FedTech Magazine - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en What Is a Zero-Trust Model in Cybersecurity, and What Does It Mean for Federal IT? https://fedtechmagazine.com/article/2019/08/what-zero-trust-model-cybersecurity-and-what-does-it-mean-federal-it-perfcon <span>What Is a Zero-Trust Model in Cybersecurity, and What Does It Mean for Federal IT?</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 08/23/2019 - 11:40</span> <div><p>Cybersecurity is a perennial concern inside federal agencies, but the conversation is starting to evolve.</p> <p>In the past, perimeter-based IT security defenses were a major area of investment — keeping malicious actors out of networks and away from sensitive data. Increasingly, the cybersecurity landscape is shifting to a focus on <a href="https://fedtechmagazine.com/article/2019/06/stay-top-evolving-state-identity-governance">identity and access management</a>, data security and <strong>a relatively new model known as zero-trust security</strong>.</p> <p>Although federal adoption of <strong>zero-trust cybersecurity</strong> is extremely limited and pilots are just beginning, agencies are looking to the model as an aspiration and something they want to consider as they move to strengthen their defenses.</p> <p>In April, the American Council for Technology–Industry Advisory Council (ACT-IAC), at the direction of the federal CIO Council, released <a target="_blank">a zero-trust white paper</a> that explores the current state of zero-trust technology and commercial adoption, as well as the benefits of the model, its suitability for use in government and how to deploy it. </p> <p>Zero trust is based on the idea that organizations “need to <strong>proactively control all interactions between people, data, and information systems to reduce security risks</strong> to acceptable levels.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="" data-entity-type="" data-entity-uuid="" height="220" src="/sites/fedtechmagazine.com/files/CTA_Slides/Cybersecurity_IR_stayprotected_700x220_0.jpg" width="700" /></a></p> <h2 id="toc_0">What Is a Zero-Trust Security Model?</h2> <p>Zero-trust security focuses not merely on perimeter security but also on how users gain access to networks and systems and how they are treated once they are inside an agency’s IT perimeter.</p> <p>As <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html" target="_blank">Cisco Systems</a> company Duo Security <a href="https://duo.com/use-cases/industry-solutions/zero-trust-security" target="_blank">notes on its website</a>, zero trust means that organizations “<strong>should not trust anything inside or outside of their network perimeters</strong> and should instead verify anything and everything that tries to connect to applications and systems before granting them access.”</p> <p>Essentially, no user or traffic is more trustworthy by default than any other user or bit of traffic coming from outside the organization. Agencies set the terms for how and when to trust a user or application and give it access.</p> <p>As Amanda Rogerson, a product marketing manager for Duo Security, notes in a blog post, the concept was developed in the early 2000s by a security group known as the Jericho Forum, first introduced by John Kindervag in 2009. That work served as the basis for <a href="https://www.cdwg.com/content/cdwg/en/brand/google-cloud.html" target="_blank">Google</a>’s BeyondCorp, which offered an “implementation of a zero-trust architecture that requires securely identifying the user and device, removing trust from the network, externalizing apps and workflow, and implementing inventory-based access controls.”</p> <p>As organizations shift more apps to the <a href="https://fedtechmagazine.com/article/2019/08/how-refactor-apps-and-move-them-cloud-based-world">cloud</a> and users become <a href="https://fedtechmagazine.com/article/2019/02/emm-solutions-keep-mobile-devices-secure-usda-dhs-and-sba">more mobile</a>, it is increasingly difficult for enterprises and agencies to have <strong>visibility and control over users and devices</strong>, Rogerson notes. </p> <p>A <a href="https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture" target="_blank">blog post</a> from <a href="https://www.cdwg.com/content/cdwg/en/brand/paloalto.html" target="_blank">Palo Alto Networks</a> states that organizations “must identify the traffic and data flow that maps to your business flows, and then have the visibility to the application, the user and the flows.”</p> <p>Another key element of zero-trust security is to “<strong>adopt a least-privileged access strategy and strictly enforce access control,” </strong>which “can significantly reduce the pathways for attackers and malware,” according to the blog post. </p> <p>Agencies also must inspect and log all traffic. “To effectively do this, identify the appropriate junctions for inspection and build in the inspection points,” Palo Alto states. </p> <p><a href="https://fedtechmagazine.com/article/2019/05/sba-interior-energy-find-different-effective-ways-deploy-cdm" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how the Small Business Association, the Department of the Interior and the Department of Energy deploy Continuous Diagnostics and Mitigation effectively.</em></a></p> <h2 id="toc_1">What Is Microsegmentation Networking?</h2> <p>One of the pillars of zero-trust security is network security. While zero-trust networks do have perimeters, the model attempts to shift the perimeter away from the network edge and toward the actual data. Then, that data is segmented and isolated from other data, according to the ACT-IAC white paper.</p> <p>“It is critical to (a) control privileged network access, (b) manage internal and external data flows, (c) prevent lateral movement in the network, and (d) have visibility to make dynamic policy and trust decision on network and data traffic,” the white paper states. “The ability to segment, isolate, and control the network continues to be a pivotal point of security and essential for a Zero Trust Network.”</p> <p>Microsegmentation <strong>allows agency security teams to put in place granular data security policies</strong>. These can be “assigned to data center applications, down to the workload level as well as devices,” according to the white paper.</p> <p>“This means that security policies can be synchronized with a virtual network, virtual machine, operating system or other virtual security targets,” the white paper adds.</p> <p>For zero trust to be successful, organizations must “segregate systems and devices according to the types of access they allow and the categories of information that they process,” Pavel Trinos, a security field solution architect at CDW, <a href="https://blog.cdw.com/security/build-a-zero-trust-architecture-with-these-5-steps" target="_blank">writes in a blog post</a>. “These network segments can then serve as the trust boundaries that allow other security controls to enforce the zero trust philosophy.”