Workforce Dollars and Sense the Hidden Costs of Consolidation

VOLUME 25 • NUMBER 12

Strategy and Business Management for Government Leaders | June 20, 2011 FCW.COM

Priscilla Guthrie (center) continues to ﬁ nd value in working with mentors, including Margaret Myers and retired Lt. Gen. Bruce Brown.

Who’s on your team? Former and current government offi cials share their tips for establishing a solid mentoring relationship Page 20

OP-ED: Workforce dollars and sense Page 18 TECH BRIEFING: The hidden costs of consolidation Page 40

BOTTLENECK.GOV

SOLVED.

You need to optimize connectivity. We get it and our dedicated account managers and solution architectscanmakeithappen.WithproductslikeBelkinKVMandCiscoswitches,wecanhelp youdesignandbuildasolutionforyouragencythat’sfast,flexibleandsecure.Onenetwork, reliable, with bandwidth and communication for all.

Get things moving at CDWG.com/networking

Edited by Michael Hardy BUZZ

Gov 2.0 was hacked’ story fell apart.” Weiner’s Twitt er patt erns also helped Will Weinergate put unravel his story. Twitt er allows users to send private messages only to people who Congress off Twitter? follow them, so the only way to have two- way private communications on Twitt er Whether you see Weinergate as a hoot or (Weiner claimed he meant to send the is for both people to follow each other. an omen depends on where you sit. photo as a joke to a woman in Seatt le. Th erefore, Weiner began following att rac- Th e media has been covering Weiner- We’re not sure that’s the smartest way to tive young women, who stood out among gate with relish, and the public’s appetite evoke laughter in any case.) the coterie of journalists, politicians and for the story has proven nearly insatiable. In some ways, Weiner’s pickle is Twit- celebrities that Weiner was also following. But members of Congress are not so ter’s fault, writes Steven Levy in Wired. “Among the original 91 people the cavalier. Ever since the news broke that Rep. Some of Twitt er’s more famous users — congressman followed were many young Anthony Weiner (D-N.Y.) had accidentally celebrities in particular — didn’t want the women,” writes Charles Simmins at Yahoo (he says) tweeted a frank photo of himself service to allow users to send messages to News. “A timeline prepared by one blog- to several thousand followers on Twitt er, any other user, as you can do with e-mail, ger illustrates the Twitt er behavior that his colleagues have shown more caution Levy writes. So Twitt er set up the service was visible publicly. Th e congressman’s about using the social media service. so that you can send a direct message only current Twitt er stream clearly shows he According to Mashable, tweets from to someone who is following you. Th at lets was using Twitt er just before the picture members of Congress dropped sharply link was sent and right aft er.” aft er Weiner’s scandal hit the news. Th e Washington Post opinion writer largest dip was seen May 30, the Monday E. J. Dionne lamented the distraction of aft er the scandal broke, with Republicans personality-driven news, which enables sending just 191 tweets, down from 910 on people to avoid substantive discussions. May 26. Democrats’ numbers dipped to 88 “Okay, most of us will always pay att en- on May 30, from 240 on May 26. Mashable tion to sex stories, and apocalyptic fears drew its numbers from TweetCongress, are usually a form of paranoia,” he writes. which tracks the activity of members of “But we’re a superpower with big economic Congress on Twitt er. problems. We’re acting like a country that “Th e lesson here for members of Con- has all the time in the world to dance around Rep. Anthony Weiner (D-N.Y.) learned the hard gress might be to avoid engaging in inap- way about the need to be careful with Twitter. our troubles by indulging in ideological propriate online romances altogether or, fantasies and focusing on the behavioral at the very least, to be more cautious when celebrities tweet to their fans while not fantasies of wayward politicians — who, sending direct messages,” writes Jennifer gett ing barraged with thousands of direct by the way, keep creating opportunities Van Grove at Mashable. “But preliminary messages from said fans. for distraction.” data in the aft ermath of Weinergate shows Although it’s easy to tweet something to So what is the lesson for public offi cials that the actual lesson Congress members your whole list of followers that you meant who use Twitt er and would like to avoid are taking to heart is to avoid Twitter for one person, a member of Congress creating such opportunities for distraction? altogether.” doing it with an inappropriate photograph We think it’s prett y simple: Use Twitt er Weiner fi rst denied having sent the “was so crazily egregious that Weiner’s ini- for professional topics only. Don’t tweet photo showing (we’re trying to be deli- tial lies that his account had been hacked anything you wouldn’t want your spouse cate here) a man’s underwear-clad pelvic seemed plausible,” Levy writes. “But the to see. If you do need to send a private region, claiming his account had been evidence of his deeper misbehavior was message, use e-mail or the telephone rather hacked. Eventually, he admitt ed to hav- already out in the open: the thumbnails than risk a Twitt er mistake. ing sent it, explaining that he meant to of the young women he followed, publicly In short: Don’t be a Weiner. send it directly to a female follower and available on his Twitt er account.… Th e TURN TO PAGE 8 FOR MORE BUZZ

THIRDAGE.COM accidentally tweeted it to all his followers. women talked, and Weiner’s original ‘I

June 20, 2011 FCW.COM 3 CONTENTS

FCW.COM VOLUME 25 • NUMBER 12

EDITOR-IN-CHIEF MANAGING EDITOR FEATURES John Stein Monroe Terri J. Huck 20 GUIDING LIGHTS | NEWS EDITOR SENIOR EDITOR Leaders share their tips for building solid mentoring relationships Michael Hardy John Zyskowski

26 SERVING UP THE FUTURE OF IT | SENIOR WRITERS Cloud services mean big changes for IT management Alice Lipowicz, Matthew Weigelt 34 RICHARD SPIRES | STAFF WRITERS CIO Council gets serious about best practices Amber Corrin, Henry Kenyon, Alyah Khan

CONTRIBUTING WRITERS Alan Joch, John Moore, Brian Robinson

DEPARTMENTS COLUMNISTS 3 THE BUZZ HOME PAGES Agency Index Alan Balutis, Steve Kelman 19 CREATIVE DIRECTOR WEB CONTENT DIRECTOR CURRENTS 36 INSIDE DOD: Defense Army ...... Jeff Langkau Michael Protos ...... 26 11 ON THE CIRCUIT plays for high stakes Commerce ART DIRECTOR ASSISTANT ART DIRECTOR 3, 8, 18 Sam Votsis Dragutin Cvijanovic 14 BLOG BRIEF with acquisition Congress ...... 16 HARD COPY reform bid DHS ...... 34 ASSISTANT MANAGING EDITORS by Amber Corrin Whitt Flora, Donald White DISA ...... 26 COMMENTARY SENIOR WEB DESIGNERS 38 CYBERSECURITY: Will DOD ...... 14, 19, 36 Biswarup Bhattacharjee, Martin Peace 17 On the road to a spear phishing kill EPA...... 42 EDITOR-IN-CHIEF/ONLINE mobile workforce e-mail as we know it? Susan Miller GPO ...... 14 by Alan Balutis by William Jackson ONLINE CONTENT PRODUCERS GSA ...... 20 Heather Kuldell, Alysha Sideman, Natalie Willis 18 Workforce dollars 40 TECH BRIEFING: Will Industry ...... 16, 38 DIGITAL MEDIA PRODUCT MANAGERS and sense Jeff Rae, William Winton hidden costs kill Library of by William R. Dougan consolidation’s payoff ? Congress ...... 14 DIGITAL DEVELOPMENT EDITOR Jana Steiger 19 by John Zyskowski Navy ...... 10 AKO: So much more EDITORIAL ASSISTANT than e-mail 42 BACK TALK OMB ...... 8 Dana FitzGerald by Gary Winkler State & local ...26, 42 USDA ...... 40

COVER PHOTO BY ZAID HAMID PRESIDENT AND GROUP EDITOR-IN-CHIEF Anne Armstrong

VP/GROUP PUBLISHER EDITOR’S NOTE Jennifer Weiss

LEARNING ON THE JOB. For all the recent talk about the PRESIDENT AND CHIEF EXECUTIVE OFFICER importance of training, it’s worth remembering that only so much can be Neal Vitale

SENIOR VICE PRESIDENT AND CHIEF FINANCIAL OFFICER learned in the classroom. Th at’s why mentors are important. Richard Vitale Classroom- or computer-based training has its place — and many readers say EXECUTIVE VICE PRESIDENT it’s in increasingly short supply — but it’s no substitute for a good mentoring Michael J. Valenti arrangement. Just ask Priscilla Guthrie. SENIOR VICE PRESIDENT, AUDIENCE DEVELOPMENT & DIGITAL MEDIA Guthrie, who has served in a number of high-level positions in government Abraham M. Langer VICE PRESIDENT, FINANCE & ADMINISTRATION and industry, is known as someone who takes an interest in the professional Christopher M. Coates development of her subordinates. Th at’s why she was the first person staff writer VICE PRESIDENT, INFORMATION TECHNOLOGY& APPLICATION DEVELOPMENT Alyah Khan called to talk about mentoring. Guthrie, who recently served as Erik A. Lindgren VICE PRESIDENT, ATTENDEE MARKETING CIO of the Intelligence Community, proved to be very knowledgeable about Carmel McDonagh the topic: Not only has she served as a mentor to others, but she continues to VICE PRESIDENT, EVENT OPERATIONS David F. Myers be a mentee herself, even aft er all these years. Who knew? Th is week’s cover story (starting on Page 20) explains why and off ers advice on how to develop a CHAIRMAN OF THE BOARD Jeffrey S. Klein healthy, productive mentoring arrangement. Moving e-mail to a private cloud is typically seen as a safe call, so it’s no sur- HOW TO REACH THE STAFF You can reach staff members of 1105 Government Information Group. prise that many agencies are testing the waters with cloud computing by starting A list of staff members can be found online at www.fcw.com. E-mail: Staff members can be reached by using the naming convention with e-mail. But don’t be fooled: Th e shift to the cloud is never simple. A cloud- of ﬁ rst initial followed by their last name @1105govinfo.com. based strategy requires a whole new mind-set. Contributing writer John Moore Falls Church Offi ce (weekdays, 8:30 a.m. – 5:30 p.m. ET) (703) 876-5100; Fax (703) 876-5126 explains why in his story, which begins on Page 26. 3141 Fairview Park Dr., Suite 777, Falls Church, VA 22042 Corporate Offi ce (weekdays, 8:30 a.m. – 5:30 p.m. PT) Sometimes semantics are important. In recent months, a number of elected (818) 814-5200; Fax (818) 734-1522 offi cials have talked about the need to downsize the federal workforce as part 9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311

of a larger eff ort to cut the budget. But William R. Dougan, president of the Federal Computer Week (ISSN 0893-052X) is published 23 times a year, two issues in Jan. through Nov. and one issue in Dec by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, National Federation of Federal Employees, believes the real goal is rightsizing. Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offi ces. Complimentary subscriptions are sent to qualifying subscribers. Rather than simply talking about job cuts in terms of percentages, Dougan said Annual subscription rates payable in U.S. funds for non-qualifi ed subscribers are: U.S. $125.00, International $165.00. Annual digital subscription rates payable in U.S. funds for non-qualifi ed subscribers are: U.S. $125.00, International $125.00. Subscription inquiries, Congress should look at aligning decisions about the workforce with decisions back issue requests, and address changes: Mail to: Federal Computer Week, P.O. Box 2166, Skokie, IL 60076-7866, email [email protected] or call (866) 293-3194 for U.S. about services. Check out his column on Page 18. & Canada; (847) 763-9560 for International, fax (847) 763-9564. POSTMASTER: Send address changes to Federal Computer Week, P.O. Box 2166, Skokie, IL 60076-7866. Canada — John Monroe Publications Mail Agreement No: 40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada. [email protected]

4 June 20, 2011 FCW.COM Information Security

Q&A with an industry leader

As cybersecurity has taken over the headlines, issues involved with making sure digital information and data are secure have often been relegated to the background. Yet, in an age of widespread identity theft and new kinds of threats like the Wikileaks exposure of secret Curtis Levinson and sensitive material, how to make sure the information used by Chief Security Strategist, Qwest Government government agencies is protected has never been more vital. Services

THE STAND: Information Security takes a look through the experienced eyes of an industry veteran at just what the threats are to government information, how well agencies are prepared to deal with them, and what government needs to focus on to make sure its information is kept away from prying and unauthorized eyes.

Additional questions and responses are available with the full report online at www.fcw.com/InformationSecuritySTAND

1105 Government Information Group Custom Report Qwest on Information Secu

Curtis Levinson Chief Security Strategist, Qwest Government Services

1) What are the main threats The big threats now are from large nation states and the groups and individuals that to information security today? contract out to them, and from attacks using botnet technology that morph and evolve What have been the major in a virus like way to change their form and signature on a regular basis. Those lead to changes to the threat domain name server (DNS) attacks and DNS cache poisoning. environment over the past What those attacks lead to is a compromise of the trust of public IT communications. 3-5 years? In every tabletop and simulated exercise that I’ve been involved in, they can lead rapidly to global DNS meltdown, which is a colloquial way of saying there is a broad loss of trust in Internet communications and data communications. That may ultimately be our biggest concern.

2) What’s the level of There is unevenness of response and with the definitions of information security, both understanding in government within agencies and between them. There are multiple efforts underway to talk about about information security, what to do about information security, but also a duplication of efforts. There are task and what’s needed vs. IT forces in the different silos of government – civilian agencies, defense agencies and in security and information the intelligence community – all of which have different efforts under way, and which in assurance? many cases overlap. It does get very confusing. The working theory in both government and industry is that information security overlays both IT security, which focuses on hardening systems and networks and perimeter defense, and information assurance, which is the domain of FISMA and deals with confidentiality, integrity and the availability of information regardless of the technology that surrounds it. One of the big areas where there’s currently a security gap is voice-over-IP. When you take voice and run it across IT data circuits it’s subject to all of the hacking and penetration attempts that plague the Internet and corporate networks. One of the things most neglected is firewall perimeter defense for VoIP.

3) Why do we need to talk It’s not, because information security deals with theft of identity. If your credit card is about information security swiped by a waiter at a restaurant that has a credit card reader then your number can anymore? Isn’t it now just a be stolen and your identity compromised, and that’s not cyber security. There are lots of part of cybersecurity? things that are not cyber related. As an analogy, the primary way most people have of protecting their homes is locks on the doors that are opened with a metal key. However, if they have homes with garages they may lock their front door but not the door between their house and the inside of the garage. So it’s very easy for someone to synch a garage door opener, open the garage door and then walk into the house. If you look at the garage door opener as the equivalent of information security technology then the information itself, which is the house, is still left unprotected.

