- December 2014 (1)
- November 2014 (4)
- October 2014 (3)
- September 2014 (4)
- July 2014 (4)
- June 2014 (3)
- May 2014 (4)
- April 2014 (3)
- March 2014 (4)
- February 2014 (3)
- January 2014 (2)
- December 2013 (3)
- November 2013 (3)
- October 2013 (5)
- September 2013 (3)
- August 2013 (4)
- July 2013 (2)
- June 2013 (4)
- May 2013 (3)
- April 2013 (4)
- March 2013 (2)
- February 2013 (5)
- January 2013 (3)
- November 2012 (2)
- October 2012 (4)
- September 2012 (5)
- August 2012 (5)
- July 2012 (2)
- June 2012 (4)
- May 2012 (3)
- April 2012 (4)
- March 2012 (1)
- February 2012 (4)
- January 2012 (2)
- December 2011 (2)
- November 2011 (4)
- October 2011 (3)
- September 2011 (4)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (4)
- April 2011 (4)
- March 2011 (2)
- February 2011 (3)
- January 2011 (3)
- December 2010 (3)
- November 2010 (4)
- October 2010 (3)
- September 2010 (3)
- August 2010 (3)
- July 2010 (3)
- June 2010 (1)
- May 2010 (2)
- April 2010 (2)
- March 2010 (2)
- February 2010 (1)
- January 2010 (1)
- December 2009 (1)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (2)
- July 2009 (1)
- June 2009 (2)
- May 2009 (1)
What does everybody in Federal IT want for the holidays this year? Answers to five FedRAMP questions:
Coal in OMB’s Stocking
The Council of the Inspectors General on Integrity and Efficiency (CIGIE) IT Committee’s September report on Federal Cloud Computing considers many of these questions. Some interesting stats: IG's looked at a sample of 77 Federal commercial cloud contracts valued at $1.6 billion. They found most cloud contracts don't follow the Federal government's cloud computing guidelines; three out of four.
Three quarters of agencies don't even require CSPs to be FedRAMP compliant. CIGIE dug in on 19 agencies' cloud programs – and found nine did not have a good inventory of their cloud systems. Extrapolate those percentages across all 438 Federal cloud contracts – some $12 billion worth – and it doesn’t take a red-nosed reindeer to see there’s a problem.
CIGIE lays the blame at OMB's feet. The report notes OMB set up FedRAMP via policy memorandum, established the JAB and PMO office, and imposed the June 5, 2014, FedRAMP compliance deadline. But, OMB failed to establish an enforcement mechanism to police deadlines and hold agencies that fail to comply accountable for their actions.
CIGIE offers four recommendations. It firmly recommends that OMB determine how to best enforce FedRAMP compliance for CSPs and establish a reporting system to ensure agencies require FedRAMP compliance.
What's Under the Tree?
Rumor has it GSA is readying a two-year FedRAMP roadmap. Could it be under the tree in time? Will it clarify the policy? Will OMB take the leadership opportunity it provides?
Naughty or Nice?
MeriTalk and the Cloud Computing Caucus Advisory Group are being peppered with calls and emails from unhappy CSPs who thought they'd been nice by getting into the FedRAMP pipeline, but now are being told they've been naughty. Some agencies won't buy services from CSPs unless they're all the way through the FedRAMP process; others are buying, as long as CSPs are on a FedRAMP pipeline with GSA or another agency; still others are looking at where CSPs are on the FedRAMP OnRAMP – documentation, testing, authorization, and the end zone (continuous monitoring). Based on the CIGIE report, a whole pile more of agencies are just sidestepping FedRAMP all together. The Hill is asking questions.
More Elves Please
Matt and Claudio in the FedRAMP PMO at GSA are working long hours in the FedRAMP toy workshop. We launched the FedRAMP OnRAMP with GSA in March of this year. We took a look back at pipeline progress and who's gained an ATO in the past nine months. Here's the before and after.
In March there were 10 ATO’d CSPs, with a total of 11 certified solutions – Microsoft had two. Eleven more were in process for ATOs. Nine months later, only three more CSPs are ATO’d, and only 15 solutions are certified – Microsoft and Oracle have two each. Three CSPs haven’t progressed at all – Layered Tech, VirtuStream, and MaaS360 – while Carpathia has set the pace as the fastest-moving CSP in the pipeline. Another 17 CSPs are in the ATO process.
FedRAMP is critical to government adopting cloud. GSA needs reinforcements in the workshop – more elves, please.
Curious to know how DoD is doing on cloud? Register for the Cloud Computing Caucus Advisory Group “Defense Goes on Offense” program taking place this February 12 on the Hill. Seems DoD is marching to the cloud in double time.
New Year's Resolution
As goes FedRAMP, so goes mainstream government cloud adoption. GSA’s working hard to lead the way. Here’s hoping OMB makes cloud part of its New Year’s resolution – or we can kiss mainstream cloud adoption goodbye (yes, that can be under the mistletoe...). What's on your cloud holiday list?
Halloween is safely in the rear view mirror – but Uncle Sam's still wracked by IT nightmares. App glutony's front and center as we head to Thanksgiving – and a new MeriTalk study, the App Gap, showcases agencies' eating disorders.
GAO sets the table on stats. With 777 supply chain and more than 600 HR systems – there's clearly too many calories in our app diet. And, agencies have no plans to reduce their app portions. Seventy percent of Feds expect more apps on the plate – projecting a 19 percent expansion in agencies' app waistlines.