</p> <p><strong>Microsegmentation</strong> can help guard against lateral movement in the network. The technique “dissociates segmentation security policy by IP address, and instead associates defined-access policy by that authorized user and app,” the white paper adds.</p> <p><a href="https://fedtechmagazine.com/article/2018/11/what-do-when-cybersecurity-hiring-well-runs-dry" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out where to turn when the cybersecurity hiring well runs dry. </em></a></p> <h2 id="toc_2">How Do Software-Defined Perimeters Relate to Zero-Trust Security?</h2> <p>Another tool that zero-trust security enables is <strong>a software-defined perimeter</strong>. “With SDP, users, regardless of whether they are inside or outside the network, connect directly to resources, whether they reside in the cloud, in the data center, or on the internet; all without connecting to the corporate network,” the ACT-IAC white paper states.</p> <p>Each user’s network traffic becomes <strong>encased in a secure perimeter</strong>. This is especially useful as more agencies adopt mobile technologies and users connect to networks that are not owned and operated by the government.</p> <p>“Users (or an SDP host) cannot initiate or accept communication with another SDP host until after connecting to an SDP Controller that authorizes the transaction,” according to the white paper.</p> <p>The SDP Controller obviates the need for Domain Name Server information and port visibility to the outside world, which then effectively cloaks the network to outside users. </p> <p>Software-defined perimeters <strong>create a protective casing around critical apps and data access</strong>, which enhances an agency’s cybersecurity.</p> <p>“For example, existing attacks such as credential theft and server exploitation are blocked dynamically as these technologies only allow access from devices registered to authenticated users, which is a key Zero Trust element,” the white paper states.</p> <p><a href="https://fedtechmagazine.com/article/2019/07/forensic-it-tools-lead-agencies-better-answers-after-breaches" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Discover how forensic IT tools lead agencies to better answers after breaches.</em></a></p> <h2 id="toc_3">How Can Zero-Trust Models Enhance Federal Cybersecurity?</h2> <p>A positive for agencies looking to deploy zero-trust security is that it does not require a major acquisition of new technologies. Instead, zero trust can <strong>augment and build upon technologies that agencies likely have in place already</strong>, according to ACT-IAC.</p> <p>Those include “identity, credential and access management (ICAM); access standards based on trust algorithms; automated policy decisions; and continuous monitoring,” which are all critical elements of zero trust.</p> <p>Agencies can also <strong>roll out zero trust at their own pace and scale, as determined by their risk level</strong>. The most successful zero-trust solutions “should layer on top of existing infrastructures and be convenient and easy for user populations to adopt without an impact to their current workflows,” Rogerson notes.</p> <p>“A zero-trust approach for the workforce should provide an organization the tools to be able to evaluate and make <a href="https://duo.com/product/adaptive-authentication-and-policy-enforcement" target="_blank">access decisions based on specific risk-based context</a> for any application within an environment,” she adds. “This can even mean layering security controls on top of existing <a href="https://duo.com/product/secure-remote-access-and-single-sign-on-sso" target="_blank">remote access</a> solutions that are in place today.”</p> <p>Zero trust, the ACT-IAC white paper notes, offers a “consistent security strategy of users accessing data that resides anywhere, from anywhere, in any way”; assumes a “never trust and always verify” approach; demands continuous authorization, no matter where a request for access comes from; and boosts “visibility and analytics across the network.”</p> <p>The Defense Information Systems Agency, the Pentagon’s IT arm, is <strong>creating a lab to test zero-trust network architecture</strong> and will serve as the hub for a zero-trust pilot program between DISA and U.S. Cyber Command, Jason Martin, acting director of DISA’s cyber directorate, <a href="https://www.nextgov.com/cybersecurity/2019/08/disa-cyber-command-are-launching-zero-trust-pilot-program/159007/" target="_blank">reports Nextgov</a>.</p> <p>Speaking at the <em>FCW</em> Cybersecurity Summit earlier this month, Martin said that the lab will focus on identity and access management for military networks and will also work with the intelligence community. The tests will inform how DISA will move forward on zero trust and will allow the agency to rethink “how we do continuous security,” Martin said.</p> <p>Nextgov reports:</p> <blockquote><p>According to Martin, the program will focus on three key areas: creating a framework for continuously monitoring and checking access on different layers of the network, building out tools to manage identity and access, and pushing out those solutions across the Pentagon. Based on the findings, he said, the Pentagon will likely both adapt existing policies and tools to improve security, and acquire new tech to deploy across the enterprise.</p> </blockquote> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 23 Aug 2019 15:40:24 +0000 phil.goldstein_6191 42966 at https://fedtechmagazine.com DoDIIS 2019: Intelligence CIOs Deliver Lessons Learned During Cloud Migration https://fedtechmagazine.com/article/2019/08/dodiis-2019-intelligence-cios-deliver-lessons-learned-during-cloud-migration <span>DoDIIS 2019: Intelligence CIOs Deliver Lessons Learned During Cloud Migration</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Thu, 08/22/2019 - 16:51</span> <div><p>As the intelligence community comes to conduct more of its business and mission operations in the cloud, agency CIOs have taken away one lesson: Getting there <strong>wasn’t as easy as expected</strong>.</p> <p>Unexpected costs, data-sharing issues, distant missions and ingrained culture have all been hurdles to overcome, a group of IC CIOs said at the <a href="https://www.ncsi.com/event/dodiis/" target="_blank">2019 DoDIIS Worldwide Conference</a> in Tampa, Fla., this week.</p> <p>But <strong>there are no regrets</strong>. “We put our shoulders hard into areas like the cloud,” said John Sherman, CIO for the intelligence community. “Now we’re coming ashore on the data services piece. We’ve got the compute in place, the network issues we continue to work out. We’ve got to get this right.”</p> <p><a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank"><em>For more articles from DoDIIS 2019, check out our conference coverage </em></a><em><a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank">here.