1105 Government Information Group Custom Report curity

4) How mature are standards The standards themselves are very mature, but I think the real question is how fast that govern federal information are they responding to meet technology requirements. What I’m seeing right now is that security, such as FIPS and technology is maturing at a faster rate than the standards, though that’s having a those published by NIST? positive effect by forcing standards to develop faster. That’s outstanding, because you What else, if anything, is don’t want to hold up technology development to wait for the standards, though needed? standards are needed to verify that the technology is secure. That’s particularly so in terms of NIST. I’m seeing them step up and respond at a much faster rate than every before.

Strong identity management is indeed a key issue, and we’re not there yet because 5) Strong identity management there is no single, non-forgeable digital ID that is interoperable in all technology has for a long time been environments. The closest we’ve come is the chip in the US passport, which is in- viewed as one of the key teroperable across at least the American government and also with other technologies in information governments who have adopted it. security. Are we “there” yet? Another example is HSPD-12, which mandated a common access card for If not, why? government employees and contractors. That’s been an extremely successful program, and interoperability of that card across at least some agencies is beginning to be realized. What there is not, right now, is a common digital identity outside of government for the US citizen. You can buy a digital certificate, but where can you use it? There are not that many places that will accept it. The only version of consumer cryptography we have that is relatively ubiquitous and interoperable is Secure Sockets Layer, but that doesn’t verify who you are.

The difference is tremendous. For a start, there is no one thing called The Cloud, there 6) What does information are many different clouds, and security in each of those clouds can change dramatically. security mean in the cloud? And security in a cloud is not what we would normally associate with security such as What difference, if any, is there strong perimeter defense, it’s more a matter of trust. The cloud is outsourcing, and you between this and “traditional” don’t own the computing resources, so what trust do you have in the provider? information security? The newest concept in cloud computing is called a trust score, which is a quantifiable metric of all of the different controls around a provider’s cloud, to do with authentication, with the physical controls around the data centers, even the background checks of the people who work there. In a cloud environment, the security paradigm is shifting from perimeter defense to this concept of trust.

7) What does your company Qwest has extremely strong cybersecurity in terms of technology techniques and staff. It bring to this space that sets has successfully implemented secure architectures across all three sectors of government. you apart from others? And one of our greatest advantages is that we can react quickly to design customized solutions in a flexible and time-effective way. Qwest has a very flat management structure, so I’m able to reach up into the CEO’s office if necessary to accomplish what I need to get done for a customer, without asking for permission or having to get multiple approvals. I can pick up the phone and get what I need, there and then.

Additional questions and responses are available with the full report online at www.fcw.com/InformationSecuritySTAND

1105 Government Information Group Custom Report THE BUZZ (Continued from Page 3) Buzz Factor Here are some other stories FCW.com readers are buzzing about. To read more, go to FCW.com/BuzzFactor. Edited by Michael Hardy 1 2 3 4 Keys to the Another try Underpaid, Stubborn as a kingdom to shrink the overpaid — robot

Summary: The hackers workforce who knows? Summary: Robots de- who attacked Lockheed Summary: A new bill Summary: A study signed to carry packs for Martin and L-3 had would shrink the federal found that 77,000 federal soldiers aren’t working the codes to construct workforce by 10 percent employees earn more out in tests on rugged working passwords through attrition. than the governors of terrain, so the Army is — in other words, the Outlook: What hap- their states. considering the return security keys to unlock pens if not enough Outlook: It’s more of the pack mule. the doors. people leave by the ammo for advocates of Outlook: We wonder Outlook: Cyberatt acks deadline of fiscal 2015? slashing federal salaries, what other relics of the are rising dramatically. but readers pointed out past the Army might Th ere’s no need to make that the number doesn’t bring back. Dare we them easier. mean much. Sports stars hope for Betty Grable? and business leaders also earn more than governors do.

Transparency White House, Congress in unison on accountability

Th e Recovery Accountability and Trans- largely seen as a success. which is modeled on the RA T Board. parency Board has brought harmony to Among other targets, Obama’s new However, the FAST Board would be a Washington — at least for a moment. initiative takes aim at duplicative websites, permanent fi xture in the world of bett er Cue “God Bless America.” with the goal of killing or consolidating government, while the RA T Board has a Everyone knows the government uses many of them within a year. coming sunset date. its resources unwisely, and it oft en doesn’t “Over the last two years, we have been Biden said Congress and the adminis- know where its money is going. Even slashing waste across government, and tration agree. And Issa said he and Biden, specifi c steps toward action can cause today we are putting Washington on in past meetings, have shared a common disarray. notice,” Vice President Joe Biden said. vision of reform. Th at’s harmony for you. But suddenly, the White House and “Th e president and I are committ ed to Ferocious government watchdog Congress are singing in harmony. changing the way government works, groups are generally happy, too. On June 13, President Barack Obama and we are stepping up the hunt for mis- “We all appear to agree that we need launched his Campaign to Cut Waste spent dollars.” an independent board to do this — [such and created an oversight board by Down the street, Rep. Darrell Issa as the one] outlined in the DATA Act executive order. The board is based (R-Calif.), chairman of the House Over- and the White House executive order,” on the Recovery Accountability and sight and Government Reform Com- said Ellen Miller, executive director and Transparency (RAT) Board, which mitt ee, introduced his Digital Account- co-founder of the Sunlight Foundation. was formed to oversee and track the ability and Transparency Act (DATA). She even tweeted June 13 that Issa’s bill money from the American Recovery It would set up a Federal Accountabil- had some “good solid initiatives.” and Reinvestment Act of 2009 and was ity and Spending Transparency Board, Enjoy the singing while you can.

8 June 20, 2011 FCW.COM DB2 on POWER: 3x faster. Check. As low as 1/3 the price. Mate.

Which database has the right moves? DB2® on Power Systems™ performs three times faster per core than Oracle Database on SPARC—based on both TPC-C and SAP® SD benchmarks.* Yet the price of DB2 is as low as 1/3 the price of Oracle Database.** Maybe that’s why in 2010 over 1,000 Oracle Database clients chose DB2 instead. Game over.

ibm.com/facts

*PERFORMANCE: www.tpc.org as of 3/28/11 [IBM Power 780 (3 x 64 C)(24 Ch/192 C/768 Th); 10,366,254 tpmC; $1.38/tpmC; avail. 10/13/10 v. Oracle SPARC SuperCluster w/T3–4 Servers (27 x 64 C)(108 Ch/1728 C/13824 Th); 30,249,688 tpmC; $1.01/tpmC; avail. 6/1/11]. TPC-C is a trademark of Transaction Performance Processing Council. 2-tier SAP SD standard application benchmark results as of 3/28/11 [IBM Power 795 (32 P/256 C/1024 Th); 126,063 users, SAP ERP 6.0 EhP4/ AIX 7.1 + DB2 9.7; cert. 2010046 v. Oracle SPARC Enterprise Server M9000 (64 P/256 C/512 Th); 39,100 users, SAP ERP 6.0/Solaris 10, Oracle 10g; cert. 2008042] www.sap.com/benchmark. SAP and all SAP logos are trademarks or registered trademarks of SAP AG in Germany and several other countries. **PRICE: based on publicly avail. U.S. info on 2/10/2011 for IBM DB2 Advanced Enterprise Edition + Oracle software w/comparable capabilities. No SAP SD benchmark results are used for any price/performance metrics. IBM: 100 Processor Value Units. Oracle: assumes 1.0 processor multiplier. Both incl. Y1 maint./support. IBM, the IBM logo, ibm.com, DB2, Power Systems, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. © International Business Machines Corporation 2011. THE BUZZ (Continued from Page 8)

Defense IT Navy faces headwinds in critical IT plans

As if all the millions of dollars and untold review of all its operations as it looks for increase in afl oat bandwidth demand, said eff ort the Navy spends on networks and opportunities to pare unneeded programs Dave Weddel, assistant deputy chief of IT systems weren’t enough to underline and focus limited funds on critical and naval operations for information domi- their importance, top service offi cials high-growth areas. Th e stakes are high. nance. Th e challenge is not only to acquire decided it was time to be more direct “We are going to make decisions in the and process that data, but also to share about that key role as they prepare to next two years that will set the stage for and act on it. make some tough choices. the [Defense Department] for the next None of that will be possible if the For the Navy, IT does not simply sup- 10 years or more,” Undersecretary of the underlying infrastructure is not adequately port infrastructure — it is a combat system, Navy Robert Work said at the conference. secured. Along those lines, the Navy is said Adm. Jonathan Greenert, vice chief of Navy offi cials realize they must make preparing to launch initial operations at naval operations, in a keynote address at the most of every dollar they spend on four new Regional Network Operations AFCEA’s Naval IT Day earlier this month. basic IT infrastructure so they have suf- and Security Centers that will support the Unfortunately, it’s a combat system that fi cient funds to support future capabili- Navy’s Fleet Cyber Command. has become bloated, ineffi cient and vul- ties. To that end, they are exploring the “These [centers] will combine net- nerable, other Navy offi cials said during possibility of using commercial cloud work operations with computer network the conference, which Henry Kenyon and services for e-mail and data storage. defense” and will exploit the adversary, Amber Corrin covered for Federal Com- “If our security standards can be predict future att acks and defend networks, puter Week’s sister publication Defense met,...maybe [commercial services] are said Rear Adm. Edward Deets III, com- Systems. Th e Navy wants to fi x those options,” said Navy Department CIO mander of the Naval Network Warfare shortcomings, but it will take a signifi - Terry Halvorsen. He also said offi cials Command. cant eff ort to realign its operations and are keeping an eye on the joint enter- In addition, as part of its Cyber Asset culture to support recognition of IT as a prise e-mail eff ort under way between Reduction and Security eff ort, the Navy combat system. the Army and the Defense Information is working to reduce its network portfolio Th e to-do list is long and growing as Systems Agency to see if it could deliver by 51 percent and has already eliminated the Navy deploys new IT-centric capa- a more aff ordable messaging option for nearly 1,000 networks, 20,000 servers and bilities, such as unmanned aerial vehicles the Navy. more than 32,000 devices. (UAVs) and stouter cyber defenses. A Meanwhile, new capabilities such as “Th e fewer number of networks we’re tight fi scal climate and increasing pressure UAVs and remote sensors are producing a att empting to secure out there, the bett er,” to downsize greatly complicate the task. fl ood of data and straining the Navy’s IT Deets said. “We’ve tremendously reduced Th e Navy is in the middle of a strategic infrastructure, resulting in a 1,000 percent our vulnerability.”

Federal agencies: Not so scary after all

What does the face of Big Brother look like? Views about government, companies and the Internet More people say it looks like Big Busi- Percentage of respondents who agree or strongly agree ness than it does government, according to a survey by the Center for the Digi- Government should tal Future at the University of Southern regulate more 13% California. The center’s 10th annual study of the digital realm, published June 3, found that Worried about 48 percent of Internet users 16 years old government checking 38% and older worry about companies follow- what I do online ing them online. Only 38 percent had the same fear about the government. “Many of us are worried that the Big Worried about Brother in our lives is actually Big Business,” companies checking 48% what I do online said Jeff rey Cole, the center’s director. — Kevin McCaney Source: The 2011 Digital Future Report, USC Annenberg School Center for the Digital Future

10 June 20, 2011 FCW.COM ON THE CIRCUIT

Earlier this spring, the administra- COMMUNITY tion was rumored to be considering nominating Google CEO Eric Schmidt General Services Administration senior to be Commerce secretary. But offi cials executive Sanjeev “Sonny” Bhagowalia announced May 31 that they had instead has accepted a new post as Hawaii’s fi rst chosen John Bryson, a former energy full-time CIO starting in July, Hawaii Gov. company executive, for the position. Neil Abercrombie announced. Bhagowalia currently serves as deputy Sonny Bhagowalia Steven VanRoekel RECENT EVENTS associate administrator of GSA’s Offi ce of Citizen Services and Innovative Tech- nologies, a post he has held since May Roekel was responsible for administra- Th e Association for Federal Informa- 2010. At GSA, he has helped imple- tion and management of budget and tion Resource Management (AFFIRM) ment the Obama administration’s open- fi nancial programs, personnel, telecom- held its annual awards luncheon June government and e-government initia- munications, fees, the Universal Ser- 9 to honor outstanding leaders in the tives, including Data.gov, cloud com- vice Fund, physical space and security, federal government. puting, data center consolidation and among other activities. Th e list of award winners reads like mobile applications. He held a variety of executive posi- a who’s who of the federal IT sector. Bhagowalia was credited with extraor- tions during his 15 years at Microsoft , Federal CIO Vivek Kundra won the dinary achievement for gett ing Data.gov including managing cross-industry Web organization’s most prestigious honor, up and running in just two months, a services and serving as a speech and the Executive Leadership in Information feat that won him a Federal 100 award strategy assistant to Microsoft Chair- Resources Management-Civilian Gov- in 2010. man Bill Gates. ernment Executive Award, for his role in Bhagowalia was CIO of the Interi- transforming the way the government or Department from December 2008 One of the Army’s top acquisition offi - acquires and uses IT. He was also recog- through May 2010, where he oversaw cials has resigned, according to several nized for launching the Obama admin- an IT budget of about $1 billion a year. news reports. istration’s 25-point plan for reforming Previously, he was CIO at Interior’s Malcolm O’Neill, assistant secretary of IT management in December 2010. Indian Aff airs bureau for a year. Before the Army for acquisition, logistics and Robert Carey, the Defense Depart- joining Interior, he was IT program technology, notifi ed his staff in an e-mail ment’s deputy assistant secretary and management executive at the FBI from message May 31 that he was leaving the deputy CIO, took home the Executive July 1999 through August 2007. job he has held since March 2010 for Leadership in Information Resources Before his service in federal IT, he personal reasons. Management-Defense Executive Award spent 14 years at Boeing as a senior O’Neill worked closely with Ashton primarily for championing transforma- principal engineer in the Boeing Tech- Carter, undersecretary of Defense for tion in his role as the fi ft h Navy CIO, nical Fellowship Program in support acquisition, technology and logistics, according to AFFIRM. of systems integration and business on the Bett er Buying Power initiative, Dan Gordon, administrator of the development. the Defense Department’s approach Offi ce of Federal Procurement Policy, to saving money and being more was given the acquisition and procure- Steven VanRoekel, the former Micro- effi cient. ment award for leading the administra- soft executive brought in to revamp tion’s “mythbusting” campaign. the Federal Communications Com- Th e Obama administration has added mission’s online presence, is leaving the another big name from the tech industry If you want to know how to create inno- commission to join the U.S. Agency for to its list of advisers: Twitt er CEO Dick vative technology on a shoestring bud- International Development, according Costolo has been named to the National get, Federal Chief Technology Offi cer to a June 2 report in Th e Hill newspaper. Security Telecommunications Advisory Aneesh Chopra has some advice: “Mac- VanRoekel joined FCC in June 2009 Committ ee. Gyver your way to a bett er solution.” to overhaul the agency’s website with Costolo’s selection is the latest sign Chopra drew the analogy to the TV the goals of improving transparency, of the administration’s eff ort to reach character, played by Richard Dean Ander- enhancing electronic reporting and out to America’s high-tech companies. son, at an event on innovation in health releasing FCC data. Th e new website Former chief executives of Google and care hosted by Bisnow June 2. Th e TV went live May 12. AOL have also advised the White House show, titled simply “MacGyver,” ran for

