FedTech Magazine - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en Review: Belkin KVM Separates Feds' Data with Unparalleled Flexibility and Security https://fedtechmagazine.com/article/2019/04/review-belkin-kvm-separates-feds-data-unparalleled-flexibility-and-security <span>Review: Belkin KVM Separates Feds&#039; Data with Unparalleled Flexibility and Security </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 04/25/2019 - 08:05</span> <div><p>Most people these days have more than one computing device in their office or on their desk, and before the invention of keyboard-video-mouse switches, each device required its own display and input peripherals.</p> <p><strong>KVM switches</strong> changed that, making it possible for <strong>multiple computers to share a single display, keyboard and mouse — even audio channels</strong>. This was a great solution, but employees who needed to access normal and classified networks were often forbidden from joining the clutter-cutting revolution.</p> <p>In response, companies invented <strong>secure KVM switches</strong>, which can fully isolate all channels so that no information is able to pass between them. The <a href="https://www.cdwg.com/product/belkin-advanced-secure-displayport-kvm-switch-with-dcu-kvm-audio-switch/3117825" target="_blank">Belkin Advanced Secure DisplayPort KVM/audio switch</a> is one of the most innovative and secure KVMs ever made.</p> <p>Designed with the federal workforce in mind, it<strong> allows up to four computers to share one keyboard and mouse, plus one or two monitors</strong>. Each channel is fully isolated, and the KVM is certified to <a href="https://www.us-cert.gov/bsi/articles/best-practices/requirements-engineering/the-common-criteria" target="_blank">Common Criteria EAL4+</a> and <a href="https://www.niap-ccevs.org/Profile/PP.cfm" target="_blank">NIAP Protection Profile 3.0</a>. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity_IR_howstrong_700x220.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Cybersecurity_IR_howstrong_700x220.jpg" /></a></p> <h2 id="toc_0">Belkin’s KVM Lets Feds Operate Securely in Multiple Environments</h2> <p>Especially for feds, each computer connecting to the KVM <strong>has a port reserved for a Common Access Card reader</strong> for more security.</p> <p>Unlike most KVMs that limit what cables can be connected, the new <a href="https://www.cdwg.com/content/cdwg/en/brand/belkin.html?enkwrd=Belkin" target="_blank">Belkin</a> KVM <strong>works in mixed video environments thanks to its autosensing ports</strong>. When either an HDMI or a DisplayPort cable is connected, the KVM will detect it and configure the video channel accordingly.</p> <p>A desktop controller unit port allows users to program colors and text to appear on their display when working with various systems,<strong> perhaps to remind them when they are using a classified network</strong>. The DCU also enables browsing of available networks and switching to them from the desktop.</p> <p>The hardware-based buttons, which can also switch feeds, <strong>come with stickers for federal network names, such as SIPR, JWICS, NSA and NIPR</strong>, plus stickers for secret, classified and unclassified networks, for easy labeling.</p> <p>The Belkin Advanced Secure DisplayPort KVM Switch lets feds seamlessly combine devices and networks of any security level, enabling local networking and reducing clutter without any risk of data leakage.</p> <p><img alt="The Belkin Advanced Secure DisplayPort KVM/audio switch " data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT-Q119_PR_Harbaugh_product_0.jpg" /></p> <h2 id="toc_1">Agencies Gain a Fortress of Solitude with Belkin’s KVM</h2> <p>Designed specifically for the federal workforce, the Belkin Advanced Secure DisplayPort KVM Switch has a surprising number of advanced features, such as <strong>autosensing display ports and a programable desktop controller.</strong> But all that would be meaningless if the device were not fully secure.</p> <p>The Belkin KVM has impressive certifications, including Common Criteria EAL4+ and NIAP Protection Profile 3.0. And it offers a dedicated Common Access Card reader for each of the four devices that connect to it.</p> <p>We tested security in a variety of ways, including t<strong>rying to overload the keyboard buffer while switching inputs, which might allow characters typed on a secure network to appear on an unsecure one</strong>. That didn’t happen, as the KVM was able to clear the keyboard buffer before connecting to the new device. </p> <p>It also <strong>restricted the discovery of new devices during the switch-over process </strong>— a specific vulnerability that used to stymie older secure KVM switches. This KVM will allow the mouse to work, but won’t allow things like USB devices to connect in the interim.</p> <p>There is also physical security, which is sometimes overlooked, but which is critical in secure government installations. A holographic sticker is tightly glued to the main seam that provides access to the guts of the KVM, so <strong>the KVM can’t be opened up without first peeling off the heavy sticker</strong>. The shiny silver hologram is destroyed if anyone tries to remove the sticker, providing ample evidence if there’s any attempt to pry the KVM open. It is impossible to safely remove the sticker, open the device and then replace the hologram to cover up the intrusion.</p> <p>But the sticker is just the first line of physical defense. Should someone remove the hologram and crack open the KVM, the device will self-destruct. Not in a <em>Mission: Impossible</em> style, with smoke and fire, but effectively nonetheless: <strong>The device simply renders itself inoperable</strong>. When the KVM powers up after a tampering attempt, its lights merely blink to indicate that tampering has occurred. No inputs will function, and no connected computers will send any data through to the attached display. </p> <p>The Belkin Advanced Secure DisplayPort KVM Switch is ready to report for duty at any federal office that requires consolidation of multiple computing devices while keeping the data on them secure and separated. It provides more than enough hardware- and software-based security to accomplish that mission.</p> <h3 id="toc_0">Belkin Advanced Secure DisplayPort KVM</h3> <p><strong>Secure Ports</strong>: 4<br /><strong>Video Formats</strong>: HDMI, DisplayPort<br /><strong>Max HDMI Frame Rate</strong>: 4K at 60Hz<br /><strong>Max Display Port Frame Rate</strong>: 4K at 30Hz<br /><strong>Dimensions</strong>: 13.4x7x3.1 inches<br /><strong>Weight</strong>: 3.9 pounds</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/john-breeden-ii"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/john-breeden-ii.jpg?itok=qht_53sT" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/john-breeden-ii"> <div>John Breeden II</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=LabGuys&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>John Breeden II is an award-winning reviewer and public speaker with 20 years of experience covering technology.</p> </div> </p> </div> </div> </div> </div> Thu, 25 Apr 2019 12:05:16 +0000 phil.goldstein_6191 42446 at https://fedtechmagazine.com How Are Agencies Modernizing Tech via Their TMF Funds? https://fedtechmagazine.com/article/2019/04/how-are-agencies-modernizing-tech-their-tmf-funds <span>How Are Agencies Modernizing Tech via Their TMF Funds?</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 04/24/2019 - 14:25</span> <div><p>For federal agencies implementing <a href="https://tmf.cio.gov/" target="_blank">Technology Modernization Fund projects</a>, the pace can seem comparable to that of a software download on a home computer. Momentum starts at a crawl. Then, toward the middle of the process, it picks up speed and takes mere seconds to complete.</p> <p>Agencies with <a href="https://tmf.cio.gov/projects/" target="_blank">TMF-approved projects</a> are in the beginning stage of that trajectory. But project leaders say <strong>they expect to soon start picking up speed</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2017/12/how-mgt-act-will-spur-agencies-it-investments-2018-and-beyond">The Modernizing Government Technology Act established</a> an initial <strong>$100 million</strong> allocation for the TMF in fiscal year 2018. The fund received another <strong>$150 million</strong> for the current fiscal year. A proposed fiscal year 2020 budget appropriation didn’t include any more TMF money, but <a href="https://fcw.com/articles/2019/02/14/tmf-funded-approps-bill.aspx" target="_blank">Congress has since added $25 million</a>.</p> <p>The TMF essentially serves as a loan fund, with the expectation that the improvements will save money that agencies can use to pay back the government over a designated period of time. It allows agencies to replace and update old legacy systems that are expensive to maintain but require significant investment to improve. </p> <p><strong>“It’s getting over that capital expenditure hump,”</strong> says Energy Department CIO Max Everett.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_0">Energy Department Moves to Cloud-Based Email</h2> <p>Even before receiving a <strong>$15.2 million</strong> allocation from the TMF, the Department of Energy <a href="https://fedtechmagazine.com/article/2019/03/energy-department-aims-consolidate-email-systems">had shifted 19 of its on-premises email systems</a> to the offsite servers of the cloud. TMF money allows it to accelerate the conversion of 26 remaining email operations.