- November 2015 (2)
- October 2015 (3)
- September 2015 (2)
- August 2015 (2)
- July 2015 (2)
- June 2015 (4)
- May 2015 (3)
- April 2015 (4)
- March 2015 (4)
- February 2015 (4)
- January 2015 (3)
- December 2014 (1)
- November 2014 (4)
- October 2014 (3)
- September 2014 (4)
- July 2014 (4)
- June 2014 (3)
- May 2014 (4)
- April 2014 (3)
- March 2014 (4)
- February 2014 (3)
- January 2014 (2)
- December 2013 (3)
- November 2013 (3)
- October 2013 (5)
- September 2013 (3)
- August 2013 (4)
- July 2013 (2)
- June 2013 (4)
- May 2013 (3)
- April 2013 (4)
- March 2013 (2)
- February 2013 (5)
- January 2013 (3)
- November 2012 (2)
- October 2012 (4)
- September 2012 (5)
- August 2012 (5)
- July 2012 (2)
- June 2012 (4)
- May 2012 (3)
- April 2012 (4)
- March 2012 (1)
- February 2012 (4)
- January 2012 (2)
- December 2011 (2)
- November 2011 (4)
- October 2011 (3)
- September 2011 (4)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (4)
- April 2011 (4)
- March 2011 (2)
- February 2011 (3)
- January 2011 (3)
- December 2010 (3)
- November 2010 (4)
- October 2010 (3)
- September 2010 (3)
- August 2010 (3)
- July 2010 (3)
- June 2010 (1)
- May 2010 (2)
- April 2010 (2)
- March 2010 (2)
- February 2010 (1)
- January 2010 (1)
- December 2009 (1)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (2)
- July 2009 (1)
- June 2009 (2)
- May 2009 (1)
As we ready for the holiday that brings all Americans together – here's the question. Which of the turkeys running for the President would you invite to gobble with your family?
At MeriTalk, we recently hosted our own televised presidential candidate debate. Tune in to separate the wattle from the winner.
And, speaking of the presidential campaigns, keep an eye out for the Tech Iconoclasts – series tech recommendations to the challengers for the White House.
Enjoy the holidays with a side of chuckles from our family to yours.
The Kansas City Royals just won it all by playing great defense and following the old baseball motto – “hit ‘em where they ain’t.” It’s also a motto that fraudsters have embraced as they continue hitting agencies from all angles.
In 2014, GAO officials tested the application controls for HealthCare.gov by creating 12 fake applicants and applying for coverage. A whopping 11 of the 12 fake applicants were approved for subsidized coverage – if we’re talking batting averages, that’s a .916 clip. The fictitious applicants received a total of about $30,000 in annual tax credits, and all 11 were automatically re-enrolled for coverage in 2015. If you want the full scoop, GAO released a report earlier this summer.
While HealthCare.gov has a multi-layer verification process to prevent fraudulent applicants from receiving subsidies, Uncle Sam seems more interested in increasing enrollment in the exchange than enforcing the barriers to prevent fraud. These barriers have already rejected thousands of fraudsters, but if 11 of 12 fake applicants successfully received coverage, then how many fraudsters have been able to breach the exchange?
Big Data Clubhouse
The Centers for Medicare and Medicaid Services (CMS) – the agency responsible for implementing the Affordable Care Act – admitted it doesn’t have the resources to adequately detect and prevent fraud. It’s not for lack of effort on the part of CMS – they simply don’t have the training. But if they want to learn how to make better use of available tools to better identify fraud, they’re welcome to join us for the Big Data Brainstorm on November 19 at the Newseum.
The Brainstorm opens with a keynote panel featuring LaVerne Council, CIO at VA; Dr. Jason Matheny, Director of IARPA; and Karen Neuman, Chief Privacy Officer at DHS. Then it’s Linda Miller, Assistant Director of GAO, running the bases on her agency’s latest Fraud Risk Management Framework. From fraud detection to data privacy and integrity, the Big Data Brainstorm brings together the government’s all-star data management and analytics big hitters.
Gold Glove Defense
The Royals committed just two errors in the entire World Series, and Federal agencies should be detecting fraud with that kind of efficiency. Instead, too many agencies operate comparably to the New York Mets, who committed several crucial errors in the World Series. Fraud costs Feds billions of dollars every year – check out MeriTalk’s “Stealing from Uncle Sam” study. It damages crucial programs like HealthCare.gov, stopping them reaching their full potential.
Hope to see you at the Big Data Brainstorm on the 19th – your chance to swing for the fraudsters and strike out crooks.
If little girls are sugar, spice, and all things nice. And, little boys are slugs, snails, and puppy dog’s tails. Then the September 2nd Synergy Research Public Cloud Infrastructure report puts the gadget guts of public clouds into plain view. This fascinating dissection of the categories of stuff that constitute clouds gives better insight into the complexity that makes things simple.
It tells us that the global public cloud component market grew from $18 billion in 2013 to $22 billion in 2014 – but that that market appears to be shrinking this year, Synergy pegs the market this year to date at $13 billion. Unless there’s a spending spree at year end. This provides an interesting counterpoint to Amazon Web Services recent announcement that it doubled its profits 2015 over 2014.
The Synergy report tells us how the public cloud infrastructure treasure’s broken out. 54 percent computing systems, 22 percent storage, 19 percent infrastructure, and 3 percent management and security. No, that doesn’t quite get us to 100 percent. But who’s counting...?
The study shows us the big dogs in cloud infrastructure – its Cisco, HP, Dell, IBM, and EMC in that order, with Hauwei in six. Guess Dell just jumped up that list. How quickly those revenues are growing year on year and quarter on quarter. Cisco’s cloud revenue grew more than 15 percent year on year this quarter – hitting $1.93 billion so far this year.
Cisco dominates networking infrastructure, switching, Ethernet switching, routing, and interconnect routing. Brocade is more than twice the size of the next competitor in SAN. F5 and Citrix in Application Delivery Controllers.