</a></em></p> <h2 id="toc_0">Cloud Migration Remains in Early Phase for Many Enterprises</h2> <p>In June, the Office of the Director of National Intelligence released <a href="https://www.dni.gov/files/documents/CIO/Cloud_Computing_Strategy.pdf" target="_blank">a strategic plan on advancing cloud computing in the IC</a> that calls for supporting artificial intelligence and machine learning, applications and data that are portable, and workflows that move across multiple layers of security.</p> <p>The initial strategy, said Defense Intelligence Agency CIO Jack Gumtow, had been that everything must go to the cloud. But that was not always technically feasible, so DIA now looks at two other criteria: <strong>Does it provide a mission impact? What is the business cost analysis?</strong></p> <p>As far as mission impact, cloud is still limited by geography; there are regions that providers cannot reach because they’re too far from home base, he said. And sending everything to the cloud at once often creates a fixed bill, he added: “It’s not as simple as, ‘Let’s go in the cloud.’” </p> <p>CIA CIO Juliane Gallina noted that <strong>even in the private sector, cloud — despite the buzz — is still in the early phases.</strong> “Less than 20 percent of commercial industries have converted to cloud for some workloads,” she said, “and of those, only 35 percent of their enterprises are in the cloud.”</p> <p>Government agencies, she said, are “really still in the early days, so we may still have some learning to do about how to be cost-effective in cloud.”</p> <h2 id="toc_1">Cloud Costs, Higher than Expected, Are Coming Under Control</h2> <p>For example, the cost of refactoring applications, code and other forms of compute for the cloud was higher than expected at first, she said. And as it turned out, making a resource faster and more efficient can, counterintuitively, make it more expensive.</p> <p>“If you make it really efficient to use a resource, people use it more,” Gallina said. <strong>“Cloud is costing us more, but hopefully there are mission benefits.”</strong></p> <p>Mark Andress, CIO for the National Geospatial-Intelligence Agency, said his agency has been monitoring cloud use to get a better handle on cost and usage. “<strong>Cloud is a utility</strong>,” he said. “But water and electricity are utilities, and if your daughter leaves the faucet on all day, you’re not going to get good cost out of that water bill. Same thing with cloud.”</p> <p>The U.S. Coast Guard — the smallest agency in the IC and the most diverse, with responsibilities including law enforcement, military missions, and search and rescue — has data locked in legacy systems that still work, with a caveat.</p> <p>“They’re not interoperable with our enterprise systems in the IC,” said Eric Downes, the Coast Guard’s deputy CIO for intelligence, adding that funding is at a premium. “Our challenge is to <strong>move all of our data and all of our capabilities into the cloud</strong>.”</p> <p><a href="https://fedtechmagazine.com/resources/white-paper/managing-hybrid-cloud-federal-government" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Download a white paper on how government can manage hybrid clouds.</em></a></p> <p>In 2017, the Coast Guard enlisted the help of <a href="https://www.c4isrnet.com/show-reporter/dodiis/2017/08/28/ic-ite-is-about-changing-the-way-the-intelligence-community-does-business/" target="_blank">data services teams</a> within the IC, and those teams help moved Coast Guard data into the IC’s commercial and government clouds. “These IC data services people <strong>have not met an unsolvable problem yet</strong>,” Downes said. “If you are a CIO or a CEO and you have not called them up, you need to call them.”</p> <p>Another issue to think about with cloud is that it may not be the sole solution for storage, said Mark Hakun, deputy CIO for the National Security Agency. “<strong>We are not getting less data</strong>. Nobody’s turned off their cell phones, nobody’s going back to the way we were with pads and paper. We can’t store all the data in one spot.”</p> <p>As a result, agencies have to become even more aware of the contents of their data, he added: “You have to know what you have, what your sources are, what data you’re actually using. <strong>You may be collecting things you’re not actually using</strong>, so do you need to store it as long?”</p> <p>The final challenge when it comes to cloud “won’t be a technical problem,” Downes said. “It’s going to be policy, it’s going to be culture, it’s going to be resistance to change, it’s going to be all those kinds of unknowns — and we don’t know what all those things are yet, but <strong>we’re going to run into them</strong>.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" tabindex="-1" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Thu, 22 Aug 2019 20:51:41 +0000 Elizabeth_Neus_pdwC 42961 at https://fedtechmagazine.com Managing the Hybrid Cloud in the Federal Government https://fedtechmagazine.com/resources/white-paper/managing-hybrid-cloud-federal-government <span>Managing the Hybrid Cloud in the Federal Government </span> <div><p>Across industries, many organizations have found that they’re able to achieve benefits such as cost savings, enhanced agility and improved business continuity by <strong>integrating their private clouds with public cloud resources</strong> in a hybrid model. <strong>A hybrid approach can provide a best-of-both-worlds experience</strong>, allowing organizations to place workloads where they are best suited, or to take advantage of additional capacity in the public cloud during periods of peak resource demand.</p> <p>However, the hybrid cloud is not without its challenges. The model has evolved substantially since its debut less than a decade ago, with organizations increasingly incorporating resources from their private clouds and several public cloud providers in a multicloud approach. While this evolution gives organizations more freedom and flexibility,<strong> it can also introduce management hurdles around cost, performance, visibility and security</strong>.</p> <p>By incorporating cloud management best practices and tools, organizations can ensure that their hybrid clouds will adapt with a changing IT landscape and continue to provide business value well into the future.</p> </div> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/22/2019 - 12:50</span> <img src="/sites/fedtechmagazine.com/files/document_images/HybridCloud-whitepaper.jpg" width="800" height="533" alt="hybrid cloud " typeof="foaf:Image" /> <div> <div>Document File</div> <div><span class="file file--mime-application-pdf file--application-pdf"><a href="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/document_files/mkt31471-upftf-hybrid-cloud-white-paper%20%281%29.pdf" type="application/pdf; length=220997">mkt31471-upftf-hybrid-cloud-white-paper (1).pdf</a></span> </div> </div> Thu, 22 Aug 2019 16:50:44 +0000 phil.goldstein_6191 42956 at https://fedtechmagazine.com DoDIIS 2019: Business Processes Should Rely on Commercial IT Products https://fedtechmagazine.com/article/2019/08/dodiis-2019-business-processes-should-rely-commercial-it-products <span>DoDIIS 2019: Business Processes Should Rely on Commercial IT Products</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Wed, 08/21/2019 - 14:51</span> <div><p>The best reason for federal agencies to consider commercial IT services is simple: Private companies that specialize in IT are going to be <strong>better at the job</strong> than the government, said Defense Department Chief Data Officer Michael Conlin.