EXCELGOV.COM/MICROSOFT.COM As managing director at FCC, Van- on technology issues. seven seasons, from 1985 to 1992. Th e

June 20, 2011 FCW.COM 11 ON THE CIRCUIT

title character had an amazing ability that tells you that you cannot do it,” early and objective communication to improvise with materials on hand Cureton said. of concerns and issues.” to create weapons, escape capture and Translation: Apologize early and oft en. otherwise thwart his enemies. Weapons testers and program managers Alternatively: Accept that you have a Chopra said MacGyver is a good in the Defense Department need couples choice to be happy or right, but not example, if fi ctional, of frugal engineer- therapy, according to the Project on necessarily both. ing. “Th e reason we love MacGyver is Government Oversight. you take what you’ve got” and invent a POGO found an internal defense Sen. Tom Carper (D-Del.) told Dan Gor- new use for it, Chopra said. “Th is is about memo recently that implies that the test- don, administrator of the Offi ce of Fed- creativity,” not big-budget programs. ing, requirements and program manage- eral Procurement Policy, to stop talking ment communities at DOD need bett er in acronyms at a hearing held May 25. When NASA CIO Linda Cureton recent- relationships and interaction with one Gordon had been talking about GWACs ly met with a group of schoolchildren, another. But it is not enough for POGO (governmentwide acquisition contracts) a young girl asked Cureton if she had to simply say those defense communi- and other alphabet-soup terms. ever been in outer space and whether ties need couples therapy. DOD needs “I get to say IT, right?” Gordon asked she wanted to travel there. more concrete ways to repair its internal before making a comment about infor- Cureton quickly answered no. She relationships. Each recommendation in mation technology. said she was too old and not physically the memo has some insights for couples. fi t enough. Recommendation: “Stronger mecha- When President Barack Obama launched “But you said you can be anything nisms for rapid adaptation to emerging his Campaign to Cut Waste June 13, he you want!” the girl protested. facts by the requirements, acquisition, appointed Vice President Joe Biden to Recalling the conversation at Bis- and test communities and less resistance lead it because, as Obama said, “no one now’s Top Women in Business and to change.” messes with Joe.” Government forum June 10, Cureton Translation: If you’ve agreed on a movie Stephanie Cutter, assistant to the presi- said she realized she had a bad habit of and she changes her mind at the last dent, echoed that sentiment during a call squelching some of her dreams, includ- minute, go with it. with reporters that day when she referred ing her childhood wish to be an astro- Recommendation: “To ensure that to Biden as Sheriff Joe. Cutt er said Obama naut. Now she says she would travel in expected and healthy tension between chose Biden because of the role he played in space if the opportunity arose. the program and test community implementing the American Recovery and “You have to still that inner voice doesn’t turn to animosity by having Reinvestment Act.

OUR EVENTS

The FOSE Institute is now live at foseinstitute.org. The new venture from 1105 Media — which publishes Federal Computer Week, Government Computer News, Washington Technology and Defense Systems — already has a full calendar. Coming up:

■ FOSE, the venerable federal ■ Geospatial Summit, Sept. 13-14, ■ Enterprise Architecture technology trade show, is set for July will address the growing desire by Conference and Exposition, 19-21. As always, it will bring together nontechnical managers to tap the Nov. 8-10, will cover mission- government and industry thought power of location-enabled and critical issues, emerging leaders and show off the latest place-based information streams technologies, and best practices technologies. Areas of focus include to improve decision-making for implementing and making the enabling the mobile workforce, processes. most of enterprise architecture. cybersecurity and information ■ Cloud Computing and ■ Cybersecurity Conference and assurance. Virtualization Conference and Exposition, Dec. 8-9, provides ■ Defense Systems Summit, Exposition, Oct. 18-20, provides the latest practices and ideas for Sept. 7-8, will provide expert a national forum for showcasing reducing the risks of cyberattacks, practices on key issues that impact agencies’ models for developing mitigating their impact when the development and use of cloud infrastructure and software they do occur and developing a information network systems that services. workforce that is better prepared support the military’s warﬁ ghting to handle ever-evolving cyber enterprise. threats.

12 June 20, 2011 FCW.COM Cloud Computing 6WUDWHJLF5HSRUW

loud computing has developed Ca reputation for quick, easy provisioning to meet peaks in demand and for its potential to deliver huge cost savings. However, IT executives are still finding their way when it comes to moving to cloud computing. Security remains a major factor, and there’s no one-size-fits-all definition of cloud computing. For instance, Forrester Research, in its latest report, “Sizing the Cloud: Understanding and Quantifying the Future of Cloud Computing,” provides forecasts and information about 12 distinct cloud market segments. Here’s what you need to know to help ease your transition.

A Work in Progress

Cloud security still remains one of the main stumbling blocks for some agencies, even as they race to identify potential cloud projects. And yet, experts say, security in the cloud is becoming a nonissue. Here’s why.

Achieving Cloud Greatness

Success in the cloud, like any new IT installation, requires careful planning and support. Here are the top issues that IT managers must consider before, during and after a cloud implementation.

Floating on Clouds

Government CIOs have several cloud success stories to share. Experts explain what the ones with the best return on investment have in common.

Some Things are Better Left Private

Private clouds are poised to take on more importance as IT executives increasingly believe that tomorrow’s infrastructure will be a hybrid one.

Lessons-learned from Amazon’s Outage?

In April, cloud computing provider Amazon Web Services suffered an outage that lasted as long as five days for some customers. Although some critics say the outage proves that it’s too risky for the government to rely on cloud computing, other experts say the outage can show the government how to improve cloud implementations in the long run.

Online report sponsored by:

Go to: FCW.com/ SpecialReportCloudComputing CURRENTS The best from the blogosphere this week BLOG BRIEF

Smart phones for behavioral health care ART UNPLUGGED Armed With Science blog Eye Level blog science.dodlive.mil eyelevel.si.edu

Th e smart phone you carry is more than Tierney Sneeringer, a program assistant just a communications device. You have as at the Smithsonian’s Luce Foundation much computing power in your pocket as Center for American Art in Washington, a desktop PC of 10 years ago or a room- D.C., created the Luce Unplugged series size mainframe of 30 or 40 years ago. of free monthly concerts that fea- songs about the artwork,” Sneeringer One of the many things you can do ture local musicians who perform and said. “From then on, I was on a mission with your pocket powerhouse is facili- choose a work of art to be the focus of to have live music in the Luce Center.” tate behavioral health care, writes Julie an accompanying talk. When asked what she would do Weckerlein at the Defense Department’s Sneeringer told Mandy, one of the with an unlimited budget and free rein, “Armed With Science” blog. Available Smithsonian’s “Eye Level” bloggers, that Sneeringer started off with a vision of applications off er help for such common the idea for the series originated dur- world-famous musicians performing needs as assessing symptoms, locating ing a panel discussion at the Ameri- and ended with a more mundane idea: resources and tracking health conditions. can Association of Museums’ 2010 “The other day a visitor suggested we “For example, the ‘T2 Mood Tracker’ conference. A panelist from a nonproﬁ t get bean bag chairs — that could be is an app that allows users to self-monitor arts organization in Los Angeles “told fun. We are in the middle of planning emotional experiences associated with a story about a musician who followed something extra special for the fall so deployment-related behavioral health museum visitors around while playing everyone should stay tuned!” issues,” she writes. “Th is technology is useful because it allows users to collect real-time health data, monitor their own years not knowing exactly what Fannie pander like the best elected offi cial. A progress and share this data with their Mae and Freddie Mac do,” writes blogger digital archivist at the Library of Con- health care provider.” Jim Cameron, a GPO employee. “Until gress’ National Digital Information Th e app is available for iPhone and the housing meltdown, I would have been Infrastructure and Preservation Program Android devices. hard pressed even to tell you whether (NDIIPP), Lazorchak writes about how they were federal agencies or not (they’re he managed to win over a room of eighth Who are Fannie and not — they are government-sponsored graders from Imagine Schools’ South Lake Freddie? enterprises, or GSEs).” Middle School who were in town from Government Book Talk blog CBO’s publication, available online or Florida for the traditional end-of-year govbooktalk.gpo.gov in book form, explains what Freddie and fi eld trip to the nation’s capital. Fannie do and explores the ramifi cations His secret weapon? Th e teenagers’ If you turn to the government for a good of making them either wholly govern- fondness for taking and sharing pho- book recommendation, don’t expect to ment or wholly private compared to their tos on their cell phones, which is the hear about Stephen King, J.K. Rowling current hybrid status. Th e book “seems devices’ second most popular feature or even Doris Kearns Goodwin. like a great guide for policy-makers and for teens, aft er texting, according to the Th e mission of the Government Print- anyone interested in the backwash from Pew Research Center. ing Offi ce’s blog is to shed light on impor- the great housing debacle of the past few Lazorchak and his colleagues prepared tant federal publications. So unless King or years,” Cameron concludes. a presentation to help the kids understand Rowling go to work for the government, how to capture, describe and preserve they will never be on the list. Invasion of the photo their digital photos, which included a Th e latest recommendation from the snappers warning about using social networks as “Government Book Talk” blog is “Fannie Digital Preservation blog primary storage options. History has Mae, Freddie Mac, and the Federal Role blogs.loc.gov/digitalpreservation shown that those sites don’t last forever. in the Secondary Mortgage Market” by Th e library launched the “Digital Pres- the Congressional Budget Offi ce. Butch Lazorchak might be just a bureau- ervation” blog May 31 to complement its

“Like a lot of people, I’ve spent many crat in some people’s eyes, but he can other public outreach eff orts. STACYPEARSALL.PHOTOSHELTER.COM

14 June 20, 2011 FCW.COM Vendor Sponsored THINK Continuous Monitoring

oday’s federal IT cyber security landscape is And this is where McAfee is expertly positioned to help. undergoing major renovation to streamline costly Tsecurity operations and help senior federal officials McAfee can deliver all of the components agencies need gain greater visibility, along with the precise information to quickly and efficiently deploy a CAESARS-compliant they need to improve risk-based decision-making. cyber security infrastructure that can continuously monitor and assess all operational assets to improve both security There is no longer a reasonable argument to be made and compliance. against whether continuous monitoring is the right move for federal departments and agencies. Nearly a decade McAfee’s comprehensive security portfolio maps directly since the launch of the Federal Information Security to the integrated, end-to-end CAESARS reference Management Act – the law, its oversight and implementation architecture across all subsystems, including: Sensor, have done very little to actually improve security among Database, Presentation/Reporting; and Analysis/Risk executive branch agencies. Scoring. McAfee’s support for the Sensor Subsystem, for example, covers all nine of the platforms on which Unfortunately, it takes time and effort to make federal CAESARS is expected to report, including end-user agency security compliance processes easier, mandatory devices, database servers, network servers and security and of greater value to the organizations that must report appliances. In addition, following the recent acquisition on their internal security posture. “A far more effective of Sentrigo, McAfee can now independently secure the solution to the security compliance challenge requires central repository of all CAESARS data. greater granularity in all aspects of reporting, and an increased use of automation,” said Ed White, Senior McAfee’s open and extensible framework made available Director of Business Development for McAfee Inc. via ePolicy Orchestrator® (ePO™), helps agencies to leverage their existing investments, both in McAfee and What has been missing from current federal IT security other third party security tools, to achieve the CAESARS practices is a practical process, implemented within a vision and resolve concerns surrounding how independent large federal enterprise that centers on risk-based security tools within a subsystem can communicate. In addition, controls. When properly deployed, organizations can use McAfee’s ePO can interface with all eleven of the data those controls to perform continuous monitoring and domains that must be interfaced with in the CAESARS measure their effectiveness. This is why the Department reference architecture, to achieve a mature continuous of Homeland Security (DHS) released Continuous Asset monitoring capability. Evaluation, Situational Awareness, and Risk Scoring (CAESARS) and CAESARS Framework Extension Making assessments on a continuous or nearly continuous (FE). CEASARS provides agencies with a technical basis is a prerequisite for moving IT security management reference architecture to guide in the implementation of from isolated assessments, to continuous risk management a broad-based continuous monitoring approach to as described in the latest guidance from the National security. The focus of CEASARS centers primarily on Institute of Standards and Technology (NIST) and supporting cyber security operations with compliance Office of Management and Budget (OMB). McAfee reporting as a byproduct of continuous security monitoring stands ready to help agencies seamlessly build the full and situational awareness. This reference architecture will end-to-end continuous monitoring solution they truly ultimately enable organizations to realize greater security, need to improve security, and make FISMA compliance by allowing agencies to leverage existing security tools reporting easier and more efficient. and minimize custom tool integration efforts.

For more information please visit www.mcafee.com THINK CURRENTS Recent articles and resources on technology and government HARD COPY

When insiders go rogue Source: Computerworld RECOMMENDED READING A security breach at the hands of a trusted insider is one of the most damaging Barriers to CIOs’ progress blows an organization can face — a lesson Source: TechAmerica underscored by the WikiLeaks debacle. TechAmerica released its 21st annual survey of federal CIOs last month. Among But those breaches might be a lot more other questions, the organization asked respondents to rank the ﬁ ve great- common than you think, given that three- est barriers to increased eff ectiveness. Not surprisingly, inadequate budgets quarters of such lapses are dealt with rose to the top of the list, after three years in third place. Tight budgets bring outside the public eye, according to a competition for resources, which is why “conﬂ icting priorities among program security industry study. units” came in second. Th e three most common mistakes organizations make are inadequately vett ing CIOs seemed to have gott en many obstacles have grown so much.” employees, being sloppy in managing of the externally directed initiatives Th e report off ers insight into the access privileges and failing to spot warn- — those demands from complex challenges ing signs in employee behavior, writes by Congress and the Offi ce facing federal CIOs, Tam Harbert in Computerworld. of Management and but the authors write Harbert profiles incidents at three Budget — under con- that “if there is a single unnamed companies — two in the trol in 2011. But “CIOs major conclusion from Fortune 500 — in which once-trusted continue to complain, as the 2011 federal CIO employees went rogue for personal fi nan- do so many top leaders, survey, it is that suc- cial gain or as an act of revenge. Bett er of having litt le time to cess in IT has more to prevention requires a combination of plan strategically, given do with leadership and technical measures and more careful daily demands,” Tech- good management than employee monitoring. However, per- America’s report states. with hardware, soft ware suading your organization’s high-level “Finally, the pace of and communication net- executives to invest in those activities technology change has not slowed works. If technology is the future of will likely be your fi rst challenge. down in the past few years, so we defense and government service, then think that it is lower down the 2011 it is about time we started managing it Celebrating the network barriers list simply because the other bett er than we do today.” revolution Source: Network World Twenty-three years ago, Network World of the information services that Greene ing on our productivity and well-being. covered the federal court decision that helped accelerate. So to set the record straight, Tobak allowed the seven regional Bell operat- Th e story also sizes up where that ubiq- offers 10 truths about multitasking. ing companies formed by the breakup uitous connectivity will likely take us Among his conclusions: “Interrupting of AT&T to get into the information next: Internet-connected devices — from what you’re doing to constantly check gateway business. dishwashers and nanny cams to power e-mail and tweet isn’t multitasking — it’s At the time, Judge Harold Greene said lines and roadways — will cooperate distraction, plain and simple.” his ruling would stimulate the market and with minimal intervention to make our Furthermore, “in the real management help make information services avail- society more effi cient and productive. world, the only defi nition of multitasking able to small businesses and residential that matt ers…is the concept of switch- customers. The truth about multitasking ing between tasks or interrupting one As part of its 25th anniversary coverage, Source: Bnet task in favor of another,” he writes. “It’s Network World recently took stock of our Steve Tobak, writing for Bnet’s “The how we prioritize functions and tasks current hyper-connected world and the Corner Offi ce” blog, takes issue with all in real time. It’s necessary and critical to profound political, social and economic the recent studies and articles blasting the performance of any management or changes that resulted from the expansion the negative eff ect multitasking is hav- organizational system.”