What does this mean for Federal? A lot. It’s important to recognize that the whole IT ecosystem is connected. In today’s hyperconnected world, it’s all about scale – and it’s foolhardy to consider government technology as distinct from the commercial market.
A couple of questions for the dismount. If this is what public clouds are made of – where’s all that open source hardware CSPs are propagating? How does its marketshare stack up against the traditional infrastructure providers? Those metrics will predict the velocity of future IT mergers and acquisitions. Hats off to Synergy for the new insight – but like that first kiss from my little daughter, it only leaves me wanting more…
How would the Queen of Soul spell FITARA? R-E-S-P-E-C-T. That's coz the new IT law is all about Federal CIOs getting some swagger – and harmonizing Federal IT efficiency on the same track. And, according to new MeriTalk research, FITARA Future, 45 percent of Fed IT execs say IT gets no respect from mission execs. The study says Fed IT's a Chain of Fools – where mission owners only call IT execs in early on program planning in one out of five programs. Little wonder that Fed IT outcomes are Rolling in the Deep. We're hosting OMB, GAO, Richard Spires, and a chorus of former Federal CIOs at the FITARA Forum on December 9th at the Newseum.
But let's get back to the study – Fed IT's confident A Change is Gonna Come. Seventy-nine percent of Feds assert FITARA will improve the way IT is viewed at their agency. Oh Happy Day – 70 percent believe FITARA will improve CIO communications, 52 percent say it'll make IT more accountable, and 36 percent say FITARA will get IT a seat at the big-kids table.
But Break IT To Me Gently – how do we ensure that FITARA's not the B side for Clinger Cohen – Here We Go Again? Rumor has it Oversight and Government Reform's IT Subcommittee will roll out a new FITARA Scorecard at a hearing in early November. The focus is on Getting IT Right. Feds in the FITARA Future study have some suggestions on what the FITARA Scorecard should measure – 73 percent want to track productivity and effectiveness of IT decisions and 60 percent want to measure waste reduction and deduplication of systems.
Again, we're working with OMB, GAO, the Hill, and former Federal CIOs, on the FITARA Forum on December 9th. You Make Me Feel Like a Natural Woman but at the same time the Son of A Preacher Man – guess that's why FITARA's confusing. If you can't join us on December 9th, I Say A Little Prayer For You. Should we ask Aretha to join us?
Fluffy comes to mind as good cloud adjective – difficult to define. But never fear, it’s raining cloud metrics this week – and we’re bringing you the chance to get face to face with the facts at our November 5th Cloud Connect conference.
Who’s Buying What?
While OMB and GAO differ over Federal cloud adoption, MeriTalk released the new Cloud Carry Out report at the Cloud Caucus meeting this week. The report profiles Federal shopping behaviors from the GovCloud Shopper (GCS) – the free estimating and acquisition tool we developed with DHS, GSA, and Interior. Based on some 2,000 GCS users, this analysis breaks out numbers across government, defense, and contractors.
Looking at what applications top Feds shopping lists, 42 percent searched for web and transaction processing pricing – shifting websites makes good sense. However, 23 percent of searches focused on development and test – DevOps dynamic? Interestingly, eight percent of searches looked at how much it costs to host big data processing in the cloud.
Considering the size of cloud applications, hardly surprisingly, 40 percent of Feds shopped for small cloud machines. Twenty-one percent looked to place medium cloud machines in their baskets – with seven percent looking to supersize. If you’ve got a taste for new insight, go ahead and clip the coupon.
Food for Thought
But, the Cloud Carry Out report hardly stole the show at the Cloud Computing Caucus this week – and there’s more on the menu. Three of the four Congressional Caucus co-chairs shouldered their way into the standing-room-only Rayburn building to serve up cloud comments in the wake of the OPM breach. Representatives Connolly, Lieu, and Walker all pressed for modernization as a protective measure.
And, not to be outdone, Labor CIO, Dawn Leaf, treated the crowd to hard facts and home truths about cloud migration. Moving to the cloud forces you to do the things that are difficult, but necessary to improve your IT. She talked about how Labor standardized and upgraded its network to facilitate moving email to the cloud. Leaf also noted that cloud’s bigger email boxes save Labor’s 19,000 employees two hours per month, every month. Consider that RoI.
Tom Sasala, CTO at Army ITA spiced up the discussion, rejected the public, hybrid, cloud menu – noting all applications are either on prem or off prem, and dedicated or shared.
If you missed the Cloud Caucus, we’re serving up a second course on November 5th at the Cloud Connect conference. I’m moderating a CIO panel on Hybrid Cloud with Dawn Leaf, Rich McKinney CIO at DoT, and John Skudlarek Deputy CIO at FCC. Then Dan Verton, MeriTalk executive editor, hosts a CSP panel to serve up what’s next in cloud tech offerings.
At MeriTalk, fluffy's not in our vocabulary. Metrics matter – and it’s all on the menu. Are you hungry for the cloud?
Donald Trump might quip that there are two kinds of insider threats – the Edward Snowden kind and the Hillary Clinton kind. But our nation's cyber security's no laughing matter. According to a new MeriTalk study Inside Job, 45 percent of Federal agencies detected insider threats and 29 percent lost data to insider threats in the last year. What's perhaps more alarming, in many cases Feds don't know what they don't know – 45 percent can't tell if a document has been inappropriately shared and 34 percent can't tell what data has been lost. So, it may be worse than we think...
If you're interested in dialing in on insider threat, the Cyber Sprint, CDM, and cyber threat intelligence – you should register for the Cyber Security Brainstorm on September 23rd at the Newseum.
We'll lead off with a keynote from Allison Tsiumis, cyber intelligence section chief, FBI. Then the program is the who's who of cyber gladiators in D.C. – from Jeff Eisensmith, CISO at DHS; Renee Tarun, deputy chief of the cyber taskforce at NSA; to Emery Csulak, CIOs at HHS CMS; to Steven McIntosh and Stephen Smith, the insider threat leads at DIA and State respectively. Stay with us for lunch to see NIST's Dr. Ron Ross moderate an industry panel with Cloudera, Dell, and Palo Alto Networks. We'll also hear from Cisco, Fortinet, IBM, and Tenable. Like I said it's cyber central...