</p> <p>This won’t be the case for IT related to the war fighter mission or for intelligence, he said, but it is <strong>generally the case for the business end of the agency</strong> — human relations, payroll and similar functions common to all workplaces.</p> <p>“We’re never going to be as good at managing IT as the people who do it as a business,” Conlin said Wednesday at the <a href="https://www.ncsi.com/event/dodiis/" target="_blank">2019 DoDIIS Worldwide Conference</a> in Tampa, Fla. “And it is sensible for us to adopt those practices.”</p> <p><em>For more articles from DoDIIS 2019, check out our conference coverage <a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank">here</a>.</em></p> <h2 id="toc_0">SaaS and Other Solutions Make Sense for Government</h2> <p>A panel of chief data officers from the intelligence community spoke on the topic of modernization, which — especially when it comes to data-related functions — grows more important every day as the government’s legacy systems age.</p> <p>Some government systems, according to <a href="http://gao.gov/products/GAO-19-471" target="_blank">a recent Government Accountability Office report</a>, are more than 50 years old. “<strong>Systems shouldn’t be old enough to go to college</strong>,” said Nancy Morgan, chief data officer for the intelligence community. “That really terrifies me.”</p> <p>Conlin, who termed himself a “heretic” on the issue, believes that on-premises business applications should be a thing of the past for agencies. </p> <p>“You <strong>subscribe to Software as a Service instead</strong>, because business is business and there are best practices built into those solutions,” he said. “If you move to those best practices on a Software as a Service basis, they keep them up to date from a functional perspective, and from a technical perspective, and they keep them secure for you too.</p> <p>“The thought that we’re going to do a better job of implementing and operating business applications on our premises is self-deluding,” he added. “<strong>We are too small.</strong> We spend $46 billion a year on IT, an astonishing figure. But the U.S. IT industry is $1.7 trillion a year. We’re a rounding error.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_1">White House Requirements Push Agencies to Be More Efficient</h2> <p>Becoming more effective in running business functions is a requirement of the <a href="https://www.performance.gov/PMA/Presidents_Management_Agenda.pdf" target="_blank">President’s Management Agenda</a>, he noted, but agencies can’t always match private sector abilities. “When we’re not as good, it’s often because <strong>we have specific strictures laid on us by the legislature</strong>,” he said. </p> <p>Morgan said that government teams are able to solve most technical problems readily, but that data-sharing agreements and related memorandums of understanding were the real holdup.</p> <p>“I’ve been in these three-year negotiation cycles,” she said. “We are keeping teams of lawyers very busy at multiple agencies. <strong>We’ve got to find ways to automate this work</strong>. I still dream of authority to operate in a day, but it’s not quite real yet.”</p> <p> </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Wed, 21 Aug 2019 18:51:15 +0000 Elizabeth_Neus_pdwC 42951 at https://fedtechmagazine.com DoDIIS 2019: Reference Architecture Gives Intelligence Agencies Flexibility https://fedtechmagazine.com/article/2019/08/dodiis-2019-reference-architecture-gives-intelligence-agencies-flexibility <span>DoDIIS 2019: Reference Architecture Gives Intelligence Agencies Flexibility</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Wed, 08/21/2019 - 09:44</span> <div><p>A difficult pivot away from a long-favored IT modernization strategy enabled the intelligence community to collaborate more efficiently and let individual agencies tailor technology to fit their needs, says IC CIO John Sherman.</p> <p>The key, he said, was the IC’s work on <strong>developing reference architecture</strong> that gives <a href="https://www.intelligencecareers.gov/icmembers.html" target="_blank">the 17 agencies in the community</a> a template from which to design their own IT. </p> <p>“This has truly been <strong>a case of us needing to evolve</strong> or losing the relevance and applicability of what we’ve built,” Sherman said at the <a href="https://www.ncsi.com/event/dodiis/" target="_blank">19th DoDIIS Worldwide Conference</a> Tuesday in Tampa, Fla. “That’s not going to happen on any of our watches.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">One-Size-Fits-All IT No Longer Fits Intelligence Community</h2> <p>The toughest IT job the IC has confronted in recent years, according to Sherman, was to discard the <a href="https://www.govtechworks.com/common-desktop-the-foundation-for-ic-ite-expands-footprint/" target="_blank">IC Desktop Enterprise project</a>, which would have created a common desktop across the community.</p> <p>“It was a noble effort, but <strong>it was not meant to be</strong>,” he said. “It was among the hardest decisions any of us ever had to make.”</p> <p>But once the decision was made, he said, that opened up a new way to look at <a href="https://www.dni.gov/files/documents/CIO/IC%20ITE%20Strategy%202016-2020.pdf" target="_blank">IC ITE</a> — the <strong>IC IT Enterprise strategy</strong>.</p> <p>“No longer would we be focused on one-size-fits-all solutions, but rather <strong>we could move to a more federated approach</strong> that insured interoperability without forcing agencies to compromise their particular requirements,” he said.</p> <h2 id="toc_1">Cloud Technology Has Worked Better Than Expected</h2> <p>The <strong>“second epoch,”</strong> as the IC community calls it, of IC ITE is based on the concept of relying on reference architecture and the flexibility it creates. Already, Sherman said, agencies including the National Security Agency, National Geospatial-Intelligence Agency and the Defense Intelligence Agency are seeing the difference. Basic tasks common in the private sector are beginning to appear in IC offices.</p> <p>“<strong>We can chat with our colleagues in NSA, and that’s no small feat</strong>. And now we can do it with NGA, DIA and the Coast Guard,” he said. “The pick-and-shovel work that we’re doing with reference architecture is helping us get beyond agency-centric approaches and creates a framework that encourages true interoperability.” </p> <p>The IC is also building on early successes in the cloud, with many agencies using the Commercial Cloud Services (C2S) offering run by the CIA.