16 June 20, 2011 FCW.COM COMMENTARY By Alan Balutis ON THE ROAD TO A MOBILE WORKFORCE

The Telework Enhancement Act of 2010 has with disabilities and working parents. Alan Balutis is senior ■ director and distinguished generated tremendous momentum for eff orts to Continuity of operations. Federal agencies fellow at Cisco Systems’ increase workforce mobility options for federal recognize the importance of incorporating mobil- Internet Business Solutions Group. Th is article is drawn employees. Th e act paves the way for the federal ity into COOP planning. However, a mobility from a longer white paper co- government to unlock signifi cant benefi ts, includ- strategy for COOP will look very diff erent from a authored with Albert Cho. Th e full paper is available at www. ing greater productivity, resilience, environmental traditional telework plan and will require iden- teleworkexchange.com. sustainability and employee inclusion. Moreover, tifying critical functions, training select employ- it creates accountability for achieving those objec- ees, running scenario exercises and investing in tives in the form of telework managing offi cers resilient infrastructure, such as virtualized desktop (TMOs), senior offi cials responsible for telework PCs that can run securely on any device to ensure policy development and implementation. continuity in crisis situations. Realizing the act’s objectives will require a ■ Sustainable energy use. Telework can help signifi cant departure from current practice. To reduce energy consumption in at least two ways: by date, agencies have focused on increasing telework reducing the amount of transportation required and participation rates through advertising, employee by decreasing offi ce space and utility requirements. training and resolving technological barriers. A mobility strategy that increases the frequency and Meaningful progress toward the act’s other goals regularity of telework can enable offi ce reconfi gu- — including emergency readiness, energy use, rations to decrease the amount of square footage recruitment, retention, performance and productivity — will require developing integrated mobil- Fully realizing the beneﬁ ts of telework ity strategies linked to agency business objectives. will require a signiﬁ cant departure As the fi rst TMOs assume their roles, they have from current practice. a unique opportunity to use workforce mobility — which includes telework and a broader range of tools and systems to enable productivity anywhere, anytime and on any device — as a catalyst to create a more fl exible, productive and inspiring per employee and, in turn, reduce real estate costs, federal workplace. energy use and greenhouse gas emissions. A brief look at several business objectives high- Th ose examples demonstrate the degree to lights the importance of integrated planning. which complementary but separate policy objec- ■ Enhanced productivity, satisfaction and tives generate diff erent requirements that might retention. Perhaps the most obvious rationale not be addressed by a focus on increasing casual for an aggressive telework strategy is the opportu- telework participation rates. A policy of encourag- nity to increase employee productivity, happiness ing telework across agencies is a “no regrets” move, and retention. Offi ce of Personnel Management but it is insuffi cient to achieve signifi cant progress fi ndings show that teleworking employees have toward the business objectives outlined in the a bett er understanding of work expectations and Telework Enhancement Act. To unlock the true higher job satisfaction than respondents not able benefi ts of workforce mobility, TMOs and agency to telework. Cisco Systems’ research indicates that leaders must embed mobility within the broader for every 60 minutes employees save on commut- context of strategic planning. ing, they work an extra 40 minutes. Th e Telework Enhancement Act provides the ■ Inclusion and diversity. Cisco’s research has federal government with an exciting opportunity also established that mobility tools can help older to reshape the workplace. Going beyond mere employees stay engaged — an important consid- compliance can enable the government to make eration given that almost 25 percent of the federal real progress toward its business objectives and workforce is at or near retirement age. Flexibility is become more productive, inclusive, resilient and also important for other groups, including people sustainable.

June 20, 2011 FCW.COM 17 COMMENTARY By William R. Dougan WORKFORCE DOLLARS AND SENSE

Since Republicans were swept into the major- safety inspectors when we should be spending William R. Dougan is president of the National ity in the House last November, there has been our time looking for real cost savings in waste- Federation of Federal a great deal of conversation about debts, defi cits ful corporate subsidies or legislators’ pork-barrel Employees. and the proper size of government. Predict- projects? ably, many of the discussions have focused on Finally, it is imperative that Congress work reducing the size of the federal workforce, be it with federal employees and their union repre- through att rition, hiring freezes, buyouts or some sentatives to fi nd a solution to our budget issues. combination of the three. No one understands the everyday operations of Opinions vary greatly on where to make the federal agencies the way their employees do. By cuts and by how much, but most propose reduc- tapping the vast institutional knowledge of 2.1 ing the workforce in an ambiguous and oversim- million dedicated federal workers, it is possible plifi ed fashion. to save billions of dollars. It would be foolish to In May, Congress considered various propos- hand down cost-cutt ing decisions from Capitol als at a hearing titled “Rightsizing the Federal Hill without fi rst consulting the people who do Workforce.” In my testimony, I off ered one basic the work. principle to guide any potential eff ort to reduce Given the realities of our federal budget situ- the workforce: Government is not measured ation, downsizing is appropriate at some federal by the number of employees; it is measured in dollars and cents. Any proposal that reduces the Recent proposals to reduce the number of federal workers at an agency without a corresponding reduction in the agency’s mandate federal workforce are ambiguous will shift that work to contractors, who oft en and oversimpliﬁ ed. cost more and operate with less transparency. If lawmakers are intent on reducing the size of government, it is imperative that cost be the ultimate measure. A second principle beckons Congress to agencies. However, lawmakers are going to look at the entirety of the federal payroll rather have to make some tough choices about which than just federal employees. Today, the federal programs to reshape, scale back or discontinue. contract workforce stands at about 10.5 mil- A nonstrategic approach to cutt ing costs that lion, which is roughly fi ve times the size of the simply mandates signifi cant personnel reductions federal civilian workforce. By focusing exclusively would fail to achieve savings and would cause on federal employees, lawmakers are excluding wastefulness and disarray at numerous agencies. about 80 percent of the positions funded through On the other hand, rightsizing the workforce federal agencies. Th ere must be a shared sacrifi ce could result in hiring more VA doctors and by government and industry if lawmakers are nurses, Customs and Border Protection offi cers, serious about downsizing. and people to fi ll other critically understaff ed A third principle requires our elected offi cials federal positions. to be specifi c about which services they want to It is essential that the principles outlined cut and which they do not. Th e worst mistake above become the foundation of a thoughtful that lawmakers could make would be to imple- and deliberate analysis before proposing any ment a broad-brush, one-size-fi ts-all scheme to downsizing, upsizing or rightsizing. reduce the workforce without fi rst considering the impact to the vital services on which the American people rely. Why risk losing thousands of critically needed Veterans Aff airs Department doctors and nurses, Border Patrol agents or food

18 June 20, 2011 FCW.COM COMMENTARY By Gary Winkler AKO: SO MUCH MORE THAN E-MAIL

The Defense Department is faced with huge sions with reduced manpower support. Gary Winkler, founder of Cyber Solutions and Services, challenges in accomplishing critical missions in In the past year or two, AKO’s relevance has served more than eight years the new era of declining federal budgets. Unprec- been questioned by some senior offi cials who in the Senior Executive Service for the Army’s CIO edented levels of effi ciency must be achieved for think its main value lies in providing e-mail to and acquisition organizations. organizations to eff ectively accomplish their mis- every soldier, civilian, retiree and family member. sions in that fi scal environment. But enterprise knowledge management — not In the 1990s, when the nation was focused enterprise e-mail — is the true value proposition on balancing the federal budget, knowledge of AKO. management became a way to work smarter and However, because AKO’s e-mail capability do more with less, as the saying went. During was designed to scale to all of DOD and enhance that period, the Army began to weave knowledge knowledge management features within the Web management policies and practices into all opera- portal, it cannot be ripped out to provide any tions, creating Army Knowledge Online in the savings. Th ere is no equivalent to AKO, and there late 1990s and creating a chief knowledge offi cer is no economical, timely way to replace it or its position, which I fi lled from 2003 to 2007. In capabilities, including e-mail. 2005, the AKO program offi ce created Defense Keeping in mind that our soldiers, sailors, Knowledge Online (DKO), which still serves airmen and Marines are AKO/DKO’s most hundreds of thousands of DOD users. AKO has become the Army’s “secret sauce.” Enterprise knowledge management, It provides powerful multiplier eff ects for nearly every major eff ort and system, stretching bud- not enterprise e-mail, is the true value gets, developing personnel and enhancing unit proposition of Army Knowledge Online. operations. For example, AKO provides identity, authentication and help-desk services for more than 1,000 applications. By providing those services centrally rather than requiring unique services for each application, the Army saves important customers, their use and feedback are more than $500 million per year. Th at is a budget proof of the real value of AKO. Almost 500,000 multiplier. users log into AKO/DKO every workday, with From a force-multiplier perspective, AKO as many as 200,000 daily log-ins on holidays and provides real-time reachback across the globe. weekends. And our service members depend One example is foreign language translation on it for much more than e-mail. AKO’s knowl- services, in which documents captured from edge management mission is to securely connect enemy combatants are uploaded into AKO, sent those who know with those who need to know. It back to linguistic experts in the United States for has woven many capabilities together to capture, immediate translation and then returned to tacti- store and transfer knowledge. cal combat units for appropriate action. Scarce And let’s not forget AKO/DKO’s potential to human resources are optimized without endan- serve other federal agencies. Th e Veterans Aff airs gering more lives in combat zones. Department is considering putt ing 1,000 users As the Army seeks to reduce its military and on AKO instead of building its own knowledge civilian workforce by more than 30,000 people management solution. by 2015, AKO’s multiplier eff ect for personnel Th e end result is a capability multiplier relative development will be critical. Th rough AKO’s to budgets, people and organizations. Now more capabilities to locate any person or specialist in than ever, we need to capitalize on that invest- the Army and capture and transfer that knowl- ment. AKO/DKO is the Army’s — and poten- edge to other people and organizations, Army tially DOD’s — secret sauce. personnel will be able to accomplish their mis-

June 20, 2011 FCW.COM 19 COVER STORY

Former and current government offi cials share their tips for establishing a solid mentoring relationship

by Alyah Khan GUIDING LIGHTS

riscilla Guthrie is not the kind of person you would expect to seek out a mentor. P Th e former CIO for the Intelligence Community at the Offi ce of the Director of National Intelligence and a high-level Defense Department offi cial for years before that is someone others might turn to for guidance. All the same, Guthrie has a group of mentors whom she informally calls her board of directors. Th ey are the go-to people she has stayed in contact with throughout her long career. To create balance, she typically includes a senior-level leader from her current organization, a peer in her fi eld, a subject-matt er expert and someone from her personal life. Although she doesn’t speak to her board members all that frequently these days, they still function as an easily accessible advice network, Guthrie said. Successful federal leaders oft en credit mentors with helping them advance in their careers. Th ose advisers devote time to showing newer federal employees the ropes and sharing their expertise. A mentoring relationship for younger or less experienced feds gives

them the chance to fi ne-tune skills and learn aspects of a job that aren’t HAMID ZAID

20 June 20, 2011 FCW.COM Priscilla Guthrie, center, and two members of her board of directors, Margaret Myers of the Institute for Defense Analyses and retired Lt. Gen. Bruce Brown.

covered in the employee manual. Although some sources say mentoring is a labor of love “Mentoring is invaluable,” said Tom Fox, vice president that cannot be reduced to a science, experts off er a handful for leadership and innovation at the Partnership for Public of guidelines to help mentors and mentees make the most of Service. “It’s executive coaching on what the real-world appli- the relationship. cation looks like.” Former and current government offi cials agree that mentor- DEFINING YOUR OBJECTIVES ing is a vital but signifi cantly underused tool. Th e fi rst step is to recognize the value of mentoring, which For one thing, mentoring can be time-intensive, and feds can be diffi cult for some people. — like most professionals — are busy people. In addition, Most federal employees won’t seek a mentor on their own. there are no short-cuts to developing a strong connection Th ey might not even know it’s an option. Th at’s where federal between a mentor and a mentee. Furthermore, some people managers come in. Th ey can help employees understand the are reluctant to ask someone they admire to be a mentor out value of mentoring and how to set the process in motion. of fear of rejection. However, the ultimate success of the relationship depends So over time, mentoring has become an overlooked option on gett ing the employee fully engaged. for professional development. Mentoring is a learning relationship, which means that a “Some of the opportunities to learn your craft aren’t as easy potential mentee must identify what he or she hopes to gain anymore,” Guthrie said. “Mentoring is almost an alternative from the experience, said Lois Zachary, a mentoring expert way to work next to someone who knows something you and president of Leadership Development Services. want to know.” She advised mentees to list what they want to get out of a

June 20, 2011 FCW.COM 21 Your solution for: A data center that’s up to today’s challenges, and tomorrow’s.

Dell’s solutions for data center efficiency help government workers do

more with less. Powered by Intel® Xeon® processors, our solutions form

a highly flexible and scalable system, able to seamlessly offload data to the

cloud. Agencies can consolidate servers and storage and optimize networks.