But Wait, There's More...
NIST's Cloud Cyber Security Working Group's collocating its meeting at the Cyber Brainstorm. And, it's a cyber-action-packed afternoon. It kicks off with a keynote from Chris Inglis, former deputy director at NSA. Next up, Dr. Michaela Iorga moderates a star-studded panel on the Internet of Everything. And, who better to participate than the man who invented the internet? No, not Al Gore. This session features Vint Cerf – as well as David Bray CIO at FCC and Daryll Peek of DHS.
So, let's go back to the Republican frontrunner for the dismount. According to the recent MeriTalk Go Big Security study, our Fed Cyber warriors tell us cyber threats live on government networks 16 days before they're detected. And, nine out of 10 defenders say they can't tell a complete story of their cyber security position with the data they have today – so 76 percent say their cyber teams operate reactively rather than proactively. The net, we need better cyber data and situational awareness to improve Uncle Sam's cyber outcomes.
It's unlikely the Donald will put in a cameo at the Brainstorm on the 23rd. That's one less threat to worry about...
Price Shopping Federal Cloud
Money talks – and BS walks. We’re about to separate the men from the boys in Federal cloud. Yes, we’re rolling into busy season – when agencies use it or lose it. Will Feds drop cash on cloud or binge on boxes as usual? The answer floats on procurements’ ability to make sense of cloud pricing – and craft cloud RFQs. That’s why we developed the Gov Cloud Shopper. It’s free to use. It provides point-and-click access to pricing from FedRAMP Cloud Service Providers (CSPs) – AWS, CenturyLink, IBM, Microsoft Azure, and VMware. We use our algorithm to allow you to break CSPs out by price point and line them up based on common specs.
Let’s Go Shopping:
To be clear, the pricing in the estimator tool comes directly from the publicly available price lists of the respective CSPs. We have reached out to all FedRAMP-compliant CSPs requesting pricing information. We have pricing for five CSPs. A series of others are in the process of providing their price catalogues. This is an open invitation for all CSPs to participate and provide feedback.
More detail here. Why can’t you see prices from other FedRAMP’d CSPs? How can you buy their solutions if you can’t understand the pricing? Good questions. As I mentioned, we’re working with a series of additional CSPs to add their pricing. Watch this space.
How Does the Shopper Work?
To restate, the pricing in the estimator tool comes directly from the publicly available price lists of the respective CSPs. We have reached out to all FedRAMP-compliant CSPs requesting pricing information. We have pricing for five CSPs. A series of others are in the process of providing their price catalogue. This is an open invitation for all CSPs to participate and provide feedback.
2. Generate an RFQ to Get GWAC Bids: And, armed with the Shopper’s estimates, you can proceed to use the Requirements Designer to build your RFQ – and submit it to a GWAC for a bid. We’ll connect you with NASA, GSA, DHS, and other GWAC offices. When you submit your RFQ, you get a copy of your specs sent to your email as well as the GWAC office. But why not have the GWACs compete for your business? Yes, you can submit the same RFQ to multiple GWACs to see who gives you the best deal.
3. Change Your Specs to See Impact on Price: Here’s the final twist. The Shopper’s Requirements Designer allows you to submit multiple RFQs, so you can change your specs and see how that changes your price. What’s the difference between a 99 percent uptime SLA and a 99.99 percent uptime SLA? The Gov Cloud Shopper’s easy to use – it bridges between IT and procurement.
Register for the webinar today. The MeriTalk Gov Cloud Shopper brings the cloud down to earth. Do you want more transparency in FedRAMP cloud pricing – and help shopping for cloud solutions?
Never let a good crisis go to waste. The OPM breach – and the subsequent Cyber Sprint – may be just the jolt we need to euthanize our geriatric Fed IT. According to Tony Scott and GAO at this week's FITARA Forum, we spend more than 80 percent of the $80 billion IT budget on operations and maintenance for legacy systems. You see with the Cyber Sprint we've been looking hard at how to secure our systems. And, the simple truth of the matter is – it's impossible. It's impossible to apply two-factor authentication to systems and applications built in the '60s, '70s, '80s, '90s, and naughties.
Cash for Clunkers...
Here's an opportunity for real leadership – to move away from advocating for incremental change, like Cloud First, Mobile First, FDCCI, HSPD-12, TIC, etc. These approaches have clearly failed us. Now's the time for a moon shot in government IT – a digital Interstate Highway program. I'm going to call this .usa 2020 – the idea to completely replace our aging Federal IT infrastructure by 2020. You see, IT is the highway artery system that connects America today. I'm proposing that we take inspiration from the OPM disaster – and the next cyber disaster lurking oh so inevitably around the next corner – to undertake a mainstream modernization of the Federal government's IT infrastructure and applications. It's not about transformation, it's about death and rebirth.
To be clear, this is not simply about moving to the cloud. It's about really reinventing government IT. It's not just that our Federal IT systems are decrepit and insecure – it's about the fact they're dysfunctional. How can it be that the top five addresses in America received 4,900 tax refunds in 2014? How did a single address in Lithuania get 699 tax refunds? How can we have 777 supply chain systems in the Federal government?
Instead of constantly patching and trying to make do, what if we built a completely new government IT infrastructure? What if we designed new applications to support a 21st century America? Let me be clear, I'm talking about getting rid of the rusting hulk of our existing IT systems. Will it cost a lot of money? Yes. But, will it have a massive multiplier effect on our economy – hell yes. Think about the economic boost that America would realize by investing in a whole new U.S. government tech system.