</p> <p>In June, the Office of National Intelligence released a <a href="https://www.dni.gov/files/documents/CIO/Cloud_Computing_Strategy.pdf" target="_blank">strategic plan on advancing cloud computing</a> in the IC. It calls for supporting artificial intelligence and machine learning, disconnected and edge capabilities, applications and data that are portable, and workflows that move across multiple layers of security. </p> <p><a href="https://fedtechmagazine.com/article/2019/07/intelligence-community-shift-multicloud-model" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Read more about the intelligence community’s move to a new cloud model.</em></a></p> <p>The C2S currently handles data designated as top secret, but <strong>will soon be handling secret data as well</strong>, paving the way for easier collaboration among intelligence, homeland and military partners, Sherman said. </p> <p>In addition, edge node capabilities have been deployed overseas, giving distant intelligent workers increased ability to work with those based in more technologically stable locations.</p> <p>“We’ve benefited greatly,” Sherman said. “Our workloads and data in the cloud <strong>exceed that of what even the most optimistic advocates could have envisioned </strong>when we started the C2S contract over five years ago.”</p> <p><em>For more articles from DoDIIS 2019, check out our conference coverage <a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank">here</a>.</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Wed, 21 Aug 2019 13:44:37 +0000 Elizabeth_Neus_pdwC 42946 at https://fedtechmagazine.com DoDIIS 2019: Defense Intelligence Agency Looks to MARS to Analyze Data https://fedtechmagazine.com/article/2019/08/dodiis-2019-defense-intelligence-agency-looks-mars-analyze-data <span>DoDIIS 2019: Defense Intelligence Agency Looks to MARS to Analyze Data</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Tue, 08/20/2019 - 07:26</span> <div><p>The Defense Intelligence Agency plans to begin work in earnest next year on its Machine-Assisted Analytic Rapid-Repository System (MARS), a groundbreaking way to <strong>analyze large amounts of data in nearly real time.</strong></p> <p>“2019 was about learning. This was a year of prepping to get started,” said Terry Busch, MARS program manager, at the <a href="https://www.ncsi.com/event/dodiis/" target="_blank">2019 DoDIIS Worldwide Conference</a> in Tampa, Fla., Monday. “In 2020, we start.”</p> <p>The agency will hold a <a href="https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;id=e1c77d05a46a2e852a06f0e886eec7c0&amp;tab=core&amp;_cview=0" target="_blank">MARS Industry Day</a> event Sept. 10 in McLean, Va., to update potential contractors on the program’s status;<strong> top DIA officials “want this to be a strong industry partnership</strong>,” Busch said.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <p><a href="https://www.dia.mil/News/Articles/Article-View/Article/1855910/dias-vision-of-mars-decision-advantage-for-the-21st-century/" target="_blank">MARS</a> is one of the agency’s top priorities in its recently released Chief Information Office strategy for 2020 through 2024, according to Army Lt. Gen. Robert P. Ashley Jr., the DIA’s director.</p> <p>“Large, complex data sets don’t talk to one another, and we’ve got to fix that,” he said. MARS “is <strong>the scouting report for the team we’re going to play</strong>, and we’re going to update it every day.”</p> <h2 id="toc_0">Multiple Databases Mean Less Efficient Collaboration</h2> <p>Currently, general military intelligence data gets to the service members in the field through dozens of systems, including the primary military intelligence database, the <a href="https://www.globalsecurity.org/intell/systems/midb.htm" target="_blank">Modernized Integrated Database</a> (MIDB), now about 20 years old.</p> <p>As reliable as that system has been, however, <strong>it doesn’t allow multiple partners to work simultaneously on one problem</strong>, as services might have to do in the heat of battle, said Mac Townsend, a defense intelligence senior-level officer at DIA.</p> <p>“The intent with MARS is to do some data synchronization in a way that’s <strong>as innovative as we can get</strong>,” he said. “We’re looking to industry to help us synchronize our data across multiple regions and multiple domains.”</p> <p>MARS will differ from MIDB and other databases in that it will not be just a receptacle for data. Because it springs from developments in cloud computing, artificial intelligence and machine learning, it will have <strong>capabilities far beyond those of current databases</strong>, Busch said. </p> <p>For instance, MARS is expected to be able to create a virtual model of an enemy environment, and planners should be able to run quick simulations before sending orders to troops.</p> <p>“What comes out of MARS at the end is not data, it’s analysis. <strong>It’s finished intelligence</strong>,” he said. </p> <p><a href="https://fedtechmagazine.com/article/2017/07/dod-state-department-see-benefits-shifting-global-operations-cloud" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> See how DOD and the State Department plan to shift operations to the cloud.</em></a></p> <h2 id="toc_1">DIA Plans to Run Two Database Systems at Once</h2> <p>The excitement over MARS does not mean an end to MIDB, however. That database is funded for the next five years. “We’re not looking to take that away,” Townsend said. </p> <p>DIA plans to <strong>run both MARS and MIDB simultaneously</strong> for a while as the legacy database is transferred to the new model, he said. </p> <p>“Both systems have to coexist until we’ve transitioned all of our legacy partners off,” Busch said. “Eighty percent of our programs can drink from this new fountain. Those who cannot, we will slowly begin to move them over. <strong>We’ll have to support those older databases for a long time</strong>.</p> <p>“That is a years and years process,” he added. “We cannot do this another way. There is no turning MIDB off.”</p> <p><em>For more articles from DoDIIS 2019, check out our conference coverage<a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank"> here</a>.</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Tue, 20 Aug 2019 11:26:26 +0000 Elizabeth_Neus_pdwC 42941 at https://fedtechmagazine.com DoDIIS 2019: Military Partners Need Better Interoperability to Combat Threats https://fedtechmagazine.com/article/2019/08/dodiis-2019-military-partners-need-better-interoperability-combat-threats <span>DoDIIS 2019: Military Partners Need Better Interoperability to Combat Threats</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Mon, 08/19/2019 - 14:40</span> <div><p>Although the Defense Intelligence Agency has always focused on gathering information for military missions, data — especially the amount that’s coming in now — has become a critical interest.</p> <p>Advanced technological tools <strong>have no real value unless they can handle the mass of data </strong>now available, said DIA CIO Jack Gumtow at the <a href="https://www.ncsi.com/event/dodiis/" target="_blank">19th DoDIIS Worldwide Conference</a> in Tampa, Fla., on Monday. More than 3,700 people are attending the largest annual conference for the intelligence IT community.