©2011 Dell Inc. All rights reserved. Intel, the Intel logo, Xeon and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries. And automation and virtualization save energy, space and costs. Get more information, including a whitepaper on IT standardization, simplification and automation at Dell.com/FedDataSolutions. Or to speak to a Dell representative, call 1-866-810-8611. MENTORING

mentoring relationship. Sources said formal and informal “You need to carefully clarify what mentoring can be equally effective. it is that you need because you don’t Although formal programs can ease want to rely on chemistry,” Zachary concerns and provide a structured envi- said. “If you use criteria, you make a ronment, informal mentoring relation- bett er decision.” ships can be powerful because they arise Similarly, Dave Uejio, president of naturally. Feds might also choose to take Young Government Leaders, said feds advantage of both types of opportunities. must know what skills or competency Finding the right mentor in a sea of they want to strengthen with the help qualifi ed contenders can be challenging, of a mentor. but there are ways to narrow the fi eld. For instance, does a mentee want to learn about technical skills, leadership PICKING A MENTOR: skills or emotional intelligence, which is WHAT TO LOOK FOR more internally focused on issues such So how does one find the perfect as organizational skills and workfl ow? mentor? “We place a lot of responsibility on One easy fi rst step feds can take is to the mentee,” said Uejio, who is spe- “Mentoring is determine whether they already have a cial assistant to the director for human mentor, said Fox, who writes “Th e Federal resources at the National Institutes of invaluable. It’s Coach” blog for the Washington Post. Health. “If you’re directionless, you’re executive coaching If there isn’t anyone fulfi lling that need, not a good candidate for a mentoring on what the real- the next best step is to look around their relationship.” world application offi ce or within their team and choose As for what is expected of mentors, someone they admire, he added. A Uejio said young feds are looking for looks like.” manager can assist with making that information about organizational cul- connection. ture and specifi c aspects of their jobs. TOM FOX, PARTNERSHIP FOR PUBLIC SERVICE Another thing feds can do is mine their Once a mentee has a list of criteria network of contacts to fi nd potential men- and clear objectives, he or she must look tors. “Use your network to reach out.… for an appropriate mentor. Make yourself likeable, enthusiastic and A formal mentoring program at the mentee’s agency is interesting,” Zachary said. “Th e important thing to ask your- a great way to go about fi nding a match. If such a program self is if this person is going to challenge you to raise the bar.” doesn’t exist, federal managers can take it upon themselves Whether you’re the mentee or a federal manager who wants to help pair people together. to foster relationships between newer and more experienced

Speed mentoring: Advice in 15 minutes

Does mentoring always require a signifi- come prepared by providing information a federal employee who came to the expo cant time commitment? guides that explained everyone’s roles and because of the speed mentoring opportu- The answer appears to be no, if you con- the ground rules and also encouraged peo- nity. This particular fed, who doesn’t work sider the speed mentoring sessions orga- ple to come prepared with specific ques- at GSA, shared his aspirations and asked nized recently by the Federal Acquisition tions,” she said. “These targeted commu- Kempf how he reached the top slot at FAS. Fellows Coalition, an interagency group nication sessions can focus participants’ They also exchanged business cards. led by the Office of Federal Procurement attention on key areas of discussion or Kempf said it’s important to provide Policy and the Interior Department. interest and also provide the mentee a people with a sounding board for ideas. At the General Services Administra- variety of viewpoints to consider.” “Everybody in their career is working in a tion Expo in May, the coalition held four Senior officials, including GSA Admin- nonstop learning environment,” he said. mentoring sessions that lasted 15 minutes istrator Martha Johnson, took part in the “We look at people at FAS as one of our each. About 85 mentors and mentees speed mentoring, giving feds access to greatest assets.… Spending time and participated, said Joanie Newhart, OFPP’s leaders they wouldn’t normally interact helping them with their careers enrich associate administrator for acquisition with on an individual basis. their experience of working here, [and] workforce programs. Steve Kempf, commissioner of GSA’s they’ll be excited to come to work each “In order to get the most out of the Federal Acquisition Service, also partici- day.”

sessions, we encouraged participants to pated in the sessions. He said he met with — Alyah Khan WIEGOLD DAVID

24 June 20, 2011 FCW.COM employees, you should ask yourself if over the phone or a mix of the two. a potential mentor is willing to deliver Th e ground rules should also touch honest feedback, has the time to par- on the relationship’s boundaries and ticipate in a learning relationship and, defi ne inappropriate topics, Zachary perhaps most importantly, has a per- said. Workplace confl ict, for instance, sonality that is compatible with the would likely fall in the inappropriate mentee’s, experts say. category. Guthrie, who is a longtime mentor And both parties must bring a certain as well as a mentee, said she believes level of commitment to the relationship. the best mentors are people who are “Th e focus should be on the mentee’s comfortable with themselves and can goals and on building, supporting and enjoy other people’s success. “You don’t sustaining the relationship,” Zachary want someone who is competitive with said. Th e mentor and mentee should you,” she said. “work collaboratively to establish goals Molly O’Neill, vice president of the that are mutually understood.” CGI Initiative for Collaborative Gov- If the fi rst meeting goes well, the ernment and former CIO at the Envi- mentee should schedule a follow-up to ronmental Protection Agency, said the “Everybody in their ensure that the conversation continues. good news for IT employees looking for career is working in mentors is that the federal IT space is a MAKING MIDCOURSE close, networked community. a nonstop learning CORRECTIONS AND Choosing a mentor is only part of the environment. We EDUCATING MENTORS process. A mentee also has to ask the look at people … as Some mentoring relationships last for person for his or her advice and time. one of our greatest decades, while others span only a few Th at can be diffi cult for some people. months or even a few minutes. To make it less intimidating, the men- assets.” Th e length of the relationship — par- tee might fi rst ask a potential mentor ticularly in an informal situation — is to join him or her for a cup of coff ee, STEVE KEMPF, directly aff ected by the ability of the Fox said. Formally asking someone to GENERAL SERVICES ADMINISTRATION people involved to periodically assess be a mentor can be uncomfortable for how things are going. both parties. An invitation to meet over Zachary said mentors and mentees coff ee, on the other hand, is friendly and low-key and gives must talk about the progress they are or aren’t making and the mentee and mentor an opportunity to see whether the determine if changes need to be made, which she referred to relationship will work. as midcourse corrections. Once the match has been made, it’s up to the two people Another factor to consider is how to make the relationship involved to prepare for that fi rst important meeting. As with a learning experience for the mentor. People oft en assume most aspects of a mentoring relationship, most of the onus mentoring is a one-way street, but mentees should think about falls on the mentee. ways to be of assistance to their advisers to ensure that benefi ts fl ow both ways, Fox said. SETTING THE AGENDA AND GROUND RULES Zachary agreed that a mentoring relationship is meant to Th e quickest way to sabotage a mentoring relationship is to be reciprocal. For the mentor, the connection with a younger inadequately prepare for that fi rst meeting. or newer fed might expand their professional perspective, help Uejio said mentees should think about what they want to them understand generational diff erences or even learn about get out of the relationship for at least as long as the meeting new technology. will last. Otherwise, the appointment will turn into a less And being a mentor provides the chance to pass on essential productive venting or counseling session. skills and serve as a model for the next crop of government Mentees should always have an agenda for their meetings leaders and managers. with mentors. It’s best if the conversation’s purpose is deter- Nevertheless, even if all the above-mentioned steps are mined and structured in advance, Fox said. followed, feds might fi nd themselves matched with a mentor However, the mentee isn’t the only one with responsibility. or mentee who just doesn’t fi t. Mentors should inform their mentees that they expect them If that happens in a formal program, the mentee or men- to be organized and prepared. tor should inform the person in charge and explain the cir- Another shared task is to come up with the relationship’s cumstances as soon as possible. If the relationship happened ground rules, which is a crucial part of the process. naturally and something goes awry, either party should politely Ground rules can address issues such as how oft en conversa- tell the other that it’s not working for whatever reason and try

STAN BAROUH STAN tions will take place and whether they will happen in person, again with someone new.

June 20, 2011 FCW.COM 25 SERVING UP THE FUTURE OF IT

By John Moore

A shift to the cloud services model can mean big changes for how agencies manage IT

hen Utah decided a pri- Wvate cloud was the way to accommodate a statewide data center consolidation project, it fundamentally changed how its IT department does business. Th e department has gone from the equivalent of a build-to-order machine shop to an e-commerce provider — with implications for everyone involved. “Before, customers would oft en specify, ‘We want this server,’” said Dave Fletcher, Utah’s chief technology offi cer. “Th ey would get into the details of the IT requirements. Now that is more transparent to them.” Agency customers now visit the Department of Technology Servic- UTAH’S SELF-SERVICE CLOUD STOREFRONT es’ website to fi nd what they need. Step 1: Utah state employees in need of IT services visit the Among other things, they can choose Department of Technology Services’ website, where they can request infrastructure as a service, which uses services, get help, review their bills and perform other tasks. Step 2: virtual servers rather than physical After clicking on “Get A Service,” customers can choose from a menu of services, such as desktop PC management, hosting, storage and boxes, or soft ware as a service (SaaS), security. Step 3: After selecting a service, a tool guides users through which provisions the application and the provisioning process. server platform in one fell swoop. Th e

26 June 20, 2011 FCW.COM department also lists rates for its cloud products and off ers diff erent performance needs and budgets. them on a subscription basis. Th at model will become increasingly common at the federal It’s a services-focused, fee-based cloud model that will likely level as agencies consolidate data centers and look for opportuni- appeal to CIOs across government because of its fl exibility, ties to share centralized infrastructure among diverse end users. cost-effi ciency and responsiveness. For example, Commerce’s Census Bureau, which is developing Gett ing there, however, will take more than simply repack- a private cloud, plans to off er services to other agencies begin- aging technology. In many cases, IT departments will need to ning this month. signifi cantly modify the way they operate, how they plan and “Once you start providing services to other organizations, pay for the infrastructure they build, and the kinds of skills those types of availability measures and other types of metrics their employees need to have. need to be articulated and documented,” Szykman said. “Some of the main things that are going to be aff ected are Typically, a service catalog on the IT department’s website things around the management side rather than the technical plays that documentation role. Catalogs usually list services, side,” said Bob Monahan, director of management information corresponding SLAs and the prices associated with them. Utah’s systems at Dynamics Research, an IT consulting and services site also has a wizard to guide end users through the online profi rm. “You are going to be managing most of your acquisitions visioning process. in the form of service-level agreements as opposed to [saying,] So far, agencies have adapted well to the IT department’s new ‘Let’s buy x number of CPUs.’ Th is is not a straightforward operating style. Buyers “are gett ing accustomed to being focused change.” on services rather than on hardware and soft ware,” Fletcher said. “And we are making more and more of those services available BECOMING A SERVICE PROVIDER through the Web interface. It is more of a self-service process in Indeed, the server-to-service shift is a key component of the which they are able to be provisioned immediately.” management makeover, which means the task of provisioning takes on a whole new shape. CLOUD ECONOMICS “If you are going to go with a hybrid or private cloud approach... Another issue with providing cloud services is knowing how you are going to need to look extensively at how you are going to price them. Th at could be new territory for IT shops that to provision that,” Fletcher said. haven’t previously charged internal customers. But even groups Utah’s model is a hybrid that combines a private cloud with that have assessed fees before will probably have to rethink that public cloud services, such as Salesforce.com’s SaaS off ering. process for a cloud model, where there might be much greater Experts say agencies need to identify the kinds of services variability in use patt erns, some IT executives say. they want to off er and then build them with the cloud delivery “I don’t think anybody has really fi gured out how to do the model in mind. Th at means developing services that will be chargeback systems,” said Susie Adams, CTO at Microsoft shared among multiple customers instead of creating a series of Federal. “Most are still struggling with this: How do we charge individual solutions. the groups that are using the services Using SaaS as an example, Fletcher said: appropriately and make sure that gets “Instead of customizing solutions for every “How do we charge in their budget line items?” agency, you are providing soft ware as a ser- the groups that are Th e issue with cloud pricing is granu- vice. Th at needs to be a litt le more generic, larity, experts say. Agencies can have a but it has to have all the key capabilities... using the services diffi cult time fi guring out how to charge agencies are going to need. You’ve got to appropriately and customers for power consumption or be able to think through that in the devel- make sure that gets for using a certain amount of rack space. opment process.” “Agencies are not used to recovering Aft er developing cloud services, the next in their budget line costs with any granularity,” said Doug step for the IT department is to describe items?” Chabot, vice president and principal them in a way that potential buyers can solutions architect at integrator QinetiQ understand. Susie Adams, Microsoft Federal North America. “In some cases, they don’t “One area where things need to change recover costs at all.” in some organizations is how services are Recovering costs based on use requires articulated from an organizational perspective,” said Simon Szyk- a metering capability, but most agencies lack the soft ware man, CIO at the Commerce Department. necessary to gauge consumption. For example, IT groups should create service-level agree- In addition, cloud customers will need to transition funds ments (SLAs) for the services they off er — a way of thinking from capital budgets to operations and maintenance (O&M) that might not come naturally to organizations that manage IT budgets to pay for cloud subscriptions. Th at switch could for a single entity. Private clouds off er IT as a shared service, and force them to clear a bureaucratic hurdle or two. In addition, SLAs become important in such sett ings because a technology pay-for-use pricing introduces variability because actual use department might need to support multiple agencies that have might spike above expected consumption.

June 20, 2011 FCW.COM 27 PRIVATE CLOUDS

“It’s a diff erent budget for capital items versus O&M items,” Department’s soft ware developer community. It includes Soft - said Myles Weber, vice president of cloud and community wareForge, a free system for managing application life cycles, services at Appian. “It’s like buying electricity.... You are pay- and ProjectForge, a fee-for-service capability for development ing on a utility-based model for cloud services, and that has teams that need greater privacy. variability.” Forge.mil “requires far fewer administrators [because] it’s an Yet in some ways, the cloud makes pricing easier. Szykman enterprise service that greatly reduces the number of servers said an IT group might be able to develop a price for a virtual and databases to manage,” said Dan Gahafer, DISA’s Forge.mil server that amortizes the upfront technology investment and program manager. the costs for systems administration, maintenance and data But the platform also requires people with new skills. Gahafer center facilities. cited community managers — a recently added job category — “Th at can all be rolled up into a single unit cost per virtual as one example. Community managers work with the developers server,” Szykman said. “It can simplify pricing.” who subscribe to Forge.mil’s services. Nevertheless, IT organizations will need to get a handle on “A good community manager possesses a combination of their cost structures. “Th e key is for the service provider orga- analytical and people skills, combined with a deep understand- nization to know their cost model well enough,” Szykman said. ing of the products we use to provide the service, our business If it fails to do so, the IT shop might not be able to adequately processes and our organizational culture,” Gahafer said. recoup costs. And if an organization can’t bring in enough Szykman said the cloud has also had an eff ect on IT staffi ng money to support promised service levels, the cloud model at the Commerce Department. becomes unsustainable. “Th e skill set of a business IT service provider is not the same skill set needed to manage the physical IT infrastructure,” he THE IMPACT ON STAFFING said. For one thing, there’s a big diff erence between the expertise Cloud computing’s reliance on virtualization and consolidation needed to write SLAs and the skills involved in patching servers. means less hardware to house and maintain. Th e cloud’s tendency to ease personnel demands coincides Utah used VMware technology to virtualize servers, with the stark economic realities many agencies face. Utah’s which allowed it to shrink the number of servers from 1,800 data center consolidation has helped the state deal with declin- to 500. Th at smaller population helped the state reduce its ing budgets and reduce IT department staffi ng by 20 percent data centers from more than 30 to two, for a savings of about through att rition rather than layoff s, Fletcher said. $4 million a year. Utah offi cials, however, continue to look for people who can In addition, the shrinking hardware population typically write applications for the state’s cloud. “We’re always in need of reduces the number of IT employees needed to manage serv- developers who have skills like Java and .NET and can develop ers and soft ware. applications that are customer-facing,” Fletcher said. Th e Defense Information Systems Agency experienced a Utah’s experience sums up a central challenge of private shift in personnel with its Forge.mil line of services. Essentially clouds: It’s a computing transition that is as much about people a platform-as-a-service off ering, Forge.mil supports the Defense and processes as it is about technology.