GAO says agencies spend 69 percent of their budgets maintaining systems that are past the sell-by date. MeriTalk pegs the cholesterol count still higher – with 79 percent of agency budgets invested in George Foreman grills. Only one in three Feds say their current infrastructure provides a well-balanced diet to support their agency's mission.
As in life, poor folks eat poorly. Seventy-three percent of Feds assert that budget keeps them from updating legacy systems. However, if you look for the soft part in the middle, 36 percent of Feds point to politics as the poison – that's nothing new in D.C. If folks are used to the all-you-can-eat buffet, nobody'll want a salad.
Peanut Butter Not the Solution
Paying off on the politics, Fed IT pros assert that they're forced to peanut butter available budgets over too many rotting apps.
If freed to take out the trash, 48 percent of Feds would serve up new apps, 43 percent would consume the cloud – and IT pros assert that new virtualization investments would trim the IT fat by $4.5 billion.
Looking for a recipe for success this turkey day – and a heaped helping of hilarity? Look no further than our Fed IT gourmets' take on bad lip reading – That's How You Cook a Bird. Key ingredients – hint of Halvorsen, pinch of Palmer, Barloon broil, Rudnicki roast, butter goes on top.
Now that's funny...
Enjoy the holiday with your family.
If you'll pardon the puns – mobility is the most dynamic sector in Fed IT. And, securing those environments is a moving target. But, to be sure, Fed mobile security is no laughing matter. Just last year, Fed cyber warriors had to respond to 228,700 cyber incidents. This AP story on Key Federal Cybersecurity Breaches Over the Past Years will turn us all into cyber worriers. Snowden to China to dodgy-UK hackers.
Mobile Work Exchange, MeriTalk's sister organization, lives right at the crossroads of cyber security and computing on the go. There's no shortage of danger. Some stats from recent Mobile Work Exchange research – six percent of Feds who use a mobile for work say they've lost or misplaced their phone – that's 3,500 chances for a security breach. Fifteen percent of Feds have downloaded a non-work related app onto their work mobile. Fifty-two percent fail to use multi-factor authentication or encryption. One in four don't use a password on their work mobile device. You can check your personal mobile security profile using the Mobilometer.
If you want to get up to speed on the mobile security maelstrom. If you want to learn more about how to mitigate mobile malware. If you want methods to marshal a mobile mantra around security. Tune in November 18th at 2:00 p.m. EST for the Mobile Security Movement webinar. You'll hear from real government mobile security experts – Tarrazzia Martin at HUD and Dr. Sam Musa at EEOC. Register today – seating is limited.
Half pour this week – figure it's easier to read on that Blackberry. I'll be waving to you on the webinar November 18 – register today.
Don’t go boating without a life jacket. And, don’t collect, store, or try to manage data without an Information Governance strategy. That’s IG, but if you don’t have one, you’ll end up all at sea with the another IG – the Inspector General. Turns out many organizations – public and private – have set sail without taking the proper precautions. For too many agencies, information governance strategies, like access and security, are an afterthought.
A recent research study – “Navigating Information Governance: What’s Your Strategy?” – quizzed public- and private-sector attorneys, IT executives, FOIA agents, and records managers about information governance. Everybody agrees information governance is critical to their organization’s mission.
But information governance practices are murky. And, government and industry are mostly in the same boat.
Nearly three quarters of organizations have a formal, enterprise-wide information governance strategy, but just one in five says it’s very effective. Organizations understand the problem and the steps to solve it, but information governance programs consistently fall short.
Drowning in Data
How’s this for a rising tide? The digital universe doubles every two years and will reach 40,000 exabytes – 40 trillion gigabytes – by 2020. For context, a single exabyte of storage can contain 50,000 years’ worth of DVD-quality video.
Although some measures and regulations are necessary for data protection and public transparency, many organizations believe they’re fighting against the tide on regulation. When it comes to eDiscovery and FOIA requests, organizations’ biggest technology weaknesses include: data processing and filtering (38 percent), data collection (36 percent), and review (28 percent).
Respondents also say data security and protection is the single largest information governance risk their organizations will face if not addressed, but only 37 percent give their organization an A for data protection.
Missing the Boat?
In contrast to the private sector, Feds say budget’s their most significant information governance challenge. Management needs to know that proper information governance will improve business operations, regulatory compliance, and constituent service across the board.
Beyond harnessing, synthesizing, and turning information into intelligence, organizations need to be in control of data to meet governance transparency objectives, respond quickly to eDiscovery requirements, manage FOIA requests and internal investigations, and comply with records management regulations.
To ensure effective, enterprise-wide information governance programs, organizations need to focus on people, process, and technology improvements. A whopping 95 percent of organizations have made investments in this area in the last two years. And, over the next two years, organizations will invest further in security software, document management, data loss prevention, and backup.
So organizations should gain visibility, take action, and assume control of their own data. When executed correctly, an all-inclusive approach makes information available to those who need it, when they want it, while reducing storage costs and safeguarding compliance.
Read the full report here.
Is your organization sinking or swimming in information governance?
Has government procurement lost its rudder completely? Stand aside the $500 hammer and golden toilet seat – seems IT procurement is all at sea.
The Navy’s ahead of the wave. Fearful of protests by bidders forcing it to walk the plank, the Navy awarded its $5.3 billion Seaport-E to 3,752 companies. The sailors’ll be drowning in proposals, and the contractors’ll be thirsting for revenue.
All at Sea?