</p> <p>The agency experienced the benefits of the cloud with the earlier move of its headquarters email system. Each independent email operation needs hardware refreshes, third-party software license updates and security fixes — plus its own data center hosting, Everett says. </p> <p><strong>“Those costs all started to drop once we made the move over,” </strong>he says.</p> <p>The agency is working on a contract with an outside provider to do the cloud conversion for the remaining DOE offices and national laboratories that had not made the move. The procurement process got held up by a timing issue, Everett says, but once in place, it will get the project rolling.</p> <p><a href="https://fedtechmagazine.com/article/2019/04/how-ai-will-reshape-federal-workforce" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how AI will reshape the federal workforce.</em></a></p> <h2 id="toc_1">USDA Seeks to Streamline Operations</h2> <p>For the Agriculture Department (which was the first agency to go through the General Services Administration’s <a href="https://fedtechmagazine.com/article/2018/08/white-house-gears-next-phase-it-modernization">Centers of Excellence IT modernization program</a>), the TMF also accelerated an existing plan to consolidate two divisions of the agency’s <a href="https://www.usda.gov/our-agency/about-usda/mission-areas" target="_blank">Farm Production and Conservation</a> mission area. The project brings together the <a href="https://www.fsa.usda.gov/" target="_blank">Farm Service Agency</a> and <a href="https://www.nrcs.usda.gov/wps/portal/nrcs/site/national/home/" target="_blank">Natural Resources Conservation Service</a> to <strong>share information, streamline operations and get information to farmers faster and more easily to help them implement better practices</strong>. </p> <p>Between them, those divisions oversee 22 programs involving reams of paperwork, says Chad Sheridan, service delivery and operations branch chief for the USDA’s Information Solutions Division. “I think they’ve got 113-plus different forms or ways of obtaining information,” he says.</p> <p>The first step was <strong>a major analysis and re-engineering of business processes</strong>, which has taken about six months since it began in September, Sheridan says. With a <strong>$10 million </strong>allotment from the TMF, the USDA has spent much of the initial <strong>$4 million</strong> on outside consulting teams to examine the way those two operations work and ultimately design digital tools to help them work more efficiently and with greater ease for the end users: the farmers.</p> <p>Consulting teams built around four major programs have completed the business process mapping and are assessing the platforms those programs use to determine whether they are the most effective.</p> <p>“So, we’re going to be about nine months in when we start banging on keyboards,” Sheridan adds. </p> <h2 id="toc_2">HUD Aims to Get Off Mainframes and into the Cloud</h2> <p>These are complex projects requiring meticulous and methodical back-end work. The Department of Housing and Urban Development received <strong>$20 million </strong>from the TMF to migrate its UNISYS mainframe system to the cloud. With the first <strong>$5 million </strong>of that allotment, the agency awarded a contract to take its largest operation off the mainframe.</p> <p>It’s the <a href="https://www.hud.gov/program_offices/officeofadministration/privacy_act/sorns/h_05" target="_blank">Computerized Homes Underwriting Management System</a>, CHUMS, which collects borrowers’ personal data to determine eligibility for a Federal Housing Administration-insured mortgage.</p> <p>“It has about <strong>1.2 million</strong> lines of code,” says HUD CTO Mark Hayes.</p> <p>The HUD team has t<strong>urned off about 400,000 lines of code </strong>that are no longer needed and will convert the rest to the cloud. As of March, Hayes says, they have moved about <strong>10 percent of</strong> that remaining amount.</p> <p>Additionally, HUD has moved and tested its relational database. The hierarchical database is more challenging and will take longer, but he expects to complete that by late summer. </p> <p>The contractors also completed about <strong>50 percent</strong> of the test scripts for the program to confirm that the converted code is functioning properly, Hayes says. Initial tests of access speed on the cloud’s SQL database show much improved performance over the mainframe.</p> <p>“I feel very comfortable where we are right now,” he says. “We’re a little over six months into it, <strong>and I feel like we’ve made tremendous progress.</strong>”</p> <p><a href="https://fedtechmagazine.com/article/2019/01/digital-twin-technology-what-digital-twin-and-how-can-agencies-use-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out what digital twin technology is and how agencies can use it. </em></a></p> <h2 id="toc_3">Energy, USDA, HUD Plan Next Steps in Modernization</h2> <p>The USDA plans to request a portion of the remaining $6 million to develop a “minimum viable product,” Sheridan says, meaning an update that he can deliver more quickly to provide some initial improvements but without taking the time and resources required for a huge overhaul. He hopes the teams have identified and started work on that product by June. </p> <p>“The target right now is to focus on what things we can have in the business that can change,” he says. “There’s an economic benefit to getting something in the hands of our customers earlier.” </p> <p>At DOE, sections that have made the email switch can help others with lessons learned, which will make the process faster going forward, Everett says. <strong>Locations with mission-critical systems will come onto the cloud later. </strong>These include the power-marketing administration that oversees electricity transmission and big hydroelectric operations that serve customers in the West.</p> <p>“People rely on them to keep the lights on,” he says. </p> <p>Labs with national security missions, <a href="https://fedtechmagazine.com/article/2019/04/energy-departments-sandia-labs-turns-tables-hackers">like Sandia National Laboratories</a>, require proper security in place before conversion to mitigate risks and move quickly so as not to disrupt operations, he explained. </p> <p>“Two years from now, <strong>all of the departments that we think are appropriate will be on cloud email</strong>,” Everett says. </p> <p>HUD was approved last month for the second round of $5 million, according to Hayes. “We were thrilled with that,” he says. “We felt it was a validation of all of our efforts.”</p> <p>He and other agency leaders say they have yet to identify future projects they would like to tackle with the TMF. For now, HUD hopes the existing projects will help prove the fund’s value as a resource to keep federal government operations current.</p> <p>“You feel that pressure to succeed for the benefit of the TMF,” Hayes says, “<strong>so it can be there as a benefit for other agencies</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/carolyn-shapiro"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/Carolyn%20Shapiro%20headshot.jpg?itok=jAl8Kga-" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/carolyn-shapiro"> <div>Carolyn Shapiro</div> </a> </div> <div class="author-bio"> <p> <div><p>Carolyn Shapiro is a freelance journalist based in Burlington, Vt., with expertise in covering business and technology, health and science, consumer issues and the food industry.</p> </div> </p> </div> </div> </div> </div> Wed, 24 Apr 2019 18:25:07 +0000 phil.goldstein_6191 42441 at https://fedtechmagazine.com How to Think About Federal Cloud Security in 2019 https://fedtechmagazine.com/article/2019/04/how-think-about-federal-cloud-security-2019 <span>How to Think About Federal Cloud Security in 2019 </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 04/23/2019 - 11:57</span> <div><p>Many federal agencies are being tasked with <a href="https://fedtechmagazine.com/article/2018/09/white-house-unveils-new-cloud-smart-strategy">moving toward a cloud-first model</a>. This means applications and nation-critical data will now reside in the cloud. <a href="https://fedtechmagazine.com/article/2018/11/data-migration-process-how-agencies-can-successfully-move-data-modern-systems-perfcon">This data migration</a> places high-value data in the trust of private sector companies. <strong>What do agencies need to consider when navigating the path to the cloud?</strong></p> <p>Migrating existing workloads to cloud environments is more difficult than many assume, especially when contrasted with building an IT architecture from the ground up. Using traditional architecture, administrators can make certain controlled assumptions on how it ought to be designed for specific use cases, especially from a security standpoint. Admins dictate the security controls that they have in place.</p> <p>However, moving to the cloud lessens an agency’s grip on certain policies, and there is <strong>a trade-off between visibility and agility</strong>. Most <a href="https://fedtechmagazine.com/article/2018/11/what-casb-solution-and-how-can-feds-benefit-it-perfcon">security controls in cloud environments</a> are not the same as in on-premises environments. The “shared responsibility model” works differently for each cloud vendor, and in a multicloud architecture, agencies need to understand the security specifics of each and every platform. </p> <p>For example, <strong>what’s the equivalent of flow log data or firewall logs in the cloud</strong>? And should the agency invest the security team’s time into looking at them in cloud environments? Exactly how much do cloud customers need to be involved in the day-to-day of security operations? </p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" id="" rel="" target="_blank" title=""><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a><span title="Click and drag to resize">​</span></p> <h2 id="toc_0">What Is Driving Feds to the Cloud?