Automation tools: A must for private clouds

Agencies seeking to run and managing any physical imperative to being able to also target that sector. their IT departments using resources. identify and resolve issues However, Jeff Deacon, a services-oriented cloud The ability to man- and prospective incidents managing director of cloud model should strongly con- age services for multiple before they occur.” services at Verizon Business, sider automated tools to customers requires more Automation is also essen- said agencies might not ﬁ nd help them root out delivery detailed visibility into the tial when it comes to the everything they want in one problems and ease service inner workings of the tech- ability to provision resources product. “I have yet to see provisioning, experts say. nology, said Dan Gahafer, on the ﬂ y and deprovision a commercial product that Cloud automation could program manager of the them when they are no lon- provides a complete end-to- mean a single integrated Defense Information Sys- ger needed, he added. end solution,” he said. platform or a collection of tems Agency’s Forge.mil, a Agencies have a number Verizon Business took a tools. It starts with a service software development plat- of automation options. BMC do-it-yourself approach to catalog and the automated form for Defense Depart- Software, Cisco Systems, automating its cloud service features that help custom- ment users. Hewlett-Packard and IBM with a solution that includes ers select the services they Automation “is no longer are among the vendors some commercially available want. It then moves into just nice to have,” Gaha- providing such products, and components. monitoring cloud services fer said. “It’s an absolute many start-up companies — John Moore

28 June 20, 2011 FCW.COM Collaboration Tools 6SHFLDO5HSRUW ROODERUDWLRQWHFKQRORJ\FDQKHOS &UHGXFHWUDYHOFRVWVLPSURYH SURMHFWPDQDJHPHQWDQGKHOSVSHHG GHFLVLRQPDNLQJDFFRUGLQJWRD 0DUFK)RUUHVWHU5HVHDUFKUHSRUW 7KH6WDWHRI&ROODERUDWLRQ6RIWZDUH ,PSOHPHQWDWLRQVEXWWKH PDMRULW\RIFRPSDQLHVVXUYH\HGDUHQ¶WQHFHVVDULO\JDLQLQJ WKRVHEHQHILWV2UJDQL]DWLRQVPXVWJRLQWRDQ\FROODERUDWLRQ LPSOHPHQWDWLRQNQRZLQJH[DFWO\ZKDWWKH\DUHKRSLQJWR DFKLHYHDQGKRZWKH\ZLOOPHDVXUHWKHVXFFHVVRIWKHLUSURMHFW

Let’s talk about it

Although they no longer qualify as a new tool, wikis can help organizations better manage training, daily operations and collaborative activities.

Status update: We own it

The proliferation of content on social media and collaboration sites has created archiving and e-discovery headaches for agencies that might need to quickly deliver that content for litigation or a Freedom of Information Act request.

Can you see me now?

The latest and greatest phones make it increasingly possible for employees to lead or join video conferences from just about anywhere that has a lightning-quick wireless connection.

Choosing the right service provider

The first step organizations need to undertake is to figure out what they’re looking for in a software or services partner.

My data in the clouds

The adoption of cloud services eases internal collaboration and can open data to the public, but it also creates significant management and security hurdles.

Online report sponsored by:

Go to: FCW.com/ CollaborationTools Making Cloud Achievable Digital Dialogue: Webcast Overview

Highlights from CDW-G’s three part webcast series on cloud computing

To Cloud or Not to Cloud? Friedman. And there are also different cloud deployment Speaker: Janice Haith, Director, Assessment and Compliance and Chief methods: with private clouds the infrastructure is operated Information Officer, Information Dominance Directorate, U.S. Navy exclusively for a specific organization, either internally or Speaker: Allan Friedman, Fellow, Governance Studies, by a third party; with community clouds the infrastructure The Brookings Institution is shared by several specific organizations; with public Moderator: John Monroe, Editor, Federal Computer Week cloud the infrastructure is made available to the general he answer to the question whether or not federal public and owned by the provider, and hybrid clouds are Tagencies should move to the cloud is becoming clearer, a combination of multiple clouds that interoperate, thanks to much discussion about the benefits as well as explained Friedman. federal mandates to consider the model. And so, with a With all of these definitions, conditions, and models, number of advantages expected from cloud, the next it’s no wonder agency IT managers are scratching their question becomes how do government organizations heads about where to start. In order to increase the decide which applications or data are right for the cloud? success rate of their cloud initiatives, agencies should Taking care to consider a number of factors will help carefully consider a number of factors when transitioning agencies pick the right IT elements to put in the cloud, to the cloud. therefore increasing chances for success and maximizing The first is making sure there is a clear understanding of return on investment. the agency’s existing architecture and what that structure The definition of cloud computing has taken some was developed to achieve. “As you shift into the cloud time to gel, but the industry seems to be settling on a set you have a rare opportunity to understand your current of characteristics to define the model, thanks in large architecture and how it will change,” said Friedman. part to the definitions developed by NIST. The five major “Planning meetings are invaluable to take time out and attributes of cloud computing are: broad network access; say ‘What is our information architecture?’” resource pooling; rapid elasticity of resources; measured Planning should include selecting which IT services to service so users only pay for what they use, and on-demand move to the cloud and when, as well as reasons for moving self service so users can manage computing resources these elements to the cloud – be it for greater efficiency, themselves, said Allan Friedman, Fellow with The agility, innovation, or other goals. And in evaluating cloud Brookings Institution governance studies, who spoke readiness, issues such as market availability of services, during a recent webinar on cloud computing. But the organizational readiness, and where the organization is definitions don’t end there – cloud services break down in its technology lifecycle should be considered. into Software-as-a-Service (SaaS), or a service that lets Once selection is completed, provisioning decisions users run a provider’s application on a cloud architecture; should be made so that agencies can aggregate demand Platform-as-a-Service (PaaS), meaning providers offer where possible, ensure interoperability and integration users managed infrastructures and interfaces so they can with the existing IT infrastructure, and gain value by build and control applications; and Infrastructure-as-a- repurposing or jettisoning legacy systems, says Friedman. Service (IaaS), defined as providers offering computing The third phase is to manage cloud migration so that the resources that users can deploy software on, says collective IT mindset shifts from focusing on assets to

Go to http://fcw.com/webcasts/list/eseminar-list.aspx for the complete listen/learn transcript of each webinar. Vendor Sponsored

services, new skill sets are acquired as needed, SLAs the provider will devote more resources and expertise to are monitored to ensure compliance and continuous security than a typical organization. This may be true, improvement, and vendors and service models are said Friedman, but at the same time the cloud model re-evaluated on a regular basis to maximize benefits and introduces new risks that wouldn’t exist in a more minimize risk, he said. traditional IT environment. “The [cloud] provider could become the Fort Knox The five major attributes of cloud computing model that everyone would like to attack, and it could are: broad network access; resource pooling; be someone tries to break into the infrastructure that’s rapid elasticity of resources; measured service completely unrelated to you, but you’re connected with the actual attack, and so it could potentially hurt your so users only pay for what they use, and information’s confidentiality or integrity,” he explained. on-demand self service so users can manage Agencies need to ensure that cloud providers can computing resources themselves. maintain the confidentiality of their data, the availability of their systems, the integrity of their processes, and – Allan Friedman, Fellow with The Brookings provide accountability of actors, Friedman added. Institution governance studies Other concerns include how reliably a cloud provider can deliver backups and contingency plans, how easily an agency’s data can be extracted from a provider’s cloud if Noting that the selection phase can be difficult, that agency wants to move to another provider, which Friedman offers some basic guidelines to federal federal regulations the provider adheres to, and what agencies: Infrastructure and operations are easier to happens should the cloud provider go out of business. consolidate or outsource; moving to a public cloud for non-sensitive data that needs to be widely disseminated U.S. Navy Considers Cloud makes sense for an initial step; new projects that are The U.S. Navy is currently in the process of evaluating expected to grow might make sense for cloud deployment how adopting a cloud computing model could increase due to the model’s elasticity and scalability, and contracts efficiencies and enable distributed computing to support that are up for renewal or can be renegotiated – as well as its global operations, said Janice Haith, Director, high-cost IT services – are also good candidates for the cloud. Assessments and Compliance and CIO with the Information Dominance Directorate of the U.S. Navy, Cloud Concerns who also spoke during the webinar. However, there are While moving certain IT assets to the cloud can be some additional challenges that need to be overcome, she done relatively easily, such a decision shouldn’t be taken said. The Navy must determine which of the applications lightly as there are a number of issues that raise concerns it runs are essential and virtualize them, as well as increase among agencies. its server utilization rates. “We’re in the process of going The top concern, particularly for government agencies, through that, it’s a challenge we need to overcome in is security. The argument can be made that security is order to get to cloud,” she explained. increased in the cloud because protecting customers’ data Another consideration that the Navy needs to make is paramount to the cloud provider’s success, and therefore regarding cloud computing is whether bandwidth

Go to http://fcw.com/webcasts/list/eseminar-list.aspx for the complete listen/learn transcript of each webinar. Making Cloud Achievable

concerns will grow in the cloud. Network capacity is a of the current data center; to improve continuity of challenge for DoD, due to Internet-based activities that operations, and to adhere to data-center consolidation span the globe and therefore place a drain on network and green IT federal initiatives. OJP was experiencing a resources, said Haith. There are also performance concerns significant increase in volume of grant applications and stemming from the possibility of increased overhead had to adapt as quickly as possible – another reason for generated by the move to both virtualization and the choosing cloud, said Santa. cloud, she said. The decision was made to go with a private cloud Determining the best cloud model for DoD is proving that offered on-demand self-service provisioning – the a challenge as well. A community cloud would save on infrastructure can be expanded or contracted in less than resources, but introduces issues regarding which agency an hour, Santa said – elasticity of service so that different users should have access to what data. However, going capabilities can be delivered to different environments, and with a private cloud model could impede information real-time replication of data across the OJP’s three sites. sharing with other government agencies, as well as with As a result, the OJP has made the transition from private industry and with foreign partners. “Deploying a siloed applications to a common application platform; model that balances [both] becomes a major challenge from redundant services to services as a utility; from across DoD,” Haith said. “If we don’t balance all of this inconsistent revision levels to standardized revision levels, we may see ourselves moving to a cloud model that we and from limited to enhanced operational monitoring, can’t sustain in the future.” he said. “Call us crazy for tackling this, but we had high Cloud Transition Check List confidence we could get it done,” Santa said. Speaker: Angel Santa, Deputy Chief Information Officer, Office of Justice Programs, U.S. Department of Justice Lessons Learned Moderator: John Monroe, Editor, Federal Computer Week Santa learned that, just as vendors and consultants will The U.S. Department of Justice’s Office of Justice say, virtualization is the key to cloud and must be done Programs (OJP) is leveraging cloud computing to help first at the application, platform and infrastructure level. fulfill its mission of increasing public safety by providing Among the other lessons learned was the important of grants to criminal justice departments. OJP recently moved planning, said Santa. “More than any other project that to a private cloud that deploys services – including some I’ve been involved in over many years…we did an enormous mission critical applications – to headquarters in amount of planning before we began to work,” he said. Washington, D.C., an office in Rockville, MD, and “There were so many new technologies we were looking another in Dallas. at and so many approaches to get the job done, we had to “From a functional perspective, what cloud means is it make sure we covered the vision, the financial and human has really given us greater flexibility in abstracting our resources with the right skill sets, and that we had all the infrastructure and delivering a series of services,” said [management] support needed at all levels,” he said. OJP deputy CIO Angel Santa, who spoke during another Also important was making sure the group had a webinar in a three-part series about cloud computing. clear understanding from its cloud service provider The driving factors behind OJP’s move to the cloud regarding the type and quality of service it expected, were the need to continue meeting its operational demands and agreement up front on what security measures, as well as support the division’s future vision; to deal tools, and monitoring capabilities were available, said with the existing aging IT infrastructure and limitations Santa. Internal communication was also important.

Go to http://fcw.com/webcasts/list/eseminar-list.aspx for the complete listen/learn transcript of each webinar. Vendor Sponsored

“You’re not going to get this done if you don’t have all Much of these concerns stem from the fact that with the players at the table – security, operations, applications, the cloud model, agencies don’t have the physical control every aspect of an IT operation must be involved at all over IT systems that they do with traditional computing stages of effort because each and every one is affected,” models, said Donna Dodson, Division Chief of the he said. Also everyone must be in agreement of how to Computer Security Division and the Deputy Cyber deal with change during the transition to a cloud model. Security Advisor at NIST, during a third Webinar on Santa gave the example of an issue his group had to deal cloud. Even when technologies such as encryption and with – a new version of the Oracle database was released automated data backup are employed, there is still an during the transition to cloud, and Santa’s team had to issue of data exposure – particularly with a public cloud, decide whether or not to upgrade during the transition she said. And it’s not just the issue of the security of data period. “As you move to cloud, technology will change in in the cloud, it’s also ensuring that data gets in and out of the middle of it, so you have to be prepared to have the the cloud in a secure manner, she said, and protecting right folks talk about it,” he said. users from one another so that data isn’t comingled by Another crucial aspect of moving to cloud is to mistake. Other issues that agencies may grapple with understand how the cloud project will interact with include a cloud provider’s ability to respond to audit traditional IT systems you have running, as well as how findings, getting support from the provider for the organization will maintain the cloud application and investigations, and customers not being able to examine perform tasks such as configuration management, said cloud providers’ proprietary implementations. “As we Santa. “There’s just a massive impact on your whole IT think about the cloud framework, there really are some organization,” he said. “As you look at your staff, do they very important requirements, and these are areas that have skills necessary? If not, how do you bring the staff NIST is actively researching and working on to ensure up to [the required] skill level and complement that with appropriate standards are put in place for interoperability, experts from private industry? And make sure service and portability, and security,” said Dodson. “From a security support from consulting partners are right there at the table.” standpoint, you always want to ensure the confidentiality, integrity, and availability of information put in a cloud, Building the Cloud, Securing the Cloud just as if it were sitting in your own site. Standards and Speaker: Donna Dodson, Division Chief of the Computer Security specifications for these are critical components when Division and the Deputy Cyber Security Advisor at the National looking at building, deploying, and using cloud technology.” Institute of Standards and Technology (NIST). However, there are also some advantages to storing Moderator: John Monroe, Editor, Federal Computer Week data in the cloud from a security perspective. A level of This summer, GSA will formally launch its Federal homogeneity can be achieved by leveraging virtual Risk Authorization and Management Program (FedRAMP), machines, easing security auditing and testing, Dodson which is designed to accelerate and standardize cloud said, as well as enabling automated security management security assessments across the government. While the and improving redundancy and disaster recovery. program is expected to play a major role in the transition “There are some natural security advantages to to cloud, agencies will likely still have concerns over the supporting your data and information requirements in security, availability, and privacy of data in the cloud. the cloud framework,” Dodson said.