We'd truly see the best and brightest attracted to D.C. to engineer tomorrow's society. Could we develop a secure government that resistant to cyber attacks and provides a model for industry and the world? Yes we could. Could we develop an agile government – that pivots to support new mission requirements? I'm going to say yes. Could we develop a more customer-centric and accountable government – a government where citizens get the benefits that they actually deserve and agencies are held accountable to real metrics? I'm going to say yes and yes.
But, let's go further. Let's consider the long-term impact on our economic performance. A better, more efficient government means a better and more efficient U.S. economy. An economy that flourishes, innovates, and provides engaging, good-paying jobs. FITARA's a great platform on which to ignite this change.
Does America care about Federal IT? Only when its Snowden or OPM or healthcare.gov. Let's use this crisis to get out of crisis mode.
Agency CIOs QB Fed IT – or do they? That's FITARA's goal – to improve Fed IT performance by ensuring CIOs are the only QB on the Fed IT field. So, isn't it ironic that, like the Redskins, DC's IT franchise is plagued by ownership and QB problems?
As we kick off the Redskins' season on August 13th, FITARA has it's own season opener on August 15th, the first deadline for agencies to submit their self-assessment baselines. MeriTalk released a new FITARA study this week, and we're hosting our own FITARA gridiron with OMB on August 11th at the Newseum, the FITARA Forum. Here's your chance to hear from FITARA coach Congressman Gerry Connolly, as well as to watch Tony Scott, OMB's FITARA implementation leads, GAO's Dave Powner, Rich Beutel, and a Federal CIO all-pro team take the field.
Super Bowl Shoo-in?
Overall, the study shows Feds are upbeat about the 2016 Fed IT season. Eighty-four percent think FITARA will put power to CIOs elbows and improve Fed IT efficiency. All good. But, like Congressman Connolly and his fellow Hill coaches, you want answers to the tough FITARA questions – how, how much, and when?
First, how? Forty-four percent of Feds point to FITARA's ability to reduce the number of duplicate systems, 41 percent point to better investment decisions.
Second, how much? Feds believe FITARA can block $12 billion in waste.
Lastly, Feds expect a quick turnaround – 20 percent expect to see FITARA impact IT efficiency within six months and an additional 38 percent expect to see real improvement within two years.
More than half assert that FITARA will increase the value of OMB's IT dashboard. Interestingly, just six percent think it'll increase CIO turnover – although I beg to differ here.
But sadly it's not a clear running lane into the end zone. Only 18 percent of Fed IT execs assert their agencies will definitely meet the August 15 deadline – and only 19 percent feel good about their agencies' ability to meet the next deadline on December 31st. While 60 percent are satisfied with OMB's guidance, 28 percent aren't familiar with OMB's FITARA guidance.
Tom Brady and FITARA?
Another burning question – can we rely on the data agencies provide in their FITARA reports? We're along way from Deflate-gate. That said, OMB's working hard to ensure agencies are playing by the rules. That's why they're reaching out to get the word out about FITARA. Here's your chance to get a seat on the 50 yard-line. Join us for the All-Star game on August 11th at the Newseum to check out FITARA's heavy hitters. Are you excited for FITARA football season?
Tags: Application Development, Collaboration, Database Management, Health IT, Mobile Computing, Net-Centric Operations, Networking, Security, Services, Storage, Supply Chain Management, Workforce
Asked about the best way to deal with the Y2K problem, an IT consultant quipped, let’s find the fella that fixed Y1K – and get him back on the job. It wasn’t Methuselah magic that mended the millennium madness, it was good old fashioned auditing and a commitment to Enterprise Architecture. After Y2K, IT, like a reformed drinker, took the pledge to skip the bottle and hit the EA gym. 15 years later, seems our heroes back on a high stool.
As 1999 became so last millennium, EA fell from grace. It became a confusing resource draw – and failed to clearly communicate its value to the business side. OMB and GAO provided plenty of guidance, methods, and surveys – but folks stopped paying attention. When was the last time you saw EA on a conference agenda? So, is EA dead – and if so, should anybody mourn his passing?
EA, CDO, FDCCI, and More…?
Yes, the taxpayer will cry. We certainly can’t afford to have EA slop off into oblivion. Consider Uncle Sam’s ballooning data center volumes – from 732 in 2010 to more than 10,000 in 2015. Consider the open data opportunity – and the emerging role of the CDO. Consider shared services in the cloud. You quickly come face to face with the IT sphinx. You can’t manage what you can’t see – and it’s impossible to count if definitions change. What is shared services if not a map back to Mark Forman’s FEA?
So, if EA makes so much sense, why isn’t it happening? Two primary challenges. By definition, EA is holistic – it cuts across agency boundaries, that means breaking budgetary rice bowls. Agencies, politicians, and contractors don’t want to surrender control. Second, everybody wants results now – appointees typically serve two years. Few are interested in taking the long, strategic view – that may put feathers in somebody else’s cap.
How do we breathe new life into the dark science? FITARA presents just the tonic. Join us on August 11th at the Newseum in D.C. for the FITARA Forum. Tony Scott, OMB’s FITARA leads, CIOs, and GAO. Register today here. We can't afford to wait another 1,000 years to get agencies current on EA.
Tags: Application Development, Data Center Management, Database Management, Desktops, Laptops, Printers, Document Management, e-Procurement, Enterprise Applications, Mobile Computing, Networking, Open Source, Project Management, Security, Services, Workforce
If you thought Fed CIOs’ dance cards were full with the cyber cha-cha, cloud can-can, and data center duck walk – it’s time to make room for some new moves. Here comes the FITARA Fandango. And, the first FITARA deadline for agencies to submit their self-assessments to OMB is August 15. It’s getting CIOs’ toes tapping inside and outside the Beltway.
That’s why the digital DJs at MeriTalk and OMB are throwing a hot new dance party – the FITARA Forum – at the Newseum on August 11.
So, who’s playing and what’s in the mix for the FITARA Forum? Fed IT jam master, Tony Scott, will open us up with the morning keynote. He’ll underscore why FITARA’s important, review OMB's implementation plans, and break down target metrics for success.