</h2> <p>A large push to the cloud for federal agencies is <strong>cost savings</strong>. However, most cost gains are achieved not by moving virtual machines to the cloud but by re-architecting infrastructure to leverage native cloud services and components. Workload “fit” varies by service, and overlapping services make deciding on a cloud service provider difficult. IT leaders need to <strong>dive deep on understanding the limits and assumptions of each service</strong>. This means needing to understand not only how the service works, but also how each “dependent” service works, so that IT leaders and their staff can ensure high availability and that disaster recovery works as expected. </p> <p>For now, high critical workloads for federal agencies may require a transition plan where agencies build <strong>a hybrid architecture that involves cloud and on-premises components</strong>. As assurance metrics improve over time, they can consider migrating more workloads to cloud services. For now, agencies should retain some small on-premises components as a fail-safe.</p> <p>If cost is the driving factor, then IT leaders must also factor in the possibility of having to <strong>migrate workloads across many cloud infrastructures</strong>. This means picking a subset of cloud service designs that are “cloud vendor agnostic.” Yet many of the big cost gains are seen when adopting vendor-specific services that are not available on other platforms. However, this creates a vendor lock-in risk for future rate hikes, which can negate the cost benefits of moving to the cloud. </p> <p><a href="https://fedtechmagazine.com/article/2019/02/federal-cloud-first-agenda-will-pay-new-ways-agencies" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Learn how embracing a cloud computing architecture can benefit your federal agency. </em></a></p> <h2 id="toc_1">Best Practices for Cloud Security</h2> <p>When migrating workloads to the cloud, most security engineering teams need to adopt strategies to work with system owners at scale. That means for each system, security should not require deep personalized involvement during the accreditation process.</p> <p>Rather than accrediting individual systems, <strong>security teams should accredit and certify entire cloud service components</strong>. This involves building mechanisms to make it easy for system owners to “self-certify” by leveraging best practices within each cloud service and documenting notable exceptions. </p> <p>Security teams then focus their time on <strong>understanding each exception and determining if the risk and mitigation are acceptable to proceed</strong>. As new cloud services are launched, security teams should maintain a whitelist of pre-approved services that system owners can pick and choose from. This list would ideally grow over time, based on demand. </p> <p>With the increasing ease of accessibility to utilize cloud services across the organization, security teams need to detect and manage “dark and rogue IT” components in a systematic way. This is true for all organizations, yet even more so for federal agencies that are targeted by increasingly sophisticated nation-state-sponsored levels of attacks. </p> <p><strong>Reducing friction in the accreditation process also helps minimize dark IT. </strong>A new strategy that security teams haven’t really employed in the past is tracking cloud spend and billing to uncover dark IT. This is just one of many examples of how security needs to extend its reach and partner more closely with business units across the organization. Moving to the cloud means everyone becomes responsible for security. </p> <p>Migrating to the cloud for federal agencies offers many benefits and is an inevitability. But the path to get there opens up new choices that must be weighed against each other. Going to a cloud-first model isn’t something that needs to be rushed today. For federal agencies specifically, there are many reasons to first step into a hybrid model. However, cloud ought to be an aspiration when designing for the future.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11651"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/Darien_Kindlund.jpg?itok=tK9fzgL7" width="58" height="58" alt="Darien Kindlund" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11651"> <div>Darien Kindlund</div> </a> </div> <div class="author-bio"> <p> <div><p>Darien Kindlund is a veteran security principal who has developed multiple tactical and strategic security programs focused on advanced threat detection and response. As vice president of technology at Insight Engines, Kindlund works with leading natural language processing and machine learning experts to develop cybersecurity-focused solutions for our global customers.</p> </div> </p> </div> </div> </div> </div> Tue, 23 Apr 2019 15:57:08 +0000 phil.goldstein_6191 42436 at https://fedtechmagazine.com The Benefits of Edge Computing for Feds https://fedtechmagazine.com/article/2019/04/benefits-edge-computing-feds <span>The Benefits of Edge Computing for Feds </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 04/22/2019 - 10:18</span> <div><p>Every federal agency knows the value and importance of <a href="https://fedtechmagazine.com/article/2019/02/iaas-vs-paas-vs-saas-what-cloud-strategy-right-your-agency-perfcon">shifting to cloud infrastructure</a>. But what about edge computing? </p> <p>As agencies deploy more Internet of Things sensors and demand more robust mobile and computing capabilities in the field, <strong>more of that data processing will be happening where devices and users are located – at the network edge</strong>. </p> <p>Edge computing is essentially about bringing compute capabilities to where agencies’ missions take place, and the technology allows data to be processed without it traveling back to a data center. </p> <p>This is where industry and government seem to be trending. <a href="https://www.gartner.com/doc/reprints?id=1-4WDVFD0&amp;ct=180417&amp;st=sb" target="_blank">Gartner predicted last year</a> that by 2025, <strong>80 percent</strong> of enterprises will have shut down their traditional data centers, <strong>versus 10 percent</strong> from 2018. <a href="https://www.gartner.com/smarterwithgartner/what-edge-computing-means-for-infrastructure-and-operations-leaders/" target="_blank">Gartner also reported in 2018 </a>that around <strong>10 percent</strong> of enterprise-generated data was created and processed outside a traditional centralized data center or cloud. By 2025, Gartner projected, this figure would jump to<strong> 75 percent</strong>. </p> <p>Edge allows agencies to <strong>take the power of the cloud all the way to the network edge</strong>, especially to areas where they have not been able to use it before. Agencies can <strong>perform data analytics and processing and gain insights at the edge before routing that data back</strong> to centralized data centers for further analysis. </p> <p><a href="https://fedtechmagazine.com/article/2019/01/how-navy-uses-vr-help-train-aircraft-carrier-crews" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>See how the Navy uses VR to train aircraft carrier crews.</em></a></p> <h2 id="toc_0">How Agencies Can Take Advantage of Edge Computing</h2> <p>Edge computing allows agencies to deploy smarter sensors and compute capacity closer to the data they are creating and analyzing to get better insights as the data flows through their networks and ultimately back to a data center or enterprise cloud. </p> <p>Numerous agencies are already taking advantage of edge computing. The armed forces are using edge computing since so many of their users are deployed away from home bases and data centers. </p> <p>But edge computing is also relevant to civilian agencies like the <a href="https://www.fema.gov/" target="_blank">Federal Emergency Management Agency</a>, which deploys users into the field to respond to disasters. Those users need to hav<strong>e low-latency data processing and communications</strong>, meaning that it takes a short time for them to get a response from the network. Edge computing enables that.</p> <p>“It allows you to take the power of edge computing and tactical cloud into areas where you haven’t been able to take them before,<strong> so that you can produce great results from a mission perspective</strong>,” Cameron Chehreh, COO and CTO of <a href="https://www.cdwg.com/content/cdwg/en/brand/emc.html" target="_blank">Dell EMC Federal</a>, <a href="https://fedtechmagazine.com/article/2019/02/edge-computing-air-force-and-fema-take-advantage-intelligent-edge-perfcon">previously told <em>FedTech</em></a>. “And then, when you can connect back to networks, you can harness further the data you have collected and the information you have analyzed already at the tactical edge, but now fuse it with your enterprise data to create a more holistic picture.”</p> <p>There are a variety of edge computing solutions agencies can use, including solutions from vendors such as Dell EMC, <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> and <a href="https://www.cdwg.com/content/cdwg/en/brand/nutanix.html" target="_blank">Nutanix</a>. </p> <p>For example, Dell partners with Microsoft to deliver cloud capabilities to tactical environments for the Air Force’s air operations centers around the globe. With Microsoft <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoftazure.html" target="_blank">Azure</a> Stack, the Air Force can build next-generation apps in the tactical cloud. <strong>The Air Force saved almost $1 million a week </strong>in tanker refueling costs via edge and cloud computing, Chehreh told <em>FedTech</em>. </p> <p>Using the Dell Pivotal Cloud Foundry platform, the company helped train Air Force developers to build and deploy a tanker refueling application, he says. The software provides better predictive logistics, especially for refueling planes when they are in the air.