</p> <p>“The reality is that we can have technological advancements across the board, but the underpinning is about data,” Gumtow said. “Data is the common denominator that we have to get straight. We’re not there yet. <strong>Data is hard</strong>.”</p> <p><em>For more articles from DoDIIS 2019, check out our conference coverage <a href="https://fedtechmagazine.com/2019-dodiis-worldwide-conference" target="_blank">here</a>.</em></p> <h2 id="toc_0">War Fighters Need Solid, Trustworthy Data</h2> <p>With <strong>2.5 quintillion bytes of data created every day</strong> — and a growing portion of it deliberately faked or twisted into disinformation — “we have to supply the war fighters with information that is accurate and is trusted in an environment where misinformation exists,” said Army Lt. Gen. Robert P. Ashley Jr., the DIA’s director.</p> <p>The most important capability that the DIA and the rest of the intelligence community must develop, Ashley said, is <strong>the ability to communicate across platforms</strong>. He cited an example of immediate interest to the audience: During his speech, the DoDIIS conference app worked on only one smartphone operating system.</p> <p>“You’ve got to be able to talk to each other,” he said. “Otherwise we’ll miss opportunities. It’s about how we move data, and it is complicated. We can solve problems at speed, but <strong>our challenge is to solve the problem at scale.</strong></p> <p>“I can come up with a unique capability for a battalion, a brigade, where they can operate at speed within that brigade, but can they talk to every other brigade? Can they talk to other services? Can they talk to other nations? <strong>Buried within that scale problem is the challenge of interoperability.</strong>”</p> <p>With China and Russia focusing on the control of data — their own and others’ — it’s important to know “where that data is going, and who’s controlling it,” Ashley added. </p> <h2 id="toc_1">DIA Looks Ahead to More Advanced Technology</h2> <p>Modernization is a priority for the military intelligence enterprise, he said. The DIA last month published a document outlining its Chief Information Office strategy for 2020 through 2024 that called for <strong>more collaboration with DIA partners, including international ones</strong>.</p> <p>The areas of focus include:</p> <ul><li><strong>Open-source intelligence</strong>, the sophisticated analysis of data collected from publicly available sources</li> <li>The Machine-Assisted Analytic Rapid-Repository System (<a href="https://www.dia.mil/News/Articles/Article-View/Article/1855910/dias-vision-of-mars-decision-advantage-for-the-21st-century/" target="_blank"><strong>MARS</strong></a>), which will help bring multiple databases together in a flexible environment able to create virtual models of enemy environments</li> <li>And the <strong>Joint Worldwide Intelligence Communications System </strong>(JWICS), the primary network over which top secret information is shared, <a href="https://www.c4isrnet.com/show-reporter/dodiis/2018/08/15/a-critical-top-secret-intel-network-needs-to-evolve/" target="_blank">which needs a technological update</a></li> </ul><p>“The tyranny of combatant boundaries will not limit our enemies and our adversaries in <a href="https://www.defense.gov/Newsroom/News/Article/Article/1791811/dunford-describes-us-great-power-competition-with-russia-china/" target="_blank">great power competitio</a><a href="https://www.defense.gov/Newsroom/News/Article/Article/1791811/dunford-describes-us-great-power-competition-with-russia-china/" target="_blank">n</a>,” Ashley said. “So we have to think about how we are interoperable in our core functions. <strong>In great power competition, you have to bring your A-game on day one</strong>, because if you don’t, you may not get a day two.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://healthtechmagazine.net/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Mon, 19 Aug 2019 18:40:44 +0000 Elizabeth_Neus_pdwC 42936 at https://fedtechmagazine.com 3 Steps to Establish a Data Center Chain of Trust https://fedtechmagazine.com/article/2019/08/3-steps-establish-data-center-chain-trust <span>3 Steps to Establish a Data Center Chain of Trust</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 08/19/2019 - 06:14</span> <div><p>Data center attacks are coming in fast and furious and taking many different forms. From distributed denial of service attacks and ransomware to large scale data breaches, threat vectors are becoming increasingly pervasive and sophisticated. It’s no surprise that <a href="https://www.gartner.com/en/newsroom/press-releases/2017-03-14-gartner-says-detection-and-response-is-top-security-priority-for-organizations-in-2017" target="_blank">Gartner</a> is reporting that the $90 billion spent on security in 2017 will grow to <strong>$1 trillion by 2022</strong>. </p> <p>Despite this robust spending forecast, combating cyberthreats continues to be a challenge for federal agencies, for several reasons. <strong>Budgets are tight, resources are scarce and modern data center environments have grown increasingly complex. </strong>Today’s workloads don’t just run on-premises; they also run in the public and private cloud <a href="https://fedtechmagazine.com/article/2019/02/edge-computing-air-force-and-fema-take-advantage-intelligent-edge-perfcon">and at the edge</a>. All of this exposes data centers to a greater number of risks. </p> <p>What can security managers do to ensure the security of these data centers? The most important things are to <strong>implement policies to secure data wherever it resides</strong>, build security in from the outset and make sure security is hardened enough to prevent data leakage. </p> <p>Let’s take a look at how this can be done.</p> <p><a href="https://fedtechmagazine.com/article/2019/07/forensic-it-tools-lead-agencies-better-answers-after-breaches" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Discover how forensic IT tools lead agencies to better answers after breaches.</em></a></p> <h2 id="toc_0">1. Secure Data Throughout Its Lifecycle</h2> <p>While many government organizations prioritize the protection of their software applications and network perimeters, <strong>hackers are increasingly targeting more vulnerable hypervisors, boot drivers, firmware and hardware</strong> further down the stack. </p> <p>As you get closer to the base, attacks get harder to detect and remediate. That’s because software solutions aren’t optimized for hardware, and some components, such as hypervisors, can be vulnerable to new attack methods. Hypervisors pool virtual machine memory space and cores — in other words, they share resources to drive efficiency — but that can expose them to increased risk.</p> <p>However, these challenges can be overcome through new design techniques.