Next up, it’s OMB’s FITARA dynamic duo – Jamie Berryhill and Ben Sweezy – hosting an interactive FITARA studio. The fellas will dive deeper into the guidance framework. Here’s your chance to learn the moves, pose your questions to OMB’s dance instructors, and take a waltz with your peers.
And, it wouldn’t be a FITARA Fandango, without Fed CIOs – both in the audience and on the stage. The Forum hosts a Fed CIO panel – great opportunity to hear from the folks sporting the dancing shoes.
We’ll round out the half-day dance off with an expert panel. Rich Beutel, principal FITARA author during his tenure at OGR, and Dave Powner, IT lead at GAO. From author to auditor – the gents will provide insight on FITARA audit plans as well as thoughts on upcoming hearings.
And, to help frame the Forum, MeriTalk’s releasing a new study on August 10, FITARA From the Frontlines. It quantifies how Fed IT execs are up to get down on FITARA – awareness, compliance probability, and perspectives.
Deadline, leadership meeting, new research – FITARA’s Fed IT’s new groove. Have you tried the FITARA Fandango? Have you got a ticket for the party?
Tags: Application Development, Collaboration, Desktops, Laptops, Printers, Document Management, Enterprise Applications, Green IT, Open Source, Security, Services
I'm all for shaking up Fed IT. So, when Dan Tangherlini launched 18F, GSA's internal innovation hub, he grabbed my attention. More than a year later, seemed like a good time to check in on GSA's geek squad. The question, is the 18F experiment working – Fairytale or Frankenstein? I decided to ask around – talking to Feds and directly with 18F.
The program’s seed funding came from GSA’s revolving capital fund. 18F will pay back that investment by selling fee-for-service projects to agencies. As the program matures, 18F explained its focus on making a lasting difference – getting roots and giving wings to engagements. PIFs are hanging in D.C. longer – the 12-month term limits are history. 18F explained that a year just wasn't enough to really make a difference.
When I asked about successes, 18F pointed to analytics.usa.gov. It’s a pretty cool site that tells you in real time how many folks are visiting Federal websites – no lightning bolt, the weather service is consistently top of the pops. Cool, but not exactly transformational tech stuff that enhances fundamental government efficiency. 18F noted that Philadelphia’s showing analytics.usa.gov some brotherly love -- utilizing the code to provide web visit transparency to its citizens.
I did speak with some other Feds, who pointed to the work/dashboard page on 18F’s site. Interesting, but difficult to map from here to groundbreaking innovation.
However, the 411 on 18F is mixed. While Ex 18Fers sing the program’s praises, a series of Fed IT execs grumble the glossy sheen doesn’t reflect reality. They say 18F’s running amok. Agency "sponsors" don't know where to find their PIFs or quite what they do. Folks tell of an arrogant DNA – characterizing 18F consultants as patronizing and demeaning. "Seems they think they're smarter and treat us like we have no idea what we're doing." "What have they actually accomplished, beyond the website tracking thing?”
Folks also have questions about the cyber consideration – "if we didn't have to follow the rules, we could all move a lot faster too." “Prototypes built in minutes don't cut it when our bacon's on the line.”
I put these observations directly to 18F – they seemed aghast. They feel they’re super accountable. They note every agency has a 30-day-out clause. All work is structured in iterative cycles. So, if you don’t like 18F, here’s your chance to 86 them. 18F noted that agile is a leap of faith for anybody that hasn’t done it before – there’s comfort in a laying out a traditional waterfall timeline if it’s what you know. In fairness to 18F, based on GAO reports, waterfall has left much of Fed IT under water to date.
Responding to the arrogance accusation, 18F says they’re not trying to play “hero ball.” “We're not here to tell folks that they are doing it wrong – we want to be sensitive.”
Industry has real questions too. Companies feel 18F’s competing with the private sector – leveraging an unfair advantage to shill for work inside the government.
Ironically, former 18Fers do a much better job telling the 18F story than today’s team. 18F is committed to new ways of doing things – agile, minimal viable product, open source, tech sprints, etc. Former 18Fers say that if agencies won’t embrace these principles, 18F simply won’t work with them. That might explain the perception of arrogance.
As I said, it’s a pretty confusing situation. First off, if I might be so bold, 18F could use some real PR support. That said, the tension over 18F seems to be a quarrel between the past and the future of Fed IT. Is 18F perfect? Likely not, but they're surfacing new ideas – which has to be a good thing. The tension between traditional IT and smarty pants consultants is shake things up – and ultimately that’s good for Fed IT efficiency. We clearly need increased accountability and transparency in the equation – how and where is 18F delivering value – how much and at what cost? Is there an expiration date on the experiment?
It’s impossible to talk with everybody who’s had experience with GSA’s geek squad – so please write in with your feedback.
Until we hear more from you – it’s WT18F? TBD…
Smokey the Bear says, “Only you can prevent wildfires.” Today, that wildfire is the OPM breach. Yesterday it was IRS. The day before that, it was Snowden.
Tomorrow, it’ll spark up somewhere else.
Federal cyber pros are sounding the alarm. They are spending too much time fighting cyber fires. The old approaches and point products aren’t working – agencies need real change and a holistic approach to fight today’s threats, as well as new challenges smoldering for tomorrow.
Fanning the Flames
According to recent research, 93 percent of Federal executives indicate cyber defenses need significant improvement, but only 56 percent are assessing their networks daily to analyze and address security risks.
Einstein doesn’t look so smart right now – understand the intrusion detection system held the door open at OPM. CDM wasn’t enough. Fire likes oxygen – how do agencies choke the flames?
Dousing the Fire
An ounce of prevention is worth a pound of cure – and most cyber pros agree that an effective cyber posture is a combination of people, processes, and tools.
Many are turning to the NIST Framework for Improving Critical Infrastructure Cybersecurity as a comprehensive strategy to prevent the fire drills. The framework was developed in a year-long, collaborative process between industry, academia, and government stakeholders. It’s designed to work in any enterprise – public or private.