</p> <p>Edge computing has numerous civilian applications. FEMA can use edge computing to do facial recognition onsite to collect information about disaster survivors. And the Agriculture Department uses edge computing for activities like heavier geological surveys. For example, USDA workers can use it to perform onsite soil sample analysis. </p> <p>Edge computing can allow agencies to <strong>harness the power of their data in ways they could not before</strong>. And it will allow federal IT leaders to more effectively help their agencies achieve their missions.</p> <p><em>This article is part of </em>FedTech's <em><a href="https://fedtechmagazine.com/capital" tabindex="-1">CapITal blog series</a>. Please join the discussion on Twitter by using the <a href="http://twitter.com/hashtag/FedIT" tabindex="-1" target="_blank">#FedIT</a> hashtag.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://fedtechmagazine.com/capital" tabindex="-1" target="_blank"><img alt="CapITal blog logo" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/CapITal_Logo.jpg" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11646"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/a726-1280x1280.jpeg.jpg?itok=nTuUawCT" width="58" height="58" alt="Brian Costello" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11646"> <div>Brian Costello</div> </a> </div> <div class="author-bio"> <p> <div><p>Brian is a district sales manager at CDW.</p> </div> </p> </div> </div> </div> </div> Mon, 22 Apr 2019 14:18:53 +0000 phil.goldstein_6191 42431 at https://fedtechmagazine.com Why Windows 10’s Security Features Are a Draw for Feds https://fedtechmagazine.com/article/2019/04/why-windows-10s-security-features-are-draw-feds-perfcon <span>Why Windows 10’s Security Features Are a Draw for Feds</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 04/19/2019 - 11:52</span> <div><p>As federal agencies race to adopt <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a>’s <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/windows-10.html" target="_blank">Windows 10 platform</a> ahead of the <a href="https://fedtechmagazine.com/article/2019/01/migrate-windows-7-windows-10-theres-still-time">Jan. 14, 2020, deadline for the end of Windows 7 support</a>, they are being driven by a range of factors.</p> <p><strong>One is simply that deadline itself</strong>, and the associated costs that come with missing it. <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/" target="_blank">Extended support will be available</a>, but comes at a per-device cost that will increase until that support expires at the end of January 2023.</p> <p>There are other factors as well, including <strong>gaining more streamlined IT operations</strong>. “The main driver for upgrades to Windows 10 is to get out of the business of always having to handle patches and upgrades,” says <a href="https://www.idc.com/getdoc.jsp?containerId=PRF004840" target="_blank">Shawn McCarthy</a>, director of research at IDC Government Insights. “Getting this directly from Microsoft via Windows 10 is key. Moving to Windows 10 also promotes compatibility with what other federal agencies, and external partners, service providers and citizens are doing.”</p> <p>However, McCarthy notes,<strong> increased security is important to federal agencies as well</strong>, with simplified patch management falling under that rubric.</p> <p>“This wasn’t about a tech refresh,” Brian Burns, the U.S. Coast Guard’s deputy CIO and deputy assistant commandant for Command, Control, Communications, Computers and Information Technology. The DOD, which in early 2016 <a href="https://dodcio.defense.gov/Portals/0/Documents/Cyber/DSD%20Memo%20-%20Implementation%20of%20Microsoft%20Windows%2010%20Secure%20Host%20Baseline.pdf" target="_blank">mandated all components migrate to Windows 10</a>, oversees the Coast Guard’s IT, Burns <a href="https://fedtechmagazine.com/article/2018/07/army-coast-guard-sba-complete-journey-windows-10">told<em> FedTech</em></a> regarding the Coast Guard’s Windows 10 migration. <strong>“This was, and still is, about cybersecurity.”</strong></p> <p>There are numerous cybersecurity features built directly into the operating system that federal agencies are taking advantage of, including <strong>more secure web browsing, Windows Defender Advanced Threat Protection and Windows Defender Security Center</strong>.</p> <p><a href="https://fedtechmagazine.com/windows-7-end-life" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out everything you need to know about Windows 7 End of Life. </em></a></p> <h2 id="toc_0">Windows 10’s Approach to Computing</h2> <p>At the Small Business Administration, the agency’s deployment of Windows 7 was “very inconsistent,” according to SBA CISO Beau Houser. “Different IT groups were doing different things with different tools,” he says. “Windows 10 was our chance to leapfrog from that inconsistent model to a<strong> model that was very consistent and much more secure</strong>.” </p> <p>The SBA has finished the deployment of Windows 10 at its headquarters in Washington, D.C., according to CTO Sanjay Gupta, and is in the early stages of rolling it out to about 100 field offices around the country, with the goal of completing it sometime before October, he says. Assuming steady state conditions and not counting the SBA’s disaster support team, which flexes in size in response to natural disasters, the agency will have about <strong>5,000 new Windows 10 users</strong>. </p> <p>While noting that he is not endorsing Windows 10 specifically, Houser says the SBA has seen “a lot of benefits from the security features that are now built into Windows 10.” Microsoft’s decision to <strong>build security features into the kernel of the operating system </strong>is “extremely advantageous from an architecture standpoint.”</p> <p>The SBA is also seeing greater integration between the endpoint protection capabilities of Windows 10 and <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/office365.html" target="_blank">Office 365</a> protections, as well as cloud-native capabilities, Houser says. “If you receive an email in Office 365, the alerting is configured and integrated such that the endpoint that receives that email and the user that receives that email are all identified in one central location, so that y<strong>our incident response is very streamlined from that standpoin</strong>t,” he says.</p> <p>Normal computing activity, such as web browsing, can often lead to malware infections, Houser says. Windows 10 offers more secure web browsing, especially via its Edge browser, and Houser says the <strong>SBA has seen a decrease in the number of those routine cybersecurity incidents since migrating to Windows 10</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://biztechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <h2 id="toc_1">Windows 10’s Approach to Advanced Threat Protection</h2> <p>“On top of a secure operating system, customers also need the added defense of endpoint protection and detection, which is why we built <strong>Microsoft Defender Advanced Threat Protection</strong> into Windows 10,” says Rob Lefferts, corporate vice president of security at Microsoft.</p> <p>Microsoft Defender ATP is a unified platform for<strong> preventative protection, post-breach detection, automated investigation and response</strong>, he notes. The platform helps agencies “reduce their overall risk by eliminating threats before they get to users and helping already strained IT departments prioritize and remediate threats.” Defender ATP is also powered by the cloud, so it is constantly updated and exchanging signals with the <a href="https://www.microsoft.com/en-us/security/operations/intelligence" target="_blank">Microsoft Intelligent Security Graph</a>, and it “shares detection and exploration insights across devices, identities and information to speed up response and recovery,” Lefferts says.</p> <p>The Defender Advanced Threat Protection platform is designed to reduce the attack surface, defend against emerging threats, <strong>provide endpoint protection and response, automate investigation and remediation, and improve agencies’ security posture</strong> with <a href="https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Office-365-Secure-Score-is-now-Microsoft-Secure-Score/ba-p/182358" target="_blank">Microsoft Secure Score</a>. The platform also uses advanced threat hunting with <a href="https://www.microsoft.com/security/blog/2019/02/28/announcing-microsoft-threat-experts/" target="_blank">Microsoft Threat Experts</a>, “an automated threat hunting service that provides proactive hunting prioritization and additional context and insights for security operations teams to identify and respond to threats quickly and accurately,” Lefferts says. </p> <p><img alt="Windows 10 timeline" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Windows%2010_timeline_1.jpg" /></p> <p>House notes that not only is Defender ATP providing traditional anti-virus and anti-malware, but it also leverages Microsoft’s robust intelligence, so that if Microsoft detects malware or a credential-harvesting campaign on the internet, it can expose that information in the SBA’s Windows Defender Security Center dashboard.</p> <p>“They also evaluate your hosts to tell you exactly which hosts have not been protected for that specific targeted campaign, so we can get that information to our patch team and really prioritize that based on that active threat,” he says. “You’re seeing it all come together and <strong>infusing that intel into the process, which is critical nowadays</strong>.”