How does the Navy torpedo IT cost from $286 million to $2.1 million? NMCI/NGEN price for SPAWAR Pacific email – $286 million. Price shopped to DISA, $55.3 million – but looking through the telescope and not seeing a solution on the horizon this decade. Dell wins with COTS cloud commercial Microsoft hosted email for $2.1 million. Now that’s plain sailing. Evidence that cloud means a hole in the boat for IT contractor revenue?
Top 20 to Watch?
But let’s look past these two vessels to consider the full horizon – and beyond the horizon. BGOV and Deltek recently came out with their respective FY 2015 lists of the top 20 Federal IT programs. These are the aircraft carriers, although Deltek’s has a bigger landing strip at $206 billion vs. BGOV’s $136 billion. To be sure, these are no trifling sums. Place BGOV’s lightweight vessel next to national economies to put it in perspective. The Top 20 programs have a combined value that exceeds Bangladesh’s GDP, weighs in at just a hair less than Iraq’s, and comes in at more than half Israel’s.
Cloud in the Armada?
On a flight last weekend I took a look at the data. Here’s what I found. First observation – no explicit cloud programs, although they’ll likely sneak into many of the solutions. No place for cloud in mission-critical infrastructure or apps?
But let’s focus on what’s here, rather than what’s not. Here’s the breakdown of the mega contracts. It’s green gov at the head of the fleet. No, that’s not eco-friendly. Marching at the head of the flotilla is the U.S. Army, with three programs worth $69 billion. No fatigue here. Then it’s a long fall back to the number-two contract – Defense Health Agency’s $20 billion D/SIDDOMS IV.
Stern to stern in the third berth are DISA and VA at $12 billion apiece. GSA sits next in the lineup with two programs valued at $9 billion. Then it’s DHS with three programs valued at a total of $5 billion, with the Air Force right on its wing tip – it has three programs with a combined value of $4.3 billion. Then it’s Navy, HHS, SOCOM – at $1 billion each, followed by the Army Corps of Engineers and DOT, with $0.9 and $0.8 billion, respectively.
Any Port in a Storm?
Mapping BGOV to Deltek is not exactly 20/20. Only six of the BGOV programs appear on the Deltek top 20. Interestingly, drilling down on those six programs, the two analysts attributed different values for the same contracts – to the sum tune of $8.2 billion. BGOV is more optimistic. It values Army’s ITES-3 at $25 billion, while Deltek values it at only $20 billion. BGOV puts VA’s whopper at $12 billion, where Deltek shorts it at just $9 billion. They trade places on Army Encore III – Deltek values the program at $12.2 billion, with BGOV placing it at only $12 billion. Further, BGOV attributes with greater fidelity, attaching Encore III to DISA and D/SIDDOMS IV to DHA. Deltek maps them both to DoD.
Lots of differences between the numbers but one thing is sure – there’s still lots of money in Fed IT. That said, this could be the calm before the storm. The 2014 bipartisan budget agreement smoothed the waters for 2014 and 2015, but sequestration took $1 trillion out of the budget over a 10-year period – that considered with clouds on the horizon – and it could be there’s a storm brewing over the horizon.
Feeling sea sick? Grab the Dramamine. You may need it. How do you see the future for Fed IT funding?
There's an arms race going on like we haven't seen since the Cold War: HP, IBM, Amazon, and Google. They're knocking together data centers quicker than the price of cloud computing can plummet. The price of Amazon’s web services has fallen by about 50% every three years since 2006. Where will it end? Are the new entrants pushing the traditional players into mutually assured self-destruction? What happens to the customer if the provider goes up in smoke?
What’s the price for dot.com stocks?
Anybody else afraid the emperor may be naked? How quickly will Nero catch a chill if the cloud condenses? Oh, and I know, cold is only an anagram for cloud if U are in it.
Why Go to Work?
Every day you shave or powder your face in the mirror, put on a smile, and head out to make the doughnuts. But, what if you could get paid for doing nothing? And not just get paid, but earn millions? That's precisely what fraudsters are doing every day in America. And, who are the dummies paying these deadbeat crooks? Here's the punch line – it's you and me, my friend. Individuals and organized crime are cleaning up stealing from Uncle Sam – and all of us.
Calling in Sick?
As America ages, we’re addicted to ever more expensive healthcare. We spent 17 percent of GDP on tests and remedies – that’s $2.7 trillion – just last year. Uncle Sam spends $415 billion and $600 billion each year on Medicaid and Medicare, respectively. In 2012, Donald Berwick, one time head of CMS, examined the patient for fraud fever. His diagnosis, the disease adds $98 billion to Medicare and Medicaid – and $272 billion to national healthcare costs.
How? Everything from billing for phantom wheelchairs and pushing prescription drugs on the street to Lazarus’ ambulance use and good-old-fashioned overbilling.
Not to be outdone, tax scammers are turning the IRS into an ATM. Hang onto your hat – or wallet – for these stats. Each year, the IRS receives 145 million tax returns – 75 percent want refunds. TIGTA estimated that the IRS paid refunds to 1.5 million fraudsters in 2011. The top five domestic addresses received 4,900 refunds. Heavens above, IRS paid 655 refunds to a single address in Lithuania. Between January and September of last year, IRS identified 170,000 fraudulent returns filed by prison inmates.
How? Identity theft – filing tax returns for innocent victims, and collecting the refund checks.
Welcome to Miami?