<strong> If security is built into data center architecture at the outset</strong>, from the processor foundation outward, data can be effectively protected throughout its lifecycle —<strong> at rest, in flight and in use</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="" data-entity-type="" data-entity-uuid="" height="220" src="/sites/fedtechmagazine.com/files/CTA_Slides/Cybersecurity_IR_stayprotected_700x220_0.jpg" width="700" /></a></p> <h2 id="toc_1">2. Bake Security Controls into Hardware</h2> <p>To secure a data center stack, <strong>cryptographic techniques need to be rooted into the silicon of the foundational hardware and applied in every layer thereafter</strong>, up to the applications. This reduces the surface area of vulnerability, which grows as a system performs more functions. </p> <p>Eliminating potential attack vectors, from superfluous programs and permissions to ports, gives attackers and malware fewer opportunities to gain a foothold. </p> <p>This approach is called <strong>a hardened security model</strong>, and it creates a chain of trust along the length of the stack. Hardened full-stack security provides reassurance to users — and, crucially, defends them more successfully against attacks.</p> <h2 id="toc_2">3. Prevent Data Leakage, Modification and Privilege Escalation</h2> <p>Hardened security can also foil data leakage, modification and privilege escalation. The latter signifies a situation in which an unauthorized user gains access to data center resources or services with the intent to view, manipulate or delete data. </p> <p>Hardened security prevents such attacks by using hardware-enforced firewalling to separate sensitive data from untrusted workloads, providing cross-domain protection. The<strong> partitioning and isolation of shared resources such as caches, cores, memory and devices in the virtualized environment</strong> supports data confidentiality, integrity and availability while providing consistent application performance. At the same time, isolation techniques create more runtime security domains within a trusted virtualization environment.</p> <p><a href="https://fedtechmagazine.com/article/2019/05/sba-interior-energy-find-different-effective-ways-deploy-cdm" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how SBA, the Department of the Interior and the Department of Energy deploy CDM effectively.</em></a></p> <h2 id="toc_3">How to Think Differently About Cybersecurity</h2> <p>We’re far removed from a world in which bolting on security is an acceptable practice. Today, federal organizations must continue to think differently about cybersecurity protection and take proactive stances against evolving cyberthreats. Security must be built in from the ground up.</p> <p>Building <strong>a chain of trust in a data center environment</strong> using a hardened security model is a great place to start. The approach enables security at cloud scale without sacrificing performance or agility. </p> <p>It’s precisely what is needed in today’s environment, where agencies need to keep vulnerabilities at bay while maximizing the full potential of their data centers to drive innovation and reduce costs.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/steve-orrin" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/Steve_Orrin_01_print-3.jpg?itok=tG_W57wa" width="58" height="58" alt="Steve Orrin, Intel " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/steve-orrin"> <div>Steve Orrin </div> </a> </div> <div class="author-bio"> <p> <div><p>Steve Orrin is the federal CTO for Intel Corporation. He has held architectural and leadership positions at Intel, driving strategy and projects on identity, anti-malware, HTML5 security, cloud and virtualization security since joining the company in 2005. Previously, Orrin held technology positions, including serving as the CSO of Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO of SynData Technologies.</p> </div> </p> </div> </div> </div> </div> Mon, 19 Aug 2019 10:14:29 +0000 phil.goldstein_6191 42931 at https://fedtechmagazine.com What Is Data Center Infrastructure Management: Preparing for OMB’s DCOI Policy https://fedtechmagazine.com/article/2019/08/what-data-center-infrastructure-management-preparing-ombs-dcoi-policy-perfcon <span>What Is Data Center Infrastructure Management: Preparing for OMB’s DCOI Policy</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 08/16/2019 - 11:28</span> <div><p>In late June, the Office of Management and Budget finalized updates to the government’s <a href="https://datacenters.cio.gov/policy/" target="_blank">Data Center Optimization Initiative (DCOI) policy</a>, laying out the Trump administration’s technical tweaks to a policy first promulgated in the Obama era.</p> <p><a href="https://www.nextgov.com/it-modernization/2019/06/omb-updates-data-center-optimization-initiative/158018/" target="_blank">As Nextgov reports</a>, the updated policy “establishes new consolidation and optimization metrics — and additional reporting requirements — for federal agencies,” and it bans the creation of new data centers or significant expansion of existing ones. The policy also redirects agencies to optimize “larger dedicated data centers,” since “agencies have seen little real savings from the consolidation of non-tiered facilities, small server closets, telecom closets, individual print and file servers, and single computers acting as servers.”</p> <p>The DCOI policy also calls for agencies to continue the push into <strong>automated data center monitoring and optimization</strong>. It specifically encourages agencies to use <strong>Data Center Infrastructure Management (DCIM) tools</strong>.</p> <p>DCIM software gives agencies the ability to automate the monitoring of data center performance, especially power consumption and cooling, so that they can <strong>more effectively decide how to construct and operate their data centers</strong>. </p> <p><a href="https://fedtechmagazine.com/article/2019/07/how-disaster-recovery-plans-keep-agencies-running" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how disaster recovery plans keep agencies’ data centers running.</em></a></p> <h2 id="toc_0">What Is Data Center Infrastructure Management Technology?</h2> <p>Agency IT officials cannot figure out how to consolidate and optimize without knowing the equipment and data they have, the space and energy demands of that data, the potential security problems and the potential to apply new technology, Daniel Kent, CTO of U.S. public sector for <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html" target="_blank">Cisco Systems</a>’ federal organization, a DCIM service provider to government agencies, <a href="https://fedtechmagazine.com/article/2018/08/how-dcim-can-help-agencies-data-center-optimization-initiative-perfcon">previously told <em>FedTech</em></a>.</p> <p>“We have to help them get from the legacy world to this new world,” he says. DCIM is an umbrella term that encompasses a wide range of tools that IT leaders can use to <strong>oversee, monitor and understand their data centers, from power consumption to data storage</strong>.