</p> <p><a href="https://fedtechmagazine.com/article/2019/01/new-cybersecurity-reskilling-academy-train-feds-security-roles" tabindex="-1" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how the government plans to reskill workers for cybersecurity roles. </em></a></p> <h2 id="toc_2">What Is Windows Defender Security Center?</h2> <p>The Windows Defender Security Center application is a client interface on Windows 10 version 1703 and later, Lefferts notes.</p> <p>“The Windows Defender Security Center app shows a device’s security and health at a glance, so users can take action as needed,” he says. “The app’s key features include <strong>a view of virus and threat protection, account protection, firewall and network protection, app and browser control, device security, device performance and health</strong>, and options for how families use their devices.” (For more on Windows Defender Security Center, <a href="https://statetechmagazine.com/article/2019/04/how-windows-10-migration-boosts-agencies-cybersecurity" target="_blank">check out this <em>StateTech</em> article</a>.)</p> <p>In Windows 10 version 1803, the Windows Defender Security Center app has two new areas, according to Lefferts. Those are account protection, which has information and access to sign-in and account protection settings, and device security, which provides access to built-in device security settings. </p> <p><a href="https://fedtechmagazine.com/article/2018/11/what-do-when-cybersecurity-hiring-well-runs-dry" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Discover how to find cybersecurity workers in unexpected places. </em></a></p> <h2 id="toc_3">What Is Windows 10 S Mode?</h2> <p>There are additional security features in Windows 10, including the S mode configuration. S mode adds additional security and performance to the device, Lefferts says.</p> <p>“From a security perspective, many of the attack surface areas that are infrequently used by typical users but often used by attackers have been disabled,” he says. “In addition, <strong>only applications that come from the Microsoft Store and have been vetted for safety can be run on the device</strong>. This prevents malware encountered on the web, attached to emails or coming from other vectors from being able to infect the device.”</p> <p>In terms of performance, Lefferts says S mode offers “improved boot times and faster performance online while using Microsoft Edge.” </p> <h2 id="toc_4">Identity and Access Management in Windows 10</h2> <p>On top of all of that, there are some new Windows 10 security features out of the box. One is <a href="https://www.microsoft.com/en-us/windows/windows-hello" target="_blank">Windows Hello</a>, which uses biometric-based technology to authenticate users with facial recognition; <strong>Windows Hello</strong> can even be set to log users out if the camera doesn’t see them for a set period of time. </p> <p><strong>Another is Dynamic Lock.</strong> “Many users walk away from their devices without locking them, leaving them accessible to unauthorized users,” Lefferts says. “The Dynamic Lock in Windows 10 is an added security feature that will automatically lock your computer via Bluetooth when your phone goes out of range.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 19 Apr 2019 15:52:27 +0000 phil.goldstein_6191 42426 at https://fedtechmagazine.com Post-Shutdown, CISA Carves Out a Space in Cybersecurity https://fedtechmagazine.com/article/2019/04/post-shutdown-cisa-carves-out-space-cybersecurity <span>Post-Shutdown, CISA Carves Out a Space in Cybersecurity</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 04/18/2019 - 11:57</span> <div><p>Operating under the Department of Homeland Security umbrella, the <a href="https://www.dhs.gov/CISA" target="_blank">Cybersecurity and Infrastructure Security Agency</a> came into being in November 2018 as an effort to<strong> improve cybersecurity across all levels of government</strong>. But one month later, the government shut down for 35 days. CISA had to furlough <a href="https://thehill.com/policy/national-security/424649-worries-mount-as-cybersecurity-agency-struggles-amid-shutdown" target="_blank">more than 40 percent of its staff</a> during the shutdown <strong>while still maintaining critical operations</strong>, which it did.</p> <p><strong>“It has definitely delayed it a lot,” </strong>says <a href="https://www.linkedin.com/in/nathanwenzler/" target="_blank">Nathan Wenzler</a>, senior director of cybersecurity at consulting firm Moss Adams. “They are looking for qualified people to help with this endeavor. Staffing has to be one of their top concerns, and suddenly the agency is in the dark. It becomes ‘out of sight, out of mind’ among security practitioners.”</p> <p>While the shutdown may have inhibited the push to stand up CISA as an independent entity, <strong>the agency considers itself to be on target today.</strong></p> <p>“When the shutdown ended, our professional workforce moved quickly to get us back into a fully operational posture,” says CISA Press Secretary Scott McConnell. “Currently, CISA is focused on energizing critical partnerships and priorities. Our four cyber-related priorities are election security, federal networks, industrial control systems and supply chain risk management that includes <strong>the China threat and coming 5G technology</strong>.”</p> <p>The agency is looking to “reach across traditional boundaries to unify our collective defense and foster a cyber ecosystem, giving the advantage back to the network defenders,” he says.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/creative-cyberworkers-retain-their-place-workforce" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why creative federal cybersecurity workers will have more job security. </em></a></p> <h2 id="toc_0">CISA Faces Operational Hurdles on All Levels </h2> <p>In addition to staffing concerns, CISA faces organizational challenges as it seeks to address cyber issues for both federal agencies and state authorities. On the federal side, <strong>CISA needs to create some<em> </em>bona fides as a central repository of cyber know-how and establish itself as a fully functioning federal agency</strong>. </p> <p>It’s made headway in that regard. Even in the midst of the shutdown, CISA was able to issue <a href="https://cyber.dhs.gov/blog/" target="_blank">a warning regarding Domain Name System infrastructure tampering</a> across multiple executive branch agency domains.</p> <p>So, when it comes to achieving full operational strength, CISA Director Christopher Krebs holds some strong cards.</p> <p>“On the plus side, they have been put under Homeland Security, and DHS already has a structure that they can fall back on,” Wenzler says. “They are all security folks there, and they understand the hierarchy that you need in a new division. <strong>They have a blueprint to work from</strong>.”</p> <p>In implementing that blueprint, though, CISA will likely have to face bureaucratic hurdles. Security information is often siloed within agencies, and<strong> it will take a mighty push to break down those silos and centralize that data</strong>.</p> <p>“They still need to overcome that lack of trust,” says <a href="https://www.linkedin.com/in/rebeccaherold/" target="_blank">Rebecca Herold</a>, CEO of the consulting firm The Privacy Professor. “Government needs effective information-sharing in order to make this work, and for that, the agencies need to know that they can share their data securely with CISA. They need to know CISA’s own systems are secure and that they can use this data in a way that supports and validates the agency’s own cybersecurity needs.”</p> <p>In the plus column, some cite the apparently strong executive branch backing of the upstart agency. “This organization was created less than six months ago by the president of the United States. He would not have done that if he did not consider it a priority,” says <a href="https://www.linkedin.com/in/josephsteinberg/" target="_blank">Joseph Steinberg</a>, author of the forthcoming <em>Cybersecurity for Dummies</em>.</p> <p>If that evaluation holds, the big winners here could be the technology captains of the various federal agencies, <strong>who may one day be able to lean on CISA as a powerful ally in the cyber fight</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title=""><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_1">CISA Looks Ahead to Protecting the 2020 Election</h2> <p>On the state side, the agency needs to carve out a federal role in the 2020 election. Fresh out of the gate, CISA launched <a href="https://www.dhs.gov/cisa/protect2020" target="_blank">#Protect2020</a>, an effort to secure the nation’s election infrastructure. Just a month after the shutdown, <a href="https://www.dhs.gov/news/2019/02/13/written-testimony-cisa-director-christopher-krebs-house-committee-homeland-security" target="_blank">in testimony before the House Committee on Homeland Security</a>, Krebs stated that the agency was still up to the task.</p> <p>Now that work is underway. “We are <strong>working with all 50 states and more than 1,400 county and local governments</strong> providing support, such as conducting regular vulnerability assessments of election infrastructure,” McConnell says.</p> <p>That promises to be no small task, however.</p> <p>“CISA needs to demonstrate that this is something they are going to be proactive on,” says Herold, who adds that the first steps need to come in the near term. “They need to do outreach: <strong>‘Here is a detailed plan for what the states need to start doing now.’ </strong>Give them some meaningful steps to take.”</p> <p>The fledgling agency will have to tread a fine line, however. “The U.S. has a complicating factor, which is that the federal government does not run elections. States run elections,” says Steinberg. A federal effort to secure disparate state voting systems “would be a good thing, but it is a challenge.”</p> <p>CISA can’t mandate improvements, “but they can set up guidance and they can advise,” he said. “That would at least help to reduce the risk.”</p> <p><a href="https://fedtechmagazine.com/article/2018/11/what-do-when-cybersecurity-hiring-well-runs-dry" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out where to turn when the cybersecurity hiring well runs dry. </em></a></p> <h2 id="toc_2">Raise the Bar for Federal Cybersecurity</h2> <p>In addition to securing elections and cyber-hardening critical infrastructure, another CISA goal is to raise the cyber bar across the federal government.</p> <p>“The hope is that CISA becomes a more public-message-friendly version of NIST,” Wenzler says. <a href="https://www.nist.gov/" target="_blank">The National Institute of Standards and Technology</a>’s technically complex cyber guidelines can be difficult for non-IT specialists to understand.</p> <p>“If you’re a decision-maker in a federal agency, it could be really helpful to have a go-to agency that can help you <strong>understand the requirements and best practices in a way that is actionable and makes sense in the federal space</strong>.”</p> <p>Centralized support could be especially helpful at a time when many agencies are struggling to fill IT positions. “If government is understaffed, maybe CISA can come in and make it somewhat better,” Steinberg says. But, he adds, agencies probably should not expect CISA to do the heavy lifting for them.</p> <p>“CISA isn’t putting boots on the ground 24/7 as the IT security department for every federal agency,” he says. <strong>“It’s up to the agencies to do the actual work.”</strong></p> <p>How much help will CISA be able to offer? In the near term, that will likely depend on how well the agency can recover from the obstacles placed by the government shutdown.</p> <p>“Within CISA, we know it slowed the pace of organizational planning activities, personnel actions and background investigations. It also brought procurement activity to a halt,” says Grant Thornton Public Sector Senior Manager <a href="https://www.linkedin.com/in/hanestim/" target="_blank">Tim Hanes</a>. “It’s hard to quantify those impacts, but they were real and are still being felt. You’re talking about a lost month at a very critical time.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11361"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/AdamStone2_0.jpg?itok=cCl1Z1mX" width="58" height="58" alt="Adam Stone" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11361"> <div>Adam Stone</div> </a> </div> <div class="author-bio"> <p> <div><p>Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.</p> </div> </p> </div> </div> </div> </div> Thu, 18 Apr 2019 15:57:51 +0000 phil.goldstein_6191 42421 at https://fedtechmagazine.com Reskilling Federal Workers for IT Is One Way to Create a New Employment Pipeline https://fedtechmagazine.com/article/2019/04/reskilling-federal-workers-it-one-way-create-new-employment-pipeline <span>Reskilling Federal Workers for IT Is One Way to Create a New Employment Pipeline</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 04/17/2019 - 13:35</span> <div><p>The federal IT workforce is at a crossroads. On average, for every tech worker under 30, there are <strong>nearly five at or near retirement age</strong>, according to <a href="https://www.nextgov.com/cio-briefing/2018/05/governments-tech-talent-gap-still-getting-worse/148021/" target="_blank">the most recent data from the Office of Personnel Management</a>. </p> <p>Civilian agencies are more unbalanced than the military, with<strong> 7.4 older workers for every one under 30.</strong> And the Veterans Affairs Department has the widest ratio, with <strong>19 workers over 60 for every 1 under 30</strong>.</p> <p>The situation has reached the point where Kevin Cooke Jr., principal deputy CIO for the Department of Housing and Urban Development, can joke — as he did <a href="https://fedtechmagazine.com/article/2018/10/imagine-nation-elc-2018-how-agencies-are-spending-tmf-money">at the Imagine Nation ELC 2018 conference</a> — about retiring and forming a government contracting company to troubleshoot <a href="https://fedtechmagazine.com/article/2017/09/how-cobol-became-early-backbone-federal-computing">COBOL</a>, and get several audience members, also current government employees, to offer their services.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_0">How Feds Can Find the Best People</h2> <p>It’s not that the federal government doesn’t want to hire younger workers; far from it. It’s that government isn’t always seen as an attractive place to work. The private sector can offer <strong>fancier perks and higher salaries</strong>, for one thing, and in the wake of <a href="https://fedtechmagazine.com/article/2019/02/agencies-face-long-term-impacts-historic-shutdown">the 35-day partial government shutdown</a>, the federal sector may not seem an entirely stable place to be.</p> <p>Defense Department CIO Dana Deasy, who came to government after nearly four decades in the private sector, also thinks that federal recruiters are not always where they need to be when people are making career decisions. He likes to tell his own story, in which <strong>government employment was never ­presented as an option when it came time for him to make a change</strong>.</p> <p>Any enterprise that is attempting to modernize — as the federal government is <a href="https://fedtechmagazine.com/article/2018/10/where-federal-it-modernization-headed-2019">famously trying to do</a> — needs to find the best people wherever it can. The government especially <strong>must find new workers as its older ones continue to retire at a rate faster than they can be replaced</strong>.</p> <p>“Digital transformation is as much about people as it is technology,” write Mike Verbeck and Victor Marchetto in “<a href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank">The Digital Transformation Insight Report</a>” by CDW. “When organizations exclude people from the process, they run a much higher risk of failure.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11621"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/9233_hrvcc.jpg?itok=fPK48nls" width="58" height="58" alt="Ben Bourbon" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11621"> <div>Ben Bourbon </div> </a> </div> <div class="author-bio"> <p> <div><p>Ben Bourbon is vice president of federal sales for CDW•G.</p> </div> </p> </div> </div> </div> </div> Wed, 17 Apr 2019 17:35:59 +0000 phil.goldstein_6191 42416 at https://fedtechmagazine.com The Navy Envisions a New Kind of Network https://fedtechmagazine.com/article/2019/04/navy-envisions-new-kind-network <span>The Navy Envisions a New Kind of Network</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 04/16/2019 - 11:33</span> <div><p>Looking to overhaul its network, the Navy is exploring <strong>Network as a Service</strong> as a way to migrate its network communication, information and services to the cloud for <strong>faster, more flexible and more secure operations</strong>.</p> <p>The Navy allocated <strong>$96 million</strong> last fall <a href="https://www.executivegov.com/2019/03/navy-eyes-commercial-cloud-providers-for-long-haul-telecom-services-will-stephens-quoted/" target="_blank">to test whether</a> NaaS is an efficient and cost-effective way to move the entirety of its network to the cloud and conduct all functions via a secure virtual network, a plan it’s calling <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/02/navy-plans-3-otas-to-modernize-its-networks/" target="_blank">Modern Service Delivery</a>.</p> <p>While there are many forms of NaaS, its fundamental purpose is to enable agencies to <strong>purchase cloud-based networking services on demand</strong>, leading to flexibility in provisioning and fewer resources spent on hands-on network management. </p> <p>“We must be willing to let go of old processes that keep us from moving ahead," said Navy Cyber Security Division Director Rear Adm. Danelle Barrett, <a href="https://www.doncio.navy.mil/CHIPS/ArticleDetails.aspx?ID=10808" target="_blank">in a press release</a> announcing the plan. "This … will be an important tool to accelerate Navy cloud adoption, allowing us to tap into the capabilities, processes, and skills being used in commercial industry today.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">New Networks Should Give Navy Users Better Access</h2> <p>Navy personnel have been using the same network architecture — managed by the Defense Information Systems Agency — since the early 2000s and are looking for more flexibility. Currently, users who are using mobile devices or who are away from their bases <strong>must log into an on-premises network to be routed to the data and applications they need</strong>. With NaaS, the Navy believes that users will have easier access to the services and information they need, no matter their location. </p> <p>“We want to drive parity for access to services and systems and data, whether we are at work, at home or on the go,” said Andrew Tash, technical director for the Navy’s Program Executive Office for Enterprise Information Systems, speaking at the West Coast meeting of the Navy CIO’s annual conference, <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/02/navy-plans-3-otas-to-modernize-its-networks/" target="_blank">as reported by Federal News Network</a>.