Want to learn more about the NIST Framework? Check out the abridged version. This Framework assessment tool helps agencies determine your cyber security capabilities and set goals for your future defense. NIST suggests organizations use the Framework to:
Stop, Drop, and Roll
Don’t forget to test your smoke alarms. And if they go off, don’t ignore them. This said, alarms and point products won’t keep you safe, and won’t keep you off the front page of the Washington Post. Check out the Framework to jump start your comprehensive, integrated cyber defense. Smokey's smiling.
Not sure if he's a coffee or tea drinker, but I do know Tony Scott's joining us for breakfast this Wednesday at the Cloud Computing Brainstorm at the Newseum. The Federal CIO will set the table for the half-day cloud chow down with his morning keynote address.
If you’ve got an appetite for cloud, Wednesday's Brainstorm's a tapas feast – nine tasty tongue tempters and untethered by 2:00 p.m. to trounce the traffic. With 600 govies registered, you'd better arrive early to get a seat at the table.
Here's the menu:
1st Course(s) – your pick. It's FedRAMP Fast Forward for industry. Working session on how to increase FedRAMP efficiency. Or, for the govies, join us for the Data Center Exchange FITARA implementation planning breakfast with Ben Rhodeside, tech lead from Congressman Connolly's office, and Ben Sweezy from OMB.
2nd Course – Yours truly – preview of the new Gov Cloud Shopper functionality
3rd Course – Tony Scott. What's new in Federal cloud – with a side of FITARA implementation planning
4th Course – Building the Cloud Business Model: ITA/Commerce, EPA, FCC, and USDA
5th Course – Trusting the Cloud: GSA, NIST, and Air Force
6th Course – Hybrid Future: Army, IRS, and ITC
7th Course – Anil Karmel from C2 Labs and the NIST Cloud Security Working Group
8th Course – Cloud Computing Caucus Advisory Group – industry perspectives
Dessert – NIST Cloud Security Working Group meeting – featuring a keynote from Jim Reavis from the Cloud Security Alliance
We're embracing a progressive theme for the party – the Cloud Caucus Don't Be a Box Hugger report provides our backdrop. MeriTalk's also releasing new research on DoD's Cloud Deployment plans.
Breakfast with Tony Scott and all of Uncle Sam's best cloud chefs. Make your reservation now. See you Wednesday – I'd arrive hungry and early.
Tags: Application Development, Data Center Management, Document Management, Networking, Project Management, Security, Services
Action packed this week. FedRAMP mass confusion. Capitol opportunity to get serious about FITARA.
But back to GSA's comments – two factors here. First, the FedRAMP PMO says it's drowning in rubbish submissions from CSPs. Babysitting poor submission's sucking up PMO bandwidth and choking off the supply of certified CSPs. But, if CSPs don't need to get FedRAMP to win deals, merely to say they're in process, there'll be a whole lot more incomplete and poor submissions on the way to the FedRAMP PMO. Second, what smart CSP's going to spend the $4-5 million – not to mention the anguish of the exercise – to go through the FedRAMP process, if it's not required? One additional thought. GSA says it's concerned about limiting competition. Doesn't FedRAMP limit competition by design?
Think GSA needs to reconsider its position. It's not just the vendor community – the Hill and GAO sitting up and paying attention.
Heads up, there's a little publicized Oversight and Government Reform IT Subcommittee hearing on the implementation plan for FITARA at 2:00 p.m. EST on June 10th. Witnesses Tony Scott, OMB; Dave Powner, GAO; and Richard Spires, former DHS CIO – and long-time FITARA champion.
We're all curious to see how this plays out. The fact that appropriators no funded Digital Services, makes you think the Hill's serious about putting some muscle behind FITARA. Some see Digital Services as an end around some CIO shops. Here's a wish for the hearing – hoping that we institute a FITARA scorecard. KPIs:
-Percentage of projects delivered on time
-Focus on incremental approach – percentage of projects scheduled for delivery within six months
-Percentage of IT contracts signed off on by the CIO
-Data center efficiency metrics
Now for the dismount – let’s finish as we began with FedRAMP. It’s ironic that almost a year to the day, after VanRoekle’s June 4 mandatory FedRAMP-compliance deadline came and went – like Obama’s line in the sand in Syria – even GSA is questioning the program’s raison d'être and fundamental viability. The statistics say it all – this time last year, there were 16 FedRAMP ATO’d CSP offerings – from 13 vendors. Today, there are 36 – from 29 vendors. Of those ATO’d CSP offerings, 17 came through the FedRAMP PMO and JAB process – 16 from agency the FedRAMP process. A year ago, there were 11 CSPs in the GSA JAB pipeline. Of those CSPs in the pipeline, four ade it through the process in the last year. The remaining seven are still in the pipeline. No matter where the ATOs came from, a total of 36 certified CSP offerings – from 29 vendors – is not nearly enough after more than three years.
The FedRAMP Fast Forward group met on Wednesday to talk about FedRAMP fixes. It’s too early to turn in the papers, but here’s a look over the shoulder at some early suggestions.
Build a capacity and through-put model for the FedRAMP PMO and JAB process based on today's resources. Publish specific metrics on how many CSPs the FedRAMP PMO and JAB can process in a year. At each phase of the process, state the FedRAMP PMO and JAB SLAs to CSPs from submission to response. This will take the magic out of the machine and allow us to measure performance and allocate resources appropriately. I hear your cries. What if the CSP submissions are rubbish – how’s the FedRAMP PMO supposed to meet its SLAs? Try this on for size – if the submission is materially deficient – and we need to quantify that – then the CSP is disallowed from resubmitting for one year. Tough love – and lawyers will get involved. But we need some more fiber in this diet.
Watch this space for more recommendations from the FedRAMP Fast Forward.
Hope to see you at the Cloud Computing Brainstorm on June 17th.