</p> <p>DCIM, <a href="https://www.gartner.com/it-glossary/data-center-infrastructure-management-dcim" target="_blank">as Gartner notes</a>, lets agencies <strong>monitor, measure, manage or control the utilization and energy consumption</strong> of all IT-related equipment in a data center, like servers, as well as facility infrastructure components, like power distribution units.</p> <p>“It has a heavy focus on monitoring what is being used in the data center,” <a href="https://www.idc.com/getdoc.jsp?containerId=PRF004840" target="_blank">Shawn McCarthy</a>, research director for <a href="https://www.idc.com/prodserv/insights?s=government" target="_blank">IDC Government Insights</a>, previously told <em>FedTech</em>. “The end game is to collect some good, hard data from which to make decisions.”</p> <p>DCIM software can provide IT administrators and managers with <strong>actionable intelligence about how their agencies’ data centers are performing</strong>, especially in terms of facilities infrastructure and power consumption, so that they can make decisions on <strong>how best to configure the data center to optimize performance</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2019/03/what-fog-computing-tech-can-spur-government-it-modernization-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how fog computing can help your agency.</em></a></p> <h2 id="toc_1">How Does DCIM Play a Part in DCOI?</h2> <p>DCOI specifically calls for agencies to use DCIM technology. It notes that agencies should continue to “replace manual collection and reporting of operational data as well as systems, software, and hardware inventory housed within data centers with <strong>automated monitoring, inventory, and management tools</strong> (e.g. Data Center Infrastructure Management (DCIM).”</p> <p>Those tools will need to be updated, the DCOI notes, to match the performance metrics it spells out. Those include metrics around <strong>virtualization</strong> (agencies are required to report “the number of servers and mainframes that are currently serving as hosts for virtualized or containerized systems in their agency-managed data centers”). Another metric deals with <strong>advanced energy metering</strong>, for which agencies are expected “to have advanced energy metering and sub-metering, sufficient to accurately estimate Power Usage Effectiveness (PUE), for all remaining data centers over 100 kW that they are planning to keep open.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <p>In terms of <strong>server utilization</strong>, DCOI says agencies “should use automated monitoring software to measure application usage to accurately determine needs, such as storage space, CPU, memory, and redundancy.”</p> <p>“Any data center initiation, significant expansion, or migration project that received Development, Modernization, and Enhancement (DM&amp;E) funds in fiscal year 2017 or later must implement automated monitoring and management tools,” the policy states.</p> <p>However, according to DCOI, agencies are “strongly encouraged” to use automated monitoring and management tools throughout their data centers, especially those that use more than 100 kilowatts of power. </p> <p>To the extent permissible under the Federal Acquisition Regulation, agencies “must include <strong>standard automated infrastructure management requirements for all new data center service contracts</strong> or procurement vehicles,” according to DCOI.</p> <p>DCOI further states that any new data center contractor procurement vehicle needs to have provisions for the contractor to report to the agency “whether the contracted facility utilizes automated infrastructure management, except where such data is already reported directly to OMB” or General Services Administration through participation in a multiagency service program.</p> <p><a href="https://fedtechmagazine.com/article/2019/05/hci-helps-feds-find-new-ways-store-and-analyze-data" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Discover how HCI helps feds find new ways to store and analyze data.</em></a></p> <h2 id="toc_2">DCIM Vendors to Explore</h2> <p>DCIM is an established technology toolset and agencies have a wide range of solutions from <a href="https://www.gartner.com/reviews/market/data-center-infrastructure-management-tools" target="_blank">leading vendors</a> that they can choose from to help automate data center monitoring.</p> <p>Those include <a href="https://www.cdwg.com/search/?key=StruxureWare%20for%20Data%20Centers&amp;searchscope=all&amp;sr=1" target="_blank">StruxureWare for Data Centers</a> from <a href="https://www.cdwg.com/content/cdwg/en/brand/apc.html?cm_mmc=Vanity-_-APC-_-NA-_-NA" target="_blank">APC by Schneider Electric</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/vertiv.html?enkwrd=vertiv" target="_blank">Vertiv</a>’s Trellis platform and Power IQ DCIM Monitoring from <a href="https://www.cdwg.com/search/?key=Sunbird%20Software&amp;ctlgfilter=&amp;searchscope=all&amp;sr=1" target="_blank">Sunbird Software</a>.</p> <p>Todd Prieve, a CDW segment team leader and solution architect for data center power, cooling and DCIM, <a href="https://blog.cdw.com/data-center/is-dcim-really-for-you-if-so-heres-what-to-do-first" target="_blank">notes in a blog pos</a>t that when picking DCIM vendors, agencies and other organizations first need to<strong> develop a list of DCIM requirements </strong>believed to be the best fit for the organization. That helps IT leaders prioritize which metrics and factors an agency needs to monitor.</p> <p>“Rather than wasting time looking at demos of a variety of DCIM software products and listening to multiple vendor sales pitches on their DCIM solution, the first thing to do is to sit down and build out a requirements list,” Prieve says.</p> <p>Pireve says that sorting out which DCIM software functions and features must be included and those that are not mandatory but would still add value will give IT leaders “a foundation of DCIM requirements to refer back to” and will “help guide you as to what solutions could be the most viable.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein" hreflang="en"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 16 Aug 2019 15:28:12 +0000 phil.goldstein_6191 42926 at https://fedtechmagazine.com DoDIIS 2019 https://fedtechmagazine.com/ad/dodiis-2019 <span>DoDIIS 2019</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/15/2019 - 16:08</span> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/ad/dodiis-2019" data-title="DoDIIS 2019" data-via="FedTechMagazine" data-button-background="none"> <span> <span>Aug</span> <span>15</span> <span>2019</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/ad/dodiis-2019" data-title="DoDIIS 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fdestination%3D%2Ffedtech-focus-internet-things%26_exception_statuscode%3D403" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/ad/dodiis-2019" data-title="DoDIIS 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> Thu, 15 Aug 2019 20:08:39 +0000 phil.goldstein_6191 42921 at https://fedtechmagazine.com