Miami is the healthcare and tax fraud capital. It generates fake tax returns at 40 times the national average. Is it the sunshine or the orange juice? Neither, Miami’s hot because of the old folks. Lots of medical bills, loads of folks who have a social security number but do not file a tax return, and yes, lots of dead people.
What’s This to IT?
The $80 billion Federal IT budget is dwarfed by fraud. Further, Capitol Hill understands and cares about fraud. Folks like Gary Cantrell, an investigator at HHS, have demonstrated the power of analytics to ferret out fraudsters – returning $8 for every $1 invested. But, in D.C. it’s not about RoI, it’s about Return on Political Capital – RoPC.
Rather than sell the cost savings of cloud, perhaps we should focus on the ability to level stovepipes and bring data together across the government to catch cheats? There is no national repository for Medicaid data, which lives in each state. Put Federal apps in the cloud and question farming will yield new insights and massive savings.
Stealing From Uncle Sam
Want to learn more? Attend our Stealing from Uncle Sam: Fraud, Waste, & Abuse forum at the Newseum on November 19 – don’t worry, this isn’t a how-to tutorial. Join Senator Carper (D-De), Chairman of the Senate Homeland Security and Government Affairs Committee; Gary Cantrell, Deputy Inspector General for Investigations at HHS; Dean Silverman, Director, Office of Compliance Analytics at IRS; and Marshall Presser, Field Chief Technology Officer at Pivotal.
What do you think the governement should do with the $272 billion stolen in healthcare cost?
*Special thanks to the Economist Magazine for the inspiration and many of the data points.
2014 is a tipping point. For the first time, IT will serve more pages to phones than PCs. So, aren’t phones cloud devices? Sure we’ve wrestled with Hunger Games horrors, but most everybody’s dialed into the mobile cloud. Hold the phone. According to two new GAO reports, Uncle Sam is still struggling for cloud dial tone – although seems to be getting through in data center savings.
Why Be a Box Hugger?
GAO’s cloud report looks at seven civil agencies – gauging cloud progress since 2012. The numbers speak for themselves – while the branches have a total of 80 new cloud services, the uptick in cloud spending is just one percent.
Why so low? Two reasons. GAO tells us that agencies aren’t up for legacy migration – they’re only considering new build for cloud. That means 67 percent of the IT spend is off the table before you start. Second – and I’m adding this to GAO’s analysis – cloud is too hard to buy. Acquisition ache surfaced as a constant theme at the recent Cloud Computing Brainstorm.
Seems Terry Halverson’s falling in with these issues. Interesting to watch him strafe the DISA cloud last week – encouraging the agencies to go AWOL to get the cloud they need.
Caucus and the Cure?
That brings us to tomorrow’s Cloud Computing Caucus Hillversation. Join the Air Force, DHS, GSA, and NASA SEWP on the Hill for a lively discussion on cloud acquisition. We’ll also preview a new Independent Government Cost Estimator tool for the cloud. While the FedRAMP OnRAMP shows you what’s available, the IGCE takes you deeper – to understand how to buy FedRAMP-compliant cloud and how much it’ll cost. This gizmo’ll put some pep in your COTR’s Cloud step.
CIO Cloud Connection?
And, if you need more cloud in your life – and GAO says most Feds do – here’s an early flag for a gathering of CIOs on the Future of the Federal Cloud. November 18 – a half-day session, featuring Fed CIOs, with real dialogue about what’s working and what’s not in Federal cloud. Sorry this program’s government only. Feds register here.
Is FDCCI Dead?
Not to forget cloud’s twin sister, GAO put out an eye opener on Data Center Consolidation. While cloud’s dealing with hang ups, seems data center consolidation’s dialing direct to the bank. GAO looked at 24 agencies' FDCCI efforts, 19 reported a total of $1.1 billion in cost savings and avoidance 2011-2013. Three – DoD, DHS, and Treasury – contributed 74 percent of that lettuce.
But, as you’ll remember, the goal for FDCCI was to save $3 or $5 billion by 2015. GAO looked downstream between here and 2015 – and further to 2017. Altogether 21 agencies plan to save $2.1 billion by 2015 – and another $2 billion by 2017. Which takes us to $5.3 billion in cost savings and cost avoidance.
So, seems FDCCI’s far from dead. That said, here’s a stat and a source for you.
As of May 2014, agencies reported a total of 9,658 data centers – approximately 6,500 more than reported by OMB in 2011.
All part of a successful consolidation push. And, people think I make this stuff up…
Do you think cloud is rising or sinking? Is there enough cloud in your life? Is cost avoidance the same thing as cost saving?
Ellison is footloose at Oracle. Mega merger murmurs – HP, EMC, Dell, and Cisco? iPhone 6 off the hook. Big tech headlines. But, did anybody notice Steven VanRoekel step down as Federal CIO? The answer, deafening silence. As D.C.'s neck deep in end-of-fiscal-year planning, it's an interesting time to consider what's ahead for Fed IT.
Who's on First?
The days when Uncle Sam's massive buying power shaped tech may be over. And, as CIOs jump CapEx to OpEx, procurement needs to consider who'll assume the risk if Feds don't want to clear cut contractors. Who'd capitalize a specialized government cloud if you only get a two-year contract? Why would you step up to fund certifications if the government doesn't buy what it sells? The Beltway as we know it may become a less congested place.
V for Victory?
From Vivek to VanRoekel – it's quite a journey. Who's the next Fed CIO has always been an exciting question to ponder. Not much buzz right now.