</p> <p>The department has established a <strong>Commercial Cloud Services Project office</strong>, putting it in line with the Defense Department’s <a href="https://fedtechmagazine.com/article/2019/02/dod-cloud-strategy-emphasizes-jedi">new cloud strategy</a>, which encourages a multicloud ecosystem. The office is designed to help the Navy access commercial cloud solutions faster.</p> <p>The Navy has already begun migrating some of its major services to the cloud, including its <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/02/navy-plans-3-otas-to-modernize-its-networks/" target="_blank">enterprise resource system</a> and <a href="https://www.navy.mil/submit/display.asp?story_id=103576" target="_blank">personnel database</a>, reports Federal News Network.</p> <p>“If all of our business systems are moving to commercial cloud, then <strong>shouldn’t we have the most efficient connectivity to the commercial cloud</strong>?” Tash said at the conference. “We look at the business systems as being the primary opportunity right now to leverage things like Network as a Service.”</p> <p><a href="https://fedtechmagazine.com/article/2019/03/marine-corps-partners-san-diego-promote-smart-city-vision" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how the Marine Corps will partner with San Diego to promote a smart city vision.</em></a></p> <h2 id="toc_1">Cloud Migration Will Merge with JEDI at a Later Date</h2> <p>As the Navy moves to migrate its own services to the cloud, the Defense Department is working on a project that will affect whatever its individual services do. </p> <p>Although its cloud strategy document reports that the DOD will be using multiple clouds, the primary cloud environment will be the Joint Enterprise Defense Infrastructure architecture, a commercial project assigned to a single cloud provider that <strong>could be worth $10 billion over 10 years</strong>.</p> <p>The project award has been delayed by investigations into possible conflicts of interest as well as lawsuits, but the DOD recently narrowed the candidates down to Amazon Web Services and <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a>, <a href="https://www.bloomberg.com/news/articles/2019-04-10/jedi-cloud-contest-isn-t-tainted-pentagon-s-review-concludes?srnd=technology-vp" target="_blank">reports Bloomberg</a>.</p> <p>The DOD wants its agencies to move general-purpose functions and applications to JEDI once it’s ready, and to use other cloud environments only with special permission. </p> <p>“JEDI doesn’t exist yet,” said Jared Serbu, deputy editor of Federal News Network, on the network’s <a href="https://www.podcastone.com/episode/Navy-plans-3-OTAs-to-modernize-its-networks-move" target="_blank">Federal Drive podcast</a>. “Once [JEDI] is up and running, whenever that is, they will then transition those applications.”</p> <p>That two-step migration may be more complex, but once the Navy’s systems are already in the cloud, Serbu said, <strong>“it’s obviously easier to migrate from a cloud service to a cloud service.”</strong></p> <p>Ruth Youngs Lew, the Navy’s program executive officer for enterprise information systems, says that the current cloud contracts are intermediate steps. “Our plan is to fully transition to JEDI at some point in the future, when they get it awarded,” <a href="https://www.podcastone.com/episode/Navy-plans-3-OTAs-to-modernize-its-networks-move" target="_blank">she tells Federal News Network</a>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/dod-aims-network-consolidation-its-fourth-estate" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Discover why the DOD wants to consolidate the networks of its “fourth estate.”</em></a></p> <h2 id="toc_2">Cloud Prototype Building and Testing Is Underway</h2> <p>The Navy’s PEO EIS team is developing network prototypes this spring. A consortium of industry leaders, startups and academics called the <a href="https://www.ati.org/portfolio/information-warfare-research-project/" target="_blank">Information Warfare Research Projec</a>t is collaborating with the Navy to <strong>modernize its information technology and manage the bidding process</strong>. The commercial cloud services providers and telecommunications firms selected by the IWRP will develop a cloud-based network to determine whether CSPs can provide faster and more reliable service than DISA.</p> <p>Will Stephens, business and technology strategist for PEO EIS, <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/03/for-flexibility-navy-may-bypass-disa-on-some-long-haul-network-needs/" target="_blank">tells Federal News Network</a> that thorough testing is needed to best optimize the network. </p> <p>“We have a lot of decisions to make in the Department of Navy with respect to network architecture, and many of those decisions are based on assumptions, not on quantitative information about performance,” <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/03/for-flexibility-navy-may-bypass-disa-on-some-long-haul-network-needs/" target="_blank">Stephens said</a>.</p> <p><strong>NaaS and the current DISA architecture will compete head-to-head,</strong> he said.</p> <p>“We’ll have two network paths from that point of presence: one across our current network path, and one across the new network path that we’re setting up as part of this Network as a Service architecture,” said Stephens. </p> <p>Both solutions will be evaluated according to <a href="https://federalnewsnetwork.com/wp-content/uploads/2019/03/030519_navy_naas_thories.pdf" target="_blank">key metrics</a>, such as <strong>network performance, WAN provisioning speed, connection speed, security, scalability and cost</strong>. </p> <p>Officials plan to award the contract by the end of April and <a href="https://federalnewsnetwork.com/dod-reporters-notebook-jared-serbu/2019/03/for-flexibility-navy-may-bypass-disa-on-some-long-haul-network-needs/" target="_blank">have a working prototype by July 26</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/erika-gimbel"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/erika-gimbel.jpg?itok=COBsR_2x" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/erika-gimbel"> <div>Erika Gimbel</div> </a> </div> <div class="author-bio"> <p> <div><p>Erika Gimbel is a Chicago-based freelance writer who specializes in B2B technology innovation and educational technology.</p> </div> </p> </div> </div> </div> </div> Tue, 16 Apr 2019 15:33:09 +0000 phil.goldstein_6191 42411 at https://fedtechmagazine.com Demand for Supply Chain Safety Leads to Research into New Best Practices https://fedtechmagazine.com/article/2019/04/demand-supply-chain-safety-leads-research-new-best-practices <span>Demand for Supply Chain Safety Leads to Research into New Best Practices</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Mon, 04/15/2019 - 15:43</span> <div><p>In the private sector, supply chain security is seen as a looming threat: 25 percent of those who responded to a Supply Chain Insights poll last year identified it as a major threat driver over the next five years.</p> <p>But <strong>for the federal government, the threat is immediate</strong>. It’s already experienced dubious gray market IT product entering its infrastructure, and banned the use of Huawei, ZTE and Kaspersky Lab technology by federal employees or contractors because the companies are considered security threats.</p> <p>The <a href="https://fcw.com/articles/2018/12/19/senate-supply-chain-bill-johnson.aspx" target="_blank">Federal Acquisition Supply Chain Security Act </a>(FASCSA), which became law earlier this year, requires agencies to develop supply chain risk management programs. Every federal agency now has legal obligations to ensure its IT supply chain risks are assessed, mitigated and managed. </p> <p>At about the same time as the law went into effect, the Department of Homeland Security <a href="https://www.dhs.gov/taxonomy/term/3486/all" target="_blank" title="DHS supply chain information">set up a new task force</a> to figure out what best practices could assist agencies in better supply chain supervision.</p> <p><a href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html?cm_mmc=Vanity-_-SecurityReport-_-NA-_-022017" title="CDW Cybersecurity Insight Report"><em><strong>DOWNLOAD: </strong>Read the updated Cybersecurity Insight Report by CDW for more on today’s threats.</em></a></p> <h2 id="toc_0">April Is National Supply Chain Integrity Month</h2> <p>More critically, the Navy recently reported that it is <a href="https://www.wsj.com/articles/navy-industry-partners-are-under-cyber-siege-review-asserts-11552415553" target="_blank" title="WSJ article">“under cyber siege”</a> from Chinese and other hackers, and that its current system of relying on its contractors and vendors to self-report supply chain security issues is an “after-the-fact system [that] has demonstrably failed.”</p> <p>In this newly urgent environment, DHS nand other agencies created a public-private task force that’s <strong>writing a playbook on how to handle supply chain malfeasance.</strong></p> <p>“Private industry is making supply chain threat mitigation a big part of their corporate strategy,” says William Evanina, director of the National Counterintelligence and Security Center. “For the first time ever, government is also seeing a threat change.”</p> <p>The NCSC declared April <a href="https://www.dni.gov/index.php/ncsc-newsroom/item/1971-ncsc-launches-national-supply-chain-integrity-month-in-april" target="_blank" title="National Supply Chain Integrity Month">National Supply Chain Integrity Month</a>, hoping to raise more awareness among its federal partners about the risks to the cyber supply chain. Those include the traditional types of worries, such as someone tampering with a motherboard on the assembly line or inserting spyware into software during the production process.