For more information, visit: www.cdwg.com. QUESTIONS FOR: RICHARD SPIRES CIO, Homeland Security Department CIO Council gets serious about best practices

ver since the Obama administration announced its ambi- Etious 25-point plan for reforming IT management last December, there has been a lot of interest in what role the federal CIO Council would take in implementing the plan. One of the major players is Richard Spires, the council’s vice chairman and CIO at the Homeland Security Department. Spires, who came to the government several years ago aft er two decades in the private sector, is push- ing the council to take ownership of key governmentwide initiatives and use its expertise to support the Obama administration’s plan. As part of his desire to ensure the success of IT programs governmentwide, he is establishing concrete ways for council members and other federal IT practitioners to share best practices with one another. He must balance all those activities with his leadership priorities at DHS, which include improving how the department runs its own programs. Spires met recently with staff writer Alyah Khan to discuss the importance of using best practices and building tighter relationships among CIOs and what the council is doing to support the administration’s IT reform eff ort. We want the council to be more than FCW: How has your experience as just a policy-making body. CIO at the Internal Revenue Service

and DHS shaped your goals as vice BAROUH STAN

34 June 20, 2011 FCW.COM chairman of the CIO Council? where we can share. We’re working on make them available 10 percent of the Spires: When I came to the [IRS that right now. time so they can be tutors. in 2004] aft er 20 years in the private We want the council to be more Programs that get off on the right sector,…I didn’t feel like there was than just a policy-making body. We foot have a high percentage chance a strong sense of community. For want it to really take some ownership that they will continue. Programs that instance, when I had a problem in here of some important cross-cutt ing get off on the wrong foot, there’s a trying to set up and do requirements government initiatives. I’ll give you very high percentage chance they’ll defi nition bett er within IRS for our one example: the [Federal] Data run into problems. It’s so critical to projects, I didn’t know where to turn. I Center Consolidation Initiative. We’ve get it right out of the gate. Th is idea of didn’t know where else in the govern- stood up a task force under the coun- bringing best practices — tools, tem- ment they did it well. cil, and I’m a co-chair of that together plates, advice — is, I think, one of the I couldn’t go to a site that told me with Bernie Mazer, [CIO at the Inte- true measures of maturity of whether or gave me best practices on how to rior Department]. Each agency can an institution or organization really do it. I’d really like to see us change work on [data center consolidation] knows how to run programs. that because there’s a lot of exper- itself, but there’s power in us working tise in the government. Th ere are together. FCW: What projects or initiatives has lots of pockets of excellence. But I the CIO Council undertaken to help don’t think we do a good job — even FCW: At the White House Forum on implement the Obama administra- within departments like this one — Transforming Federal IT Management tion’s IT reform plan? of highlighting those [pockets] and in April, you talked about best prac- Spires: Th e CIO Council is playing making that available to others — in tices. Why are they important and how a signifi cant role in implementing the the sense of artifacts or templates or do you use them successfully? 25-point plan in a number of areas. I tools that could be leveraged, but also Spires: I’ll give you an example. I’ve mentioned the Data Center Consoli- just expertise and advice. reviewed all 90-plus major IT pro- dation Task Force earlier. Th e [coun- Trying to build that community grams in this department. A lot of cil’s] Architecture and Infrastructure within IT I really believe is the job of times, you’ll fi nd a program manage- Committ ee is looking at cloud capabil- the federal CIO Council. In my tenure ment offi ce frankly won’t have all the ities and partnering with [the General as vice chair, I’d like to focus on two skill sets that it should have. Services Administration] on putt ing in things: 1) helping [Federal CIO Vivek Th ey’re off trying to run this pro- contract vehicles for cloud usage. Kundra] carry out the 25-point IT gram, but it’s very evident they aren’t We’re partnering the IT Workforce reform plan both as the DHS CIO bringing the state-of-the-art IT capa- Committ ee of the council with [the and as the vice chair, and 2) helping us bility to how you manage this stuff . I’ve Offi ce of Personnel Management] to build a stronger community in which become a big believer that programs look at the career track issues around we can institutionalize sharing and need help. Th ey can’t know it all. So program managers. best practices reuse across the how do you get the help? Th e CIO Council is partnering with community. I think it’s a combination of things. the [Chief Financial Offi cers] Council It’s both help in…[saying] here’s a and starting to look at what we’d like FCW: How do you plan to go about template for how you do a functional to have around budget fl exibilities. The building a stronger CIO community? requirements document…. Here’s a CIO Council is partnering with the Spires: One of the things we’ve really template on how you do a test man- [Chief Acquisition Offi cers Council] worked to strengthen is the [council’s] agement plan. It kind of walks you and looking at how we can bett er align Management Best Practices Com- through all the things you need to the acquisition with the IT function to mitt ee. We’ve got three leads who are consider. enable bett er delivery of programs in taking [the committ ee] seriously…and So it’s those kinds of artifacts… the federal government. I’m working with them. I’m staying that we want to put in repositories We’re really engaged mainly through engaged in this. and make available across the whole the committ ee structure in supporting We’re working to set up a true government. many of the elements of driving the community, an internal community, But it’s even more than that. Here’s plan. We’re doing that so we can get where not only the CIOs but IT a set of experts in testing…. Th ey uniformity of how agencies implement practitioners from across the govern- can give you advice. Here at DHS this across the board, rather than hav- ment can get together. We’re working we’re working to set up these centers ing each agency go out and do their to stand up a repository that would of excellence in various disciplines own thing on the 25 points. enable us to share or store best prac- both to pick the right artifacts, tools, Everyone is going to have to tailor tices and artifacts, tools, templates or templates and the like, but also to be [the plan] to their agency to some whatever it may be, as well as building experts. It doesn’t mean it’s their full- degree. But the degree to which we can a collaborative Web 2.0 environment time job, typically, but we’re going to have uniformity…is good.

June 20, 2011 FCW.COM 35 HOME PAGES:INSIDE DOD

By AMBER CORRIN DOD plays for high stakes with acquisition reform bid Tech initiatives could feel the facilitate or hinder progress, depending on the scope, pace and nature of future process, technology and cultural changes,” strain of DOD’s tug-of-war between Input’s report states. “Several factors could tip the scales and effi ciency and spending upset DOD’s progress toward transformation.”

IN SEARCH OF BALANCE Achieving transformation will hinge on the right balance of a number of factors, Peterson said. Th ey include the ability to break major change into manageable pieces and the speed at which acquisition reform is handed down and enforced. any government offi cials and experts Peterson emphasized that DOD offi cials must aggressively M have said there could be a silver lin- enforce new acquisition guidelines. She pointed out that the ing to the dark cloud hovering over government has pursued acquisition reform off and on for the Defense Department budget: Th e belt-tightening might decades with litt le to show for it. In part, the problem might yield improved effi ciencies and a leaner, more agile organiza- be that such eff orts oft en take a piecemeal approach rather tion. But will shrinking coff ers and the launch of a number of than making signifi cant changes. high-profi le, far-reaching eff orts make it impossible to right Still, it’s not all bad news. Trey Hodgkins, vice president of the ship in mid-storm without incurring damage? national security and procurement policy at TechAmerica, said DOD is grappling with constrained budgets and the shift - ongoing effi ciency eff orts could benefi t troops on the ground, ing requirements of an evolving warfront, which would be especially when it comes to IT and acquisition reform. challenging in the best of circumstances. But the department Th at’s because reform eff orts typically involve delivering is also taking on major acquisition reform and wholesale IT technology in smaller, more frequent increments. “So driving integration as part of wider effi ciency eff orts. those effi ciencies and fi nding ways to get those technologies “We’re looking at the possibility of collateral damage,” deployed more rapidly and in a cost-effi cient manner all con- said Deniece Peterson, senior manager of federal industry tribute to supporting [the] warfi ghter — the two overlap and analysis at Deltek’s Input business unit. “IT hasn’t been called complement each other,” Hodgkins said. out as a specifi c target yet, but as DOD is looking to create Besides aiding DOD’s mission, acquisition reform could effi ciencies, IT could be impacted.” Her organization recently also benefi t taxpayers because an incremental approach to released a report, “Department of Defense IT and Acquisition buying can help get more bang for the buck. Landscape,” examining what’s at stake in DOD’s tug-of-war “Th e agile nature of identifying what we want to buy and between effi ciency and spending. buying in smaller pieces allows us to procure more eff ectively,” DOD offi cials argue that they have no choice but to pursue Hodgkins said. “We don’t have to buy the whole thing before the multiple eff orts in order to meet troops’ needs while maxi- deploying.” mizing precious, dwindling funds and keeping DOD running. Like Peterson, Hodgkins said he believes that to start reap- “Th ese reform eff orts — if followed through to comple- ing the benefi ts of IT and acquisition reform, the government tion — will make it possible to protect the U.S. military’s must get serious about implementing change and catching up size, reach and fi ghting strength despite a declining rate of to the speed of technology. And Congress must do its part by growth — and eventual fl att ening — of the defense budget improving the funding process. One option is to provide over the next fi ve years,” Defense Secretary Robert Gates defense agencies with revolving fund accounts, which off er said in January as he discussed his overall strategy for making more fl exibility than the multiyear acquisition cycle, he added. DOD more effi cient. “We have an 18th- and 19th-century budgetary process in Nevertheless, many experts say that although the drastic a 21st-century Information Age,” Hodgkins said. “We have measures might be necessary in the face of staggering national to change processes or we’ll never get to the point where debt and record defense spending, taking on multiple enter- we’re maximizing taxpayer dollars.” prisewide eff orts of potentially unprecedented scale is risky. S “Th e convergence of these factors could serve to either Amber Corrin writes the “Inside DOD” blog on FCW.com.

36 June 20, 2011 FCW.COM Client Computing 6WUDWHJLF5HSRUW

FFRUGLQJWRLQGXVWU\REVHUYHUV $ZLOOEHDWXUQLQJSRLQWDVIHGHUDO VWDWHDQGORFDOJRYHUQPHQWRUJDQL]DWLRQV LQFUHDVLQJO\DGRSWPRGHUQIRUPVRIFOLHQW FRPSXWLQJWRJDLQJUHDWHUPDQDJHPHQW FRQWURORYHU3&VDQGRWKHUGHYLFHV ,QDGGLWLRQFOLHQWFRPSXWLQJHQDEOHV DJHQFLHVWRJLYHHPSOR\HHVVHFXUHUHPRWH DFFHVVWRJRYHUQPHQWQHWZRUNVDQGLQIRUPDWLRQ7KDW¶VODUJHO\ EHFDXVHPRGHUQIRUPVRIFOLHQWFRPSXWLQJDOLJQZHOOZLWKIDU IOXQJRUJDQL]DWLRQDOVWUXFWXUHVZKLFKDUHFRPPRQWRJRYHUQPHQW HQWHUSULVHVRIDOOVL]HV Modern Client Computing Gains a Government Foothold Client computing has evolved to thin-client computing, which facilitates mobile access to an organization’s network resources for continuity of operations, telework and greater employee productivity, and it is taking hold in the public and private sectors.

USAID’s Virtual Desktop Infrastructure

The U.S. Agency for International Development is investing in a cloud- based virtual desktop infrastructure that will provide client-serving IT services for its workforce located around the world.

Understanding the Evolution

Public-sector organizations are finding that thin clients provide the best way to resolve escalating fat-client security and management problems. Thin clients eliminate the effort required to upgrade hardware and software, deploy applications, improve security, and manage regular backups.

Promoting Energy Efficiency

The pared-down design and features of thin clients, which often replace traditional desktop computers, cost less to adopt and run, resulting in smaller electricity bills. In addition, they have the less tangible yet still valuable benefit of being green technology. Best Practices for Deploying Modern Clients

Assess different delivery models for your organization, and avoid over- spending by picking a hybrid approach. Those are just two of several tips for public-sector organizations looking to deploy more modern thin-client systems.