How's the end of year shaping up? Everybody's watching Teresa Carlson's numbers. Who should take the helm at the USS IT? If Bezos bought the Post, perhaps Larry Ellison wants in as Fed CIO? Is it time to merge agencies' IT operations – or consider a buyout from the commercial sector? What do you think?
Did you know that the Union Jack – made famous by the Red Coats, Reebok, and Austin Powers – is in peril? On September 18, Scotland goes to the polls to vote on independence from the “United Kingdom” – or, more accurately, England. This after a 309-year shotgun marriage. If the Scots lift their skirts to the Sassenachs, like the flag the notion of Britain as a united kingdom may literally come apart at the seams. The Saltire, the Scottish flag, is an integral part of the Union Jack – which is itself a compilation flag.
Stick or Quit?
As I mentioned last week, I was in England this summer. As you can imagine, the Scottish independence referendum is a hot topic at the local pub. Will St. Andrew walk out on St. George? Like William Wallace and Edward Longshanks, the leaders of the pro- and anti-independence parties – Salmond and Darling – are at one another’s throats. Word is the stickers are a wee bit ahead of the quitters. But the latest polls are getting tighter – William Hill, the bookies, quotes 1/5 on sticking and 10/3 on quitting.
Here’s the rub. Whatever Scotland’s decision – David Cameron, British Prime Minister, is caught between clans. He’s against Scotland's secession from the U.K. – but he’s for the U.K. cutting loose from the EU. Business is piling on pressure for Scotland to stay – as banks, including the Royal Bank of Scotland, threaten to move their headquarters south is Scotland cashes out.
If the Scots take back their haggis and highlands, what if the Welsh decide to let the dragon fly? Yes, Wales is a separate country that’s not part of England. And, that brings us to England’s oldest overseas colony – Ireland. If the tartan army takes off, does that elevate Ireland’s case for reunification?
Celts call the Union Jack the Butcher’s Apron – because England wrapped itself in the Union flag when it planned to do mischief. Seems the butcher’s apron itself is now on the block. We’ll know on September 19.
"Aye, fight and you may die. Run, and you'll live... at least a while. And dying in your beds, many years from now, would you be willin' to trade all the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... our freedom!"
Should the Scots go for independence – what do you think?
Hope you enjoyed the labor-day break.
And, speaking of breaks, it’s been three weeks since I poured a Cup of IT. Why? I took a vacation – two weeks in Blighty. First time in 23 years. Must confess I was apprehensive – how would the D.C. IT scene manage without me? Seems you did just fine.
Here’s three cups in one to ensure you’re recaffeinated.
PTO suffered some infringement on its telework triumphs. Regrettably, this is a management mess manifest as a telework tragedy. PTO blazed the trail on flexible work for Feds. Issa’s amping up oversight – a good thing. Net here, is Federal telework dead? No. It’s impossible to put the genie back in the bottle. Telework is a mainstream reality for Feds. The notion of tracking keystrokes is absurd – its 30 years too late for 1984. Managers need to manage their people whether they're working in the office or remotely. Mark your calendar now for the Mobile Work Exchange Brainstorm at the Newseum on May 13, 2015. Hopefully PTO will keynote – discuss lessons learned and put this thing in context.
Feds – now’s the time to tell your telework success stories on the Mobile Work Exchange site. Feds, it's time to speak up for the value of flexible work. Also, check out this webcast on how to do telework right – Defining a Comprehensive Mobile Work-force Strategy.
There’s a lot happening in Fed cloud. Dave Powner at GAO has a new report coming out. DISA CIO David Bennett is the morning keynote and DoD Deputy CIO for Cyber Security Richard Hale is the afternoon keynote at the Cloud Computing Brainstorm on September 10th at the Newseum. Maria Roat moved on from the FedRAMP PMO to become CTO at DoT. Matt Goodrich now heads the FedRAMP PMO. More than 400 Fed cloud execs will cram into the Newseum for the Cloud Computing Brainstorm to hear the latest on Federal cloud – register today.
DMV & STDs?
Virginians aren’t lusting after a driver’s license like they used. Applications from 15-year olds for learners’ permits down six percent. Why? Texting does not get in the way of driving – it’s vice versa. Teens tossing keys for keyboards – Facebook beats the mall. Need a date? Skype and sexting easy, casual, and immune to STDs. Uber putting the brakes on driving – Google cars may total the notion.
So, is it DMV RIP if driving’s no longer derigeur? Perhaps it becomes an identity authentication services provider for access to government services? DMV is only one example of how tech advance and changing consumer behavior are remaking government services reality. Just look at the Postal Service.
Like the season - change is coming.
Hope to see you at the Cloud Computing Brainstorm. You don’t need a driver’s license – take the metro. And, telework another day.
Joe Hungate - Neat Stuff?
I'd give my right arm to be ambidextrous. If you look at what ails Fed IT, it's not tech – you can distill it down to communications and finance. So what if you had a Fed exec who's in touch with tech, bounces with a balance sheet, and knows how to get his point across? Let me introduce you to Joe Hungate, deputy CFO at HUD. It's a name from Yorkshire in England – meaning water gate – not like Nixon - and Mr. Hungate's carrying the water for government efficiency – and something a little stronger – read on.
I met Joe when he was CIO at IRS TIGTA – and blazing the trail on telework and mobility. He then served as a detailee investigator for House Appropriations. Now he's pulling finance levers at HUD. So, I thought I knew Joe pretty well...
