on the Commercial Tools Behind the Army’s Payroll Modernization</a>”) </p> <p>Yet creativity and dedication aren’t the only qualities that government employees display on a daily basis; they’re also resilient. In our special roundtable, “<a href="https://fedtechmagazine.com/article/2019/05/how-has-government-shutdown-impacted-federal-it">How Has the Government Shutdown Impacted Federal IT?</a>,” <strong>former federal CIOs talk about how agencies recover long-term from a historically long closure</strong>.</p> <p>Technology is the key to modernizing government, but the employees, it seems, are the real — and the really creative — drivers.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/ryan-petersen"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/ryan-petersen-2013-headshot.jpg?itok=iV6msfy0" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/ryan-petersen"> <div>Ryan Petersen</div> </a> <a target="_blank" class="google-plus" href="https://plus.google.com/110888965639568833839/posts?rel=author"><span>Google+</span></a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=RyanPete&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Ryan has been a magazine and newspaper editor for 18 years, with the last 12 covering a variety of bases for CDW’s family of tech magazines. As Editor in Chief, he works on developing editorial strategy and is always on the lookout for new writing talent and sharing great stories with the IT world. In his spare time, Ryan enjoys spending time with his family, biking and obsessively following Iowa Hawkeye sports and Cubs baseball.</p> </div> </p> </div> </div> </div> </div> Tue, 14 May 2019 13:19:05 +0000 phil.goldstein_6191 42561 at https://fedtechmagazine.com