Online report sponsored by:

Go to: FCW.com/ ClientComputingSpecialReport HOME PAGES:CYBERSECURITY

By WILLIAM JACKSON Will spear phishing kill e-mail as we know it? A slew of successful targeted the information being sought could be used to gain broader phishing attacks threatens access to company resources and as a steppingstone for att acks elsewhere if it went into the hands of a hacker. to undermine our trust in e-mail I have seen too many incidents of phishing attacks to be comfortable responding to e-mail requests like this one. It is probably a legitimate request, and providing a link to enable me to update my information is more effi cient than having a third party input the information. But the bott om line is that additional caution is called for in the current environment. he recent spate of high-profi le breaches of Th ere might be other ways for me to verify the e-mail and Tgovernment and contractor systems appears the link, but the simplest and most eff ective is to call the sender to be the work of sophisticated and persistent and ask him. It is an inconvenience for both of us, but it is pru- att ackers who are taking advantage of relatively simple exploits dent and bett er than having to admit later that I was phished. to gain access to high-value data. In one string of att acks, data Until we can assume that the e-mail that lands in our inboxes stolen from EMC’s RSA Security division was apparently used is trusted, it might be simpler to forgo using e-mail for such to access or att empt to access several companies’ systems. In business and instead use some other channel of communica- others, account information was stolen to enable access to tion, such as a phone call. communications. Th at would be a shame because e-mail, with its unlimited All the incidents appear to have started with spear-phishing length and ability to carry att achments and links, is a great att acks that tricked an end user into giving up information or medium for business activities. But with the bad guys capital- allowing the installation of malicious code that could steal izing on that convenience, security must take precedence. We data. Th at information was then used to conduct more sophis- might have to abandon our default trust in e-mail, at least for ticated att acks. a while, in the interest of risk management. It is simple enough to warn users that they should be care- S ful about what e-mail messages they open and respond to Staff writer William Jackson writes the “CyberEye” blog on GCN.com. and about downloading att achments or clicking on links. But socially engineered e-mail messages that use publicly available information to target users are making it more diffi cult for recipients to weed out the malicious ones. CYBER DEFENSE BASICS Th e routine use of e-mail for confi rmation and notifi cation of transactions has made it a trusted business tool, and even Even the most sophisticated cyberattacks use familiar otherwise cautious users tend to trust the medium. But until the exploits against well-known vulnerabilities, which in a technology for identifying phony e-mail improves, we should way makes IT managers’ jobs easier. consider messages untrustworthy by default — regardless of “Do the simple things well,” said C. Ryan Brewer, chief the subject matt er or from whom they appear to come. atTh information security offi cer at the Centers for Medicare means some legitimate uses of e-mail in our everyday business and Medicaid Services. That includes understanding lives will have to change. your network, monitoring it to provide near-real-time For example, I recently received an e-mail message in my situational awareness, and enforcing conﬁ guration and work account that appeared to be from a vice president of patch policies that are prioritized based on vulnerabili- IT and application development. Th e message informed me ties and risk. that I needed to update my profi le in the company directory. Phishing e-mails will always trip up overly trust- It provided a link for me to click on, enter my user name and ing users, but Brewer said you can make it tougher for password, and put in my contact information. attackers to move around once inside the system by Th e message looks legitimate and the link looks good, but ensuring that it is properly conﬁ gured and patched. I haven’t responded. I have few, if any, secrets in my fi les, but

38 June 20, 2011 FCW.COM CYBER DEFENSE DEALING WITH TODAY’S CHALLENGES — PREPARING FOR TOMORROW’S

SEPTEMBER 7-8, 2011 CRYSTAL CITY MARRIOTT AT REAGAN NATIONAL AIRPORT

THE PREMIER DEFENSE SYSTEMS SUMMIT will provide thought leadership ideas and best practices on key issues that impact the development and use of military information network systems which support the military’s 9,.0:;,9 war fighting enterprise. ;6+(@ The two-day program will focus on: (5+:(=, • Stuxnet Lessons Learned – Preparing for the Next Attack • Advanced Persistent Threats

www.defensesystems.com/summit

-VY4VYL0UMVYTH[PVU .L[[OL-YLL4VIPSL (WWMVY@V\Y7OVUL O[[W!NL[[HNTVIP HOME PAGES:TECH BRIEFING

By JOHN ZYSKOWSKI Will hidden costs kill consolidation’s payoff ?

Migrating software to a new data executives don’t know exactly how much they can squeeze their center could take a big bite out of hardware during consolidation and still provide a satisfactory soft ware experience for end users, said Michael Daconta, chief consolidation’s anticipated payback technology offi cer at Accelerated Information Management. Agencies are sitt ing on excess hardware capacity they thought they needed based on their end users’ original performance requirements. If they are lucky, CIOs can consolidate by using new virtualization technology to run most of their applications on far fewer servers, in eff ect calling users’ bluff . But if it turns out that some users’ applications do in fact here is no doubt that the federal govern- need that reserve hardware capacity to absorb usage spikes Tment can reduce many of its IT-related costs and if agencies don’t want to own that spare hardware, they by decreasing the number of data centers it will have to buy that capacity on a utility basis from the cloud, operates and drastically increasing the effi ciency of those that Daconta said. Th en you are talking about potentially rewriting remain. Th e benefi ts of using fewer, centralized servers — and applications to work in the cloud, and that means big upfront thus less energy to power and cool the equipment — are well expenses. understood. Th ose are the selling points of “It’s not clean math,” Daconta said. “Which Federal CIO Vivek Kundra’s governmentwide Migrating software option you take and how much real versus data-center consolidation plan, which he says Consolidation-friendly: imagined savings you get depend on under- can save more than $3 billion. • Native Web-based apps standing your utilization and current effi ciency Th e business case gets a bit murkier when • Java apps and what can move and not move.” it comes to the costs associated with making • Apps already running on a Th ere are other ways to mitigate soft ware consolidation happen. It’s not that the transi- virtual server migration costs. Th e Agriculture Department tion costs are impossible to nail down, but Consolidation-averse: is in the middle of a consolidation eff ort that it’s far from certain that every government • Client/server apps will reduce 43 data centers to seven. In the agency has a good handle on everything that • Local-area network apps project’s early stages, offi cials recognized that consolidation entails. • Apps highly integrated with older client/server applications that depended Th e area with the biggest potential for hidden others on fast local-area network speeds would suff er costs is the soft ware that provides the business if they had to traverse a wide-area network to functionality that agencies depend on — everything from e-mail reach a server relocated to a distant data center. and case management systems to procurement and fi nancial Rather than possibly incurring substantial upfront costs applications. How much would it cost, for instance, to rework to rewrite those apps for a Web-based environment, USDA potentially hundreds of soft ware applications so that they can offi cials deployed a more economical Citrix Systems terminal continue to operate on a new platform in a new location? emulation solution that allows those apps to function across Some observers believe the migration costs could be high a WAN until normal refresh schedules call for an application enough to be a deal-breaker. One Federal Computer Week upgrade, said Jim Steven, USDA’s data center consolidation reader, commenting online about an article on Kundra’s IT program manager. management reform plan, wrote: “Hardware has always been “We knew it was a nonstarter to come in and say, ‘You need chump change when it comes to overall IT dollars. What goes to spend $200,000 reprogramming your apps,’ because the in the box is the real cost. Th e reprogramming alone during money is just not there,” Steven said. these consolidations eat up much more [money] than any Nevertheless, as Steven and others point out, consolida- projected savings.” tion will no doubt require agencies to spend some money to People can debate whether the recoding expenses would save more money. Determining what those amounts will be really be that high, but most will acknowledge that soft ware is a is the hard part. serious cost-side variable that it would be foolish to take lightly. Part of the uncertainty stems from the fact that many IT John Zyskowski writes the “Tech Brieﬁ ng” blog on FCW.com.

40 June 20, 2011 FCW.COM INDEX OF ADVERTISERS CDW-G THE POWER OF CONTENT MARKETING www.CDWG.com/networking...... 2,30-33 Defense Systems Summit www.defensesystems.com/summit ...... 39 Dell Computer www.dell.com/feddatasolutions ...... 22-23 FOSE Expo www.FOSE.com ...... 43 Fujitsu America, Inc www.shopfujitsu.com ...... 44 GEICO www.geico.com ...... 10a -10b IBM Corp www.ibm.com/facts ...... 9 McAfee Corporation www.mcafee.com ...... 15 Extend communication into interaction with authoritative Qwest Communications content that delivers against your objectives and drives ...... 5-7 www.Qwest.com reader action. Content marketing allows companies to Verizon Wireless generate, or be associated with, content that is intrinsically www.verizonwireless.com ...... 29 valuable and engaging to target audiences. Go to: fcw.com/contentsolutions This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.

■ MEDIA CONSULTANT EXECUTIVE DIRECTOR, Debbie Chernoff CONTENT SOLUTIONS (510) 834-4217 Stacy Money dchernoff @1105GovInfo.com (415) 450-1817 [email protected] ■ MEDIA CONSULTANT Mary Martin MARKETING MANAGER (703) 222-2977 Mario Marzette [email protected] (703) 876-5067 [email protected] Alaska, Hawaii ■ MEDIA CONSULTANT Noreen Walker MARKETING (703) 876-5061 OPERATIONS MANAGER [email protected] Patrick Cole (703) 876-5104 ■ MEDIA CONSULTANT [email protected] ■ Tania Norris (410) 552-5899 PRODUCTION COORDINATOR [email protected] Lee Alexander (818) 814-5275 ■ MEDIA CONSULTANT [email protected] David Tucker (515) 256-0156 [email protected]

■ MEDIA CONSULTANT Matt Lally (973) 600-2749 [email protected]

©Copyright 2011 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions in whole or part prohibited except by writt en permission. Mail re- 1105 GOVERNMENT quests to “Permissions Editor,” c/o Federal Computer Week, 3141 Fairview Park Drive, Suite 777, Falls Church, VA 22042. Th e information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved CORPORA TE HEADQUARTERS in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. Media Kits: Direct your Media Kit requests to Mario Marzett e, Marketing Manager, 703-876-5067 (phone), 703-876-5059 (fax), mmarzett [email protected] Reprints: For single article reprints (in minimum 9201 Oakdale Ave., Suite 101 quantities of 250-500), e-prints, plaques and posters contact: PARS International Phone: 212-221-9595 E-mail: [email protected] www.magreprints.com/ Chatsworth, CA 91311 QuickQuote.asp List Rental: Th is publication’s subscriber list, as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact www.1105media.com our list manager, Merit Direct. Phone: 914-368-1000; E-mail: [email protected]; Web: www.meritdirect.com/1105

June 20, 2011 FCW.COM 41 BACK TALK

should be eff ective in convincing agency SOCIAL MEDIA: and organizational leaders of the importance and value of new initiatives.

LEADERSHIP Courageous trust Th is is the fl ipside of being trustworthy, and it’s a two-way street, said Jaqi Ross, a BY DESIGN communications consultant at the Inter- nal Revenue Service. Ross pointed out Hosted by Andrew Krzmarzick that “leaders have to be willing to recognize when and how they can let go, and GovLoop members suggest skills that are essential to the government’s employees need strong communication emerging leaders in social media. skills so they can earn the trust they need to do their best work.” What if you could create a troop of Greg Licamele, a public aff airs offi cer “Oh, and don’t forget courage,” wrote X-Men-style mutants that perfectly per- for Fairfax County, Va., agreed. “You Michele Bartram, manager of promo- formed the tasks of Web-based citizen need someone with good situational tions, publications and information sales engagement? Clearly, the Secret Service awareness of the whole agency/topic at the Government Printing Offi ce. “Since could use someone like that (and it might area,” he wrote. “Who are the people foraging forward in this brave new world very well have accelerated its research who know things both from the 30,000- without a safety net is not for the meek,” and development, based on recent Twit- foot [point of view] and in the weeds?” Bartram suggests that we paraphrase Gene ter trouble). Roddenberry and boldly go where no Jeff rey Levy, the Environmental Pro- Incredible influence one has gone before. tection Agency’s director of Web com- Employees at every level of an organiza- By now you’re realizing why these folks munications, recently asked GovLoop tion have the power to promote ideas might sound more like mutants. It’s likely members what skills are needed to per- that can help the organization achieve impossible to fi nd one person with all form well as a social media manager. its mission. those superhuman skills. Of course, that’s Although Levy’s question focused on Phil Sammon, a social media program why the X-Men form fi erce teams with social media, the conversation is infor- coordinator and public aff airs specialist complementary att ributes that — together mative for anyone who wishes to lead in at the U.S. Forest Service, said a leader — make them far more powerful. a world ruled by the Web. I have taken a crack at answering that INK TANK question before and suggested that there are six competencies of a Gov 2.0 leader. Th ese are people whose superpowers are being innovative, trustworthy, inclined to share information, team-oriented, intui- tive and task-oriented. I’m not asking managers to fl ing fireballs from their palms, and neither were the respondents to Levy’s blog post. Instead, they said the new breed of leaders should have other, more down-to-earth att ributes.

Peripheral vision Eliza Blair, a senior chemical review manager at EPA, said leaders need “to have a fi nely honed sense of the world around them, both from inside the bureaucracy (knowing what you can safely talk about) and outside (knowing what people want to hear).” Read cartoonist John Klossner’s blog at www.fcw.com/InkTank.

42 June 20, 2011 FCW.COM WALTER E. WASHINGTON CONVENTION CENTER WASHINGTON, DC | JULY 19-21, 2011

THE CHOICE FOR GOVERNMENT IT EDUCATION

FREE 3-DAY EXPO GET YOUR NEW! Agency Avenue FREE —Behind the scenes strategies and best practices EXPO PASS learned from real-world government IT implementations. TODAY! NEW! The Mobile Apps Experience—Live demos of the hottest apps for government! NEW! Education Theaters—FREE sessions presented by exhibiting companies on cybersecurity, defense innovations and government IT solutions. SPACE IS LIMITED—REGISTER TODAY!

KEYNOTES General James E. Dr. David McQueeney INCLUDE Cartwright Vice President of Software, Vice Chairman of the IBM Research Joint Chiefs of Staff

Steve Wozniak Martha Johnson Entrepreneur, Administrator, Philanthropist, and U.S. General Co-founder of Apple, Inc. Services Administration

PLUS…2-DAY CONFERENCE • Enabling the Mobile Government Workforce SIGN UP TODAY! • Cybersecurity, Network Defense & Information Assurance FREE EXPO PASSES • Next-Generation Infrastructure Strategies PRIORITY CODE NQ1F05 • Information Management & Collaboration

Get the free mobile app for your phone: http://gettag.mobi

Interested in exhibiting or sponsoring? Visit FOSE.com/exhibit or contact Ann Belz at PRODUCED BY: PLATINUM SPONSOR: [email protected] or 508.532.1411. www.FOSE.com Here’s the end of: “Sorry, if you GRQ·WÀQGDVRFNHW \RX·UHVWXFNµ

LIFEBOOK - with all-business-day battery life. %HPRUHÁH[LEOHDWZRUNZLWKD/,)(%22.QRWHERRNRU7DEOHW3&WKDWWXUQVHYHU\SODFHLQWRDZRUNSODFH %\DXWRPDWLFDOO\DGDSWLQJWRHDFKXVHU·VXQLTXHQHHGVLWRIIHUVJUHDWHUSHUIRUPDQFHDQGSURGXFWLYLW\ 6REDWWHU\OLIHLVLQFUHDVHGIRUDOOEXVLQHVVGD\XVH²VHWWLQJ\RXIUHH

:LWKJHQXLQH:LQGRZV3URIHVVLRQDO

www.shopfujitsu.com

%DWWHU\OLIHPD\YDU\GHSHQGLQJRQSURGXFWPRGHOFRQÀJXUDWLRQDSSOLFDWLRQVSRZHUPDQDJHPHQWVHWWLQJVDQGIHDWXUHVXWLOL]HG%DWWHU\UHFKDUJHWLPH depends on usage.

&RS\ULJKW)XMLWVX$PHULFD,QF)XMLWVXWKH)XMLWVXORJR/,)(%22.DQG´VKDSLQJWRPRUURZZLWK\RXµDUHWUDGHPDUNVRUUHJLVWHUHGWUDGHPDUNVRI)XMLWVX /LPLWHGLQWKH8QLWHG6WDWHVDQGRWKHUFRXQWULHV0LFURVRIW:LQGRZVDQGWKH:LQGRZVORJRDUHWUDGHPDUNVRUUHJLVWHUHGWUDGHPDUNVRI0LFURVRIW&RUSRUDWLRQ LQWKH8QLWHG6WDWHVDQGRWKHUFRXQWULHV$OORWKHUWUDGHPDUNVDUHWKHSURSHUW\RIWKHLUUHVSHFWLYHRZQHUV VKDSLQJWRPRUURZZLWK\RX