Turns out, in addition to his day job, Joe's a Scottish whisky aficionado - Joe assures me dropping the 'e' is consistent to the Highland heritage of the hooch. Now, who doesn't like a tipple every now and again? But did you ever buy your own barrel? Seems Mr. Hungate acquired a taste for whisky in the Highlands. But, as if a barrel wasn't enough, he's partner and CFO in the Virginia Distillery Company, a new whisky distillery in Lovingston – that's 30 minutes south of Charlottesville. Check out the bottle - no 'e'.
I'll raise my glass to a Fed exec who's triple distilled – tech, finance, and communications – and in touch with Hill appropriations. Here's to Joe Hungate – hitting with all three hands, and far from your average Joe...
Not as charged as Palestine and the Ukraine, Federal cloud is nevertheless disputed territory. Released three and a half years after OMB issued the "Cloud First Policy", a new MeriTalk study “Cloud Confusion: Is Private Cloud Holding Feds Back?” provides a sanity check on Uncle Sam's cloud progress.
$18.9 Billion Bonanza
Based on a survey of 159 Fed IT execs, the study opens with big numbers. The Federal government could save $18.9 Billion by migrating services and apps to the cloud.
But, if you dig beneath the promise, cloud reality comes up short. And, it seems how you define cloud is disputed territory. Forty four percent of Feds report their agencies are missing out on savings by using private clouds versus public or community solutions. And, they tell us that 56 percent of Feds’ cloud adoption to date has been private cloud.
C is for Cloud
The majority of Federal IT managers give their agencies a "C" or below for cloud progress. Only 41 percent said their agency considers cloud as part of the overall IT strategy. Fifty one percent have used cloud strictly for a limited number of specific applications. That said, those agencies that fully embraced cloud in their overall IT strategy show much better savings performance. Cloud-centric agencies saved twice as much with their cloud deployments than box-hugger agencies.
Considering the savings sweet spot moving forward in the next two years, agencies tell us they’ll migrate CRM, logistics, and procurement applications. Further, FedRAMP is important – 41 percent say that they’ll explore public, hybrid, or community clouds thanks to FedRAMP certification.
Check out the study and mark your calendar to attend the Cloud Computing Brainstorm September 10 at the Newseum in D.C. DISA CIO David Bennett is our keynote – his perspectives will be insightful. That much is indisputable.
Ever wonder about the validity of social media? What's the moniker – trust but verify? I've always had my suspicions about Facebook Likes. Not to mention those randos that follow you on Twitter, even though you have not tweeted in four years. I'm really not that popular in real life – ask anybody that knows me. Well, Derek Muller at Veritasium dishes on the lies behind the likes.
Here's where I commit social hara-kiri – I'm going to recommend that you take nine minutes out of your day to watch a YouTube video. Not only is the content insightful – but the presentation style is worth your time investment. You have 1,440 minutes per day – 10,080 in a week. So, nine minutes is 1/160 of your day – or 1/80 if you sleep half the day.
I'll make this cup a quarter pour. Give you more time to watch the video. Remember, all that glitters is not gold.
You may think that 238 years ago, your ancestors sent my ancestors packing. On the 4th, I like to remind folks I'm Irish. All this independent spirit inspired MeriTalk to question the tyranny of yesterday’s IT in D.C.
Well, Yankee Doodle, stick a feather in your cap and check out our newest study – Consolidation Aggravation. Yes, if we’d considered the timing, we would have called it Data Center Independence Day. We’re doing the patriotic thing and rebelling against despicable data – and its damaging effect on FDCCI, the cloud transition, and the future of America. It’s like one of those box office action movies –“Men In Black 4: The Data War.”
Okay, back to the small screen. Net up front, is your data working against you? Fed IT managers tell us Uncle Sam can save $16.5 billion in the next decade by dumping duplicitous data. More than one in four agencies waste 50 to 88 percent of storage capacity stockpiling copy data. In 2013, 27 percent of agencies’ storage budgets funded duplicate data. That’s $2.7 billion in 2013 – and $3.1 billion in 2014. That’s more than a lot when you consider Jefferson only paid Napoleon a hair over $11 million for the Louisiana Territory…
Stars and Stripes Forever?
Fed IT managers tell us that 40 percent of Uncle Sam’s data assets exist four or more times. Further, one in three agencies do not vary the number of data copies based on the significance of the original copy or the likelihood it will be used again. How many stars and stripes do we really need?
Is the number of data centers inevitable? Drilling down on FDCCI feedback, 72 percent of Fed IT managers tell us they have the same number or more data centers than they had when the FDCCI program launched in 2010. Only six percent gave their agency an “A” grade for FDCCI. What would Teddy Roosevelt make of this?
So, the logical question is why isn’t FDCCI going better? What stops agencies from rising up – or at least taking out the trash? Fed IT managers flag overall resistance, data management challenges, and data growth.
Give Me FDCCI or Give Me Death?
Like the founding fathers, Fed IT pioneers are leading the charge to virtual and software-defined everything. Server virtualization has proven its mettle on the battlefield. Now it's data virtualization, SDN, and even software-defined hardware on the ramparts.
Didn't Benjamin Franklin tell us that the definition of insanity is to assume the same behavior and expect a different outcome? Check out the study for a manifesto on change.
And, before you throw me on the firework pile this 4th – English or Irish, I'm an American now.
Hat Trick, Heaven or Hell?
Is it me, or is it slow in Fed IT? Maybe it's because everybody’s watching the World Cup? Worldwide viewership is four times that for the Olympics – and global productivity will drop four percent this month.