Never a dull moment in Fed IT. Let's hope the FITARA implementation plan is FedRAMP compliant – something has to be...
Tags: Application Development, Data Center Management, Database Management, Enterprise Applications, Mobile Computing, Open Source, Project Management, Security, Services, Storage, Supply Chain Management
Forget tuning in for the Indianapolis 500 this weekend. All eyes trained on the Great FedRAMP CSP Acquisition 500 right now. Smaller companies that pioneered the FedRAMP approval process are selling quicker than Express Lane traffic on the Beltway. EMC's eating VirtuStream. CSC acquired Autonomic Resources. QTS quaffed Carpathia. And, we've only in the first lap. We're going to see a lot more of the FedRAMP frontrunners lapped up as the IT industry giants realize they need FedRAMP – but flinch from the traffic, complexity, and cost of the certification process. What's the future of Clear Government, CTC, EconSys, SecureKey, Vazata, and more?
Running Into Traffic
The Cloud Computing Caucus Advisory Group annual report, Don't Be a Boxhugger tells us, as of May 2015, just 35 products were certified as FedRAMP compliant, with another 40 at one stage or another in the review process, and many, many more waiting to engage in certification. According to CSPs, the average cost to complete FedRAMP certification is between $4 million and $5 million. It takes around 18 months to get through the process. In April 2014, 24 CSPs were awaiting certification. One year later, 16 of those same CSPs were still in the pipeline awaiting approval according to the FedRAMP OnRAMP. Each FedRAMP certification submission typically entail 1,000 pages of technical and legal documentation. It's the importance of the certification to Federal agency buyers and the complexity of the process that's fueling the FedRAMP CSP buying race.
As more of the bigs jump into FedRAMP, it's going to change the feel of FedRAMP. Today, it's a cottage industry, that trades on relationships. Companies in the pipeline are more concerned about managing relationships with the FedRAMP PMO – so they can cash in on their certifications. Many of those companies are less concerned about how FedRAMP works as an operating model, the costs associated with maintaining their ATOs, and broader government-wide adoption rates. Too many that have made it through the process see the program's complexity as an effective barrier to entry that wards off competition on the track.
Oil on the Track?
A host of questions hang over scalability of the FedRAMP process – how can the program office manage the deluge of new CSPs that want to get through the process? We understand that the FedRAMP PMO currently spends as much time and money maintaining ATOs for the handful of CSPs already through the process – which means the program cannot scale.
Further, word is CSPs are running into challenges with the alternative agency route to FedRAMP certifications – as those agencies are bristling at the cost associated with managing those certifications. How can the FedRAMP PMO manage the volume without adequate funding? If there aren't enough cloud options, how's the government supposed to move to the cloud? The requirement to move to FedRAMP Rev 4 raises additional questions for industry and government alike.
FedRAMP Fast Forward
Industry wants a front seat in FedRAMP. That's why MeriTalk, working collaboratively with the FedRAMP PMO at GSA, is hosting a new industry working group. FedRAMP Fast Forward provides a venue to support, inform, and accelerate FedRAMP and broader cloud adoption across government. The group's structured in three workstreams:
1. Technical Standards and Process
2. Rules, Policy, Interagency Collaboration, and Communications
3. Training, Education, and Transparency
Interested in learning more? Download the working notes from the kick-off meeting or drop a line to firstname.lastname@example.org. The group will host a breakfast meeting at the MeriTalk Cloud Computing Brainstorm on June 17th.
And speaking of traffic, the Brainstorm features a morning keynote by Tony Scott, NIST Cloud Cyber Security Working Group session. Cloud Computing Caucus Advisory Group panel, as well as the FedRAMP Fast Forward session – so it's going to be bumper to bumper at the Brainstorm.
Tags: Application Development, Data Center Management, Database Management, Grid Computing, Networking, Project Management, Security, Services, Storage
One of the three White House IT priorities called out in the 2016 budget request, Digital Services may be the first IT casualty of partisan politics. A series of agencies have reported that their 2016 budget pass backs include a big goose egg in funding for Digital Services. We've asked the question of OMB – seems that's the case. The next question – what's the future for Digital Services with no funding?
It's no surprise that Republicans don't like the idea of the Federal government getting into the state and local business – providing services directly to citizens and growing the Federal budget footprint. Let's face it, the launch of healthcare.gov was certainly diseased.
Each cabinet-level agency was directed by OMB to ask for $9 million for Digital Services. These agencies built out plans for how to implement those Digital Services. Right now, they're wondering if that whole effort was a huge waste of time and money.
If Digital Services faces a dollar drought, what's the path forward? Will OMB find additional funding from another budget bucket? Should agencies focus on self-funding models – perhaps charging America a fee-for-service model? Will this drive a series of no-cost contracts? Dozens of questions out here on the digital frontier. Here's hoping Digital Services makes it out of the neonatal intensive-care unit.
Chances of snow – remote. But, this week was Cloud Christmas for agencies focused on IT transformation. Like a silicon Santa, Congressman Gerry Connolly unwrapped the Cloud Computing Caucus Advisory Group annual report, “Don’t Be a Box Hugger,” on the Hill on Monday. Based on interviews with CIOs and CFOs, Box Hugger divides agencies into a naughty/nice list of sorts. Pioneers – the early adopters who blazed the trail to the cloud. Fence sitters – who have dipped a toe into the cloud, but aren’t ready to make a mainstream transition. And, Box huggers – the anti-cloud crowd, clinging to their own hardware, software and rising cloud anxieties.
The report provides a sanity check on what’s really happening in Federal cloud – and regrettably, what’s not. Importantly, it offers a rationale to explain the movement or lack thereof, in the marketplace, and makes recommendations on the path forward. Three big takeaways:
And, if you want more data and analysis, Katell Thieleman, Gartner’s Federal lead, took the podium after Gerry Connolly. Playing Santa’s helper, she shot down five myths of federal cloud, a foretaste of what you could read in her new report on cloud in Federal IT – a lot of parallel themes. That and “Box Hugger” are two must-read resources for folks serious about change – you’ll see these reports referenced all around the Beltway.