</p> <h2 id="toc_1">Best Practices Can Protect an Agency from Most Attacks</h2> <p>The first-ever unclassified version of the center’s annual <a href="https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf" target="_blank">Foreign Economic Espionage in Cyberspace report</a>, released in May 2018, called 2017 “a watershed year” for supply chain disruption, including a malware operation called Kingslayer that compromised a defense contractor.</p> <p>But <strong>supply-chain vulnerability can be organic as well</strong>. The very nature of a network enables people to access and work on the system from anywhere; that is its built-in functionality — and its inherent risk. Agencies must know where the weak points in a system are in order to protect it, no matter how the threat is introduced.</p> <p>Some of this information is already available. The National Institute of Standards and Technology has been researching industry best practices since identifying supply chain risk management as a potential area of focus in 2014, and has posted many of those documents <a href="https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management/Best-Practices" target="_blank">on its website</a>. </p> <h2 id="toc_2">Learn the Basics of Supply Chain Protection</h2> <p>The issue is a multilayered one, and complex new tasks are difficult to integrate into an already demanding work environment. While employees at agencies understand the need for security in the supply chain, it’s not clear that they have all the information they need to conduct solid evaluations of that security in a government space. </p> <p>To assist in giving employees that knowledge, the NCSC set up a site where agencies can find <a href="https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats" target="_blank">basic information on supply chain risk management</a>, along with some early best practices. Separately, the task force plans to encourage agencies to <strong>develop and publish similar best practices designed for government</strong>.</p> <p>The new law, which mandates monitoring of the supply chain, along with attempts to educate employees about the risk, will be valuable resources for agencies that don’t want to get caught by an unexpected, and often subtle, means of attack.</p> <p><em>This article is part of </em>FedTech's <em><a href="https://fedtechmagazine.com/capital" tabindex="-1">CapITal blog series</a>. Please join the discussion on Twitter by using the <a href="http://twitter.com/hashtag/FedIT" tabindex="-1" target="_blank">#FedIT</a> hashtag.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://fedtechmagazine.com/capital" tabindex="-1" target="_blank"><img alt="CapITal blog logo" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/CapITal_Logo.jpg" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/nigel-rourke"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/nigel%20rourke.jpg?itok=SGmx6Et6" width="58" height="58" alt="Nigel Rourke head shot" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/nigel-rourke"> <div>Nigel Rourke</div> </a> </div> <div class="author-bio"> <p> <div><p>Nigel Rourke is a senior manager in federal civilian field sales for CDW.</p> </div> </p> </div> </div> </div> </div> Mon, 15 Apr 2019 19:43:07 +0000 Elizabeth_Neus_pdwC 42406 at https://fedtechmagazine.com Agencies Get a New Resource for Technology Business Management https://fedtechmagazine.com/article/2019/04/agencies-get-new-resource-technology-business-management <span>Agencies Get a New Resource for Technology Business Management</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Mon, 04/15/2019 - 13:21</span> <div><p>The federal government spent $88 billion on IT <a href="https://itdashboard.gov/drupal/summary/000" target="_blank" title="Federal IT Dashboard">in fiscal year 2019</a>, and although the <a href="https://fedtechmagazine.com/article/2018/10/fitara-2018-tech-and-policies-agencies-need-comply-perfcon" title="FITARA">Federal Information Technology Acquisition Reform Act</a> gives agency CIOs more authority over technology budgets, managing all of that spending can still be a daunting task. </p> <p>Enter <strong>Technology Business Management</strong>, a standard taxonomy to track and manage IT spending. In February, the General Services Administration released <a href="https://tech.gsa.gov/assets/downloads/GSA_Education_TBM_Playbook_v6.pdf" target="_blank" title="TBM Playbook">a playbook to help agencies implement the TBM framework</a>. </p> <p>As the GSA notes, TBM is a “methodology designed to communicate the value of information technology to agency stakeholders” that “focuses on cost transparency, delivering value, identifying the total cost of IT, and shaping demand for IT services.”</p> <p>TBM’s taxonomy has three different perspectives, including <strong>a basic finance view</strong> that has different buckets of IT costs, such as hardware, software and labor. A middle layer is <strong>the IT view</strong>, which looks at IT through the lens of technology categories such as servers, storage and applications. And then there is <strong>the business view</strong>, which “provides a standard set of application and service categories along with higher-layer business units and business capabilities,” the GSA notes.</p> <p>The President’s Management Agenda calls on the government to <strong>adopt TBM governmentwide by fiscal year 2022</strong>. “This approach will improve IT spending data accountability and transparency, empowering agency executive suite leadership from across the enterprise to drive mission value and improve customer experience through technology,” <a href="https://www.whitehouse.gov/wp-content/uploads/2018/03/Presidents-Management-Agenda.pdf" target="_blank" title="President's Management Agenda">the PMA states</a>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/how-federal-it-leaders-can-adapt-accelerating-tech-change" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how federal IT leaders can adapt to accelerating technology.</em> </a></p> <h2 id="toc_0">How Agencies Can Successfully Implement TBM</h2> <p>The playbook has seven different plays, all of which are designed to make TBM an easier lift for agencies. At its heart, the playbook notes, TBM is a way to “manage IT like a business, support value conversations, maximize the benefit achieved through IT spending, and align with business needs and strategy.”</p> <p>TBM <strong>allows agency IT leaders to make the best use of their funds and streamline platforms, applications and vendors</strong>; align IT spending to mission priorities; talk about the IT budget in ways mission partners can understand; make IT offices service brokers; and support federal efforts to promote cost transparency and improve IT management.</p> <p>Todd Tucker, vice president and general manager of the <a href="https://www.tbmcouncil.org/" target="_blank" title="Technology Business Management Council">Technology Business Management Council</a>, said last week on <a href="https://govmatters.tv/utilizing-technology-business-management-in-government/" target="_blank" title="Government Matters">the TV program Government Matters</a> that TBM needs to be thought of as an overarching system. </p> <p>“TBM is really a framework of automation, data, rules and responsibilities for improving the value and addressing the risk of your technology spending and investments. It is a data-driven approach to managing IT,” he said. “It is not just money, it is time, money, assets, it is data. All of those form and lead to the outcomes that the agency has to drive, the mission. It’s about getting all of that right. That takes a system and processes and data.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_1">Playbook Provides a Simple TBM Guide</h2> <p>To that end, the playbook breaks down TBM into easily understandable components. The first play is to identify key players and stakeholders, including mission stakeholders, financial analysts and IT and acquisition professionals. “Together, <strong>this team drives change </strong>through collection, analysis, reporting, and informed review of IT data,” the playbook notes. </p> <p>Next, CIOs and their staff need to figure out their current state of IT governance, including “data collection and aggregation methods, financial systems, business processes, and models” the agency already has in place to support TBM. </p> <p>From there, CIOs should determine how the agency can “deliver the right IT services for the best possible price” as they work with stakeholders to figure out the priorities to focus on. </p> <p>Based on the agency’s current state and where they want to take it in the near term, CIOs should start working with their financial data, the playbook says. “<strong>Starting from the bottom up is recommended</strong> — aligning financial data to cost pools” like hardware, software and personnel, before moving on to other categories like servers, storage and services. </p> <p>The fifth play is for CIOs to conduct a data analysis and see where the data leads them. “Focus on examining the data to see how it provides insights into issues or benefits around the identified outcomes,” the playbook notes. </p> <p>At that point, IT leaders should “start integrating TBM principles, data, and value discussions into meetings and funding reviews.” </p> <p>Finally, the model needs to be continuously refined and matured. “Assess your maturity and identify opportunities to maximize your TBM implementation,” the playbook says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 15 Apr 2019 17:21:31 +0000 Elizabeth_Neus_pdwC 42401 at https://fedtechmagazine.com