A hat trick of humor – and perhaps a tear in my saucer this week.
Big howdy to Dr. Ron Ross at NIST. He's a real country fan. Gave me a smile by observing that cloud is like Kenny Chesney's famous song – “Everybody Wants to Go to Heaven, But Nobody Wants to Go Now.” Now, I don’t know much about country, but guess that’s better than “I Hold On.”
What’s the world’s second largest sport? Baseball? Basketball? Guess my delivery gave it away – watch out for the googley. Yes, it’s cricket. If you think football’s boring... Kenny Chesney’s Seven Days is pretty close. It takes five days to play cricket properly – and that’s without commercial breaks.
Okay, I know you lot don’t have much time for football – sorry, the real football. But, when England plays in the World Cup – it’s damned close to a religious experience for yours truly. This month, the Three Lions took me from Hillbilly Heaven to ***** Tonk Hell. How can England have so many great players and play so rubbish? How can you invent the world’s game and get a red card in the first round? I’ve Got Tears in My Ears From Lying on My Back Crying Over You.
And, if it’s bad for the Three Lions, consider the Indomitable Lions. Cameroon had a player sent off – then two of its team got in a dispute, and one head-butted his own teammate. And yesterday, Uruguay's Suarez bit one of the Azzurri – whole new meaning to Italian food. Why you gotta be so mean?
The whole football world order is out of balance – Davids have felled Goliaths all over Brazil. Form book thrown out of the window. A goal bonanza. Big shout out to the U.S. team. My tip, Brazil or France for the cup – My Cup, anyhow. Please, anybody but the bloody Germans – I’ve Never Wanted Nothing More.
Hero or Zero?
Fed IT’s a jungle. Healthcare dot bombs. Super spies and insider imbeciles. To say nothing of hacker hijackers, big data booby traps, data center delinquents, and box huggers.
Mild-mannered cube dwellers by day, Uncle Sam’s digital defenders form the thin blue line on the carbon-silicon frontier. Three cheers for the likes of Terry Halvorsen, Walt Bigelow, Patrick Dowd, Jeff Eisensmith, David Bennett, and Maria Roat. And oh baby, there’s friction on the digital divide. App sprawl. FedRAMP fury. HSPD-12 dyslexia. BlackBerry sour grapes. There’s a joker in every deck.
Have Cape and Mask – Will Telework
Yes, we know it’s a dog-eat-dog world out there. That’s why MeriTalk’s recognizing aces in government IT. What’s your super power? Cyber, cloud, big data, mobility, or data center? Take a minute to take our Superhero quiz – we’ll help you pick out your mask and cape.
So, I took the quiz – I’m Almighty IT. Ironic since my tech skills melt away like David Banner’s mild manners as soon as I venture into Excel. Pegged myself as more of the Optimizer – I have a soft spot for data centers. Perhaps it was my choice to keep my loved ones safe rather than save the world? Or my preference for cape wearing only on Tuesdays? I must confess, I do quite fancy Almighty IT’s crown.
But Seriously Folks...
We know too many digital defenders are getting KO’d by kryptonite. That’s why MeriTalk launched the Merit Awards to recognize every day government IT bravery. Take a minute to nominate special agents. It doesn’t take a superhuman effort to fill out the nomination – and it’s free to submit. No black tie required – we’ll recognize our Fed IT Superheroes at the Cloud Computing Brainstorm on September 10 at the Newseum in D.C. Capes are optional.
Gotham has Batman. Metropolis has Superman. Let’s not forget Wonder Woman. D.C. has the Digital Defenders. Please avoid the temptation to wear your underpants outside your tights.
CDM is all about numbers – $6 billion, 17 primes, legions of subcontractors, and one big question. Is the shiny new program making Uncle Sam's cyber security safer? This'll be a focal point of the Cyber Security Brainstorm on June 18 at the Newseum. More than 250 Fed cyber security execs have registered – so space is tight. But back to the question – how's CDM doing? Are the customers satisfied?
Under the Hood
Only one way to find out – take a peek under the hood. So, MeriTalk's Cyber Security Exchange asked Fed cyber security execs in the agencies if CDM's a Lamborghini or a lemon? We put the analysis wrenches down – and rolled out the CDM: Under the Hood study on Monday.
Good First Lap
DHS tells us that agencies burned rubber to meet OMB's CDM deadlines. More than 96 percent of agencies met the April 30 deadline to identify a CDM manager in their agency. More than 87 percent met the May 30 deadline to deploy products to support the new security management approach.
Find the Accelerator, Please
Quizzed about roll out and task order processing timing, 58 percent of Feds want to accelerate program phase roll out. Fifty-one percent want phase one solutions task orders processed more quickly – flag for Jim Piche and his team at GSA. Providing recommendations on how frequently to refresh security assessment and discovery information, Feds want more real-time updates. Today, the plan for CDM is to provide updates to agencies every 72 hours. Ninety percent of Fed cyber execs want daily updates, and 56 percent want updates every hour. Thirty-two percent want real-time intelligence.
As the cyber security market shifts from compliance to risk management, CDM corners like it's on rails and eats up the asphalt on the straightaway. Asked about the benefits CDM provides in their agencies, Feds revved their engines. Fifty-six percent say CDM reduces operational risk. Fifty-five percent point to enhanced risk prioritization – allowing cyber security pros to get to the worst issues first. Fifty-four percent point to quicker risk mitigation times – and 51 percent say CDM reduces time spent on paperwork.