But Wait, There’s More
We’ve only unwrapped the first gift. The elves at MeriTalk have been busy – we rolled out three significant new initiatives this week to improve the cloud forecast. If you don’t have time to read the book, you can watch the movie .
Government Cloud Shopper
Developed with the government – big thanks to Greg Capella at DHS, the team at GSA cloud, and many more – GCS is a free tool that takes the mystery out of cloud acquisition. This menu-driven “build a bear” for cloud provides cloud migration cost estimates based on FedRAMP-compliant CSP prices, professional services costs, and migration set-up expenses. That’s the full cost picture, not just the cloud services cost. It then allows agencies to go to the next level – design requirements – and submit them to the cloud GWAC procurement shop of their choice – GSA, NASA SEWP, DHS, Interior, etc. Change your requirements to see the cost difference between 99 percent and 99.99 percent uptime. What’s the difference between a naughty and nice cloud? Let us show you.
FedRAMP Fast Forward
As goes FedRAMP, so goes government cloud. It’s a consistent, central theme in Box Hugger. You’ll read the report, so I won’t get into detail here. That said, unless FedRAMP accelerates, there’s significant concern that it will collapse under its own weight. This isn’t just a government problem – industry gets it too. Especially the CSPs and 3PAOs that have invested millions in the certification process. That explains the launch of the new FedRAMP Fast Forward industry working group, comprised of FedRAMP CSPs and 3PAOs. Look for bright ideas – and collaboration with government – on how to enhance the value and efficiency of the FedRAMP process and reduce the costs of achieving and maintaining certifications. Second meeting at the Cloud Computing Brainstorm on June 17th.
Is FedRAMP at the top of your Cloud Christmas list? Then subscribe to the new FedRAMP 411 news source. All the breaking news, profiles of agency successes, and updates from the program offices. That plus status on all FedRAMP CSPs and 3PAOs. If it’s FedRAMP, it’s on FedRAMP 411.
And, as if this week’s not enough, mark your calendar for a second helping of Cloud Christmas on June 17th at the MeriTalk Cloud Computing Brainstorm. First up, FedRAMP Fast Forward breakfast meeting. Then, Tony Scott kicks us off with the morning keynote. Then NIST Cloud Cyber Security Working Group. The Cloud Computing Caucus Advisory Group is hosting an industry panel. And, of course, a star-studded program of Federal cloud practitioners sharing their agencies’ experiences in the cloud.
There’s a jingle in the air this Spring – it’s a Merry Cloud Christmas in May.
Considering we're getting down to the dog days of the administration – and CIOs are jumping overboard quicker than you can say FITARA – these are surprisingly heady times in government IT. We've got a new tech-savvy leader on the Hill in Congressman Will Hurd (R-Tx). We've got a new world-class Federal CIO with operational oil under his fingernails in Tony Scott. And, Amazon's recent earnings just proved that cloud is not only viable and sustainable – it's profitable.
Hurd on the Hill – Getting Down to Business
So, what can we expect for the balance of 2015 – and over the horizon in 2016? In a word, pragmatism. That and a real focus on how to actually produce meaningful movement forward. Don't think Tony Scott's going to try to leap any buildings in a single bound – but rather nurture the Fed IT workforce and look to stay the course of cloud transformation with a strong eye on cyber security. Now, everybody's watching for the IT hearing schedule on the Hill and listening hard to the auditors at GAO – we all want to know how and what we'll measure. It's not about forcing change, it's about common-sense IT transformation that really moves the ball forward in delivering quantitative improvements in IT efficiency.
Scott in the Spotlight – Focus on Getting IT Done
Want to hear Tony Scott's vision for the road ahead? You can join us at the MeriTalk Cloud Computing Brainstorm on June 17th to listen to the man in the driver's seat talk about Cloud, Cyber Security, the workforce – all against the backdrop of FITARA implementation plans that Tony released yesterday. What a great opportunity to tie everything together in the context of this new CIO empowerment law. Congratulations to OMB for meeting a deadline – evidence of the dawning of a new era.
Cloud Caucus Report – Don't Be a Box Hugger
All this, and the Cloud Computing Caucus Advisory Group meeting on May 11th on the Hill. We'll hear from Congressman Hurd's partner in progress, Congressman Gerry Connolly – and who knows, perhaps Hurd too? CCCAG will roll out its Federal CIO and CFO study – Don't Be a Box Hugger – the first comprehensive review of the state of cloud in Federal IT. Katell Thieleman, Gartner's Federal fashionista, will step up to the podium to provide that critical analyst insight – and, we understand, offer tidbits from her new government cloud study. That's must see IT.
Catch Up Over a Cocktail
Too much to take in via the written word? Then join us next week, Thursday, May 7th, at the State Theatre in Falls Church, to discuss what's shakin' and the path ahead as O'Keeffe & Company and 300Brand celebrate 18 years serving the government IT community. Register here. Rumor has it, we'll see celebrity appearances from Richard Spires and other Federal IT aristocracy.
More as this exciting story unfolds. Look forward to seeing you at the Cloud Brainstorm, on the Hill, and at the State Theatre. Don't they say that Spring is a time for revitalization? It is in Federal IT.
What'll it be – Cup of IT, beer, or shirley temple? MeriTalk's sister organizations, O'Keeffe & Company and 300Brand, are celebrating 18 years in business. Our theme, the 18th amendment, prohibition. Join us to wind the clock back to 1933, when Congress passed the 21st amendment repealing prohibition.
We invite you to help us celebrate our 18th anniversary and the repeal of the 18th amendment at the State Theatre in Falls Church. The party will feature live Irish music from my good friends at Brendan's Voyage. Everybody's welcome.
18 years serving our community. What better way to say thank you to our community for your confidence than throw a party where everybody's invited? Cheers to 18 years.