Can