FISMA Fork in the Road
Speaking of paperwork, it's impossible to put CDM on the lift without road testing it against FISMA. I asked OMB about CDM and FISMA – do agencies still need to pay for FISMA if they're doing CDM? OMB clearly said yes. "Yes. FISMA is the law." The study provides interesting insight on the relationship between cyber security's favorite acronyms – LOL. The net up front – FISMA’s far from RIP. Only 13 percent of Fed cyber execs consider FISMA OBE – saying that they have enough data to do away with FISMA. Fifty percent say they need FISMA today until CDM produces more data. Twenty percent say CDM will never replace FISMA. Interestingly, 17 percent are unsure.
Fed cyber security leads tell us they spend 25 percent of their cyber security budgets on FISMA compliance. Chipping in on future plans for FISMA reporting provides important insight on how CDM and FISMA can run together. Thirty-six percent plan to automate FISMA monthly reporting. Forty-two percent plan to swap out the automated dashboard for today's quarterly/annual reports. Disappointingly, 24 percent have no plans whatsoever to change their reporting behavior.
Real takeaway, NIST and DHS need to get together to tell one story. How do these programs fit together –and what's the roadmap for the future? And, speaking of confusion, or perhaps insecurity, the Federal cyber security initiatives need a branding makeover. How will the government achieve clarity if it keeps coming up with new terms?
Seems cyber execs like their new Streufert speedster. Looking down the road, Feds point to training, budget, legacy integration, technical complexity, culture, acquisition, and leadership supports as major speed bumps to accelerating CDM – check out the study for the stats. What do they need to pimp their CDM ride? Fifty-eight percent of Feds want more analytic capabilities. Next on the grid are critical application resilience, common trusted identities, automated tools, and enhanced RoI metrics – again, check out the study for stats.
So, there you have it, the numbers on CDM. If you're interested in the voice track, we'll look forward to meeting you in the pits at the Cyber Security Brainstorm at the Newseum on June 18. John Streufert's in pole position on the CDM panel.
Halvorsen Hates Iowa
But he’s really got it in for data centers, applications, and cost. In a world of posturing and politics, I'd like to take a minute to salute Terry Halvorsen as he steps into Teri's shoes as DoD IT tzar. With the challenges in DoD computing, Terry may quickly develop a bunion. We know he's already recovering from Achilles surgery.
Modernization, the Movie
When acting as the DON CIO, Terry recently spoke at the Data Center Brainstorm and the Cloud Computing Caucus Advisory Group meeting on the Hill. Perhaps I'm losing my mind recommending that you watch a 17-minute video on the web, but if you want insight into DoD's most powerful IT brain, it's 17 minutes well spent. By government IT standards, this movie’s an action thriller – and a horror movie for those who dig the failing status quo.
Burn the Ships
No TQM, BPR, or Six Sigma – just straight talk. Navy plans to take $1.3 billion out of its data center spend. To achieve this, Terry cut the data center budget by $1.3 billion. Halvorsen hones in on what's important – and calls out the nonsense of the data center consolidation and counting fiasco. "It's about data center closings – not consolidations. You need to count money, not just data centers. To be clear, savings means that we spent less money – not just cost avoidance." Map this against OMB's double speak on the Hill – it's like music to my ears.
It's the Data, Stupid
Halvorsen grabs the issue by the scruff of the neck – to realize success you need to understand the data in your data center. You need to know your risk – not just cyber risk. This is where those of my readers from Iowa may want to turn off. At this juncture, Halvorsen unleashed on Iowa – maybe he has an allergy to corn? When running older applications, you will likely need your data geographically nearby – so cheap data center space in Iowa may be a false economy.
"I don't like application rationalization – I like application kill." It doesn't get more real. Halvorsen tells us straight – murdering applications drives down data volumes. Is virtualizing data a good idea? **** straight it is.
Big Enough to Matter
Halvorsen says he's not interested in definitions of data centers. The Navy has 150 data centers that are big enough – read expensive enough – for him to care. Unlike other execs who downplay the cost of labor, Terry tells it straight. The number-one cost in Federal data centers is labor – far and away. He also sparked off about power and facilities costs – and how Uncle Sam needs to rein them in.
Amazon Your Agency
Here's another third-rail issue. Halvorsen wants half the Navy's data housed in commercial solutions. He's pushing public-facing websites to Amazon – and realizing 66 percent in cost savings. Other commercial providers include HP's NGEN.
DISA Data Center Delight
He also applauded DISA's cloud and data center solution – saying it was very cost effective. The Navy is and will continue to run in DISA's data center. We're excited to hear from David Bennett, CIO at DISA, when he keynotes at the September 10 Cloud Computing Brainstorm.
COOP vs. DR
It's not cost vs. mission – it's both. Cost significantly impacts your ability to achieve the mission. Halvorsen finally let up on Iowa as he noted that many applications do not need full COOP – it's very expensive. If you don't absolutely need a hot fail over – and can live with data restoration in five to seven days – here's your chance to take advantage of cheap capacity in Iowa.
Halvorsen's exactly what we need to shake things up in government IT. Again, I encourage you to watch the movie. Two thumbs up for his direct approach. He's going to shake things up in the E Ring. If he has a failing, it may be that obsession with Iowa? Perhaps it's because it's landlocked? Maybe he had a bad experience with a Goldfinch? Do the West Florida Argonauts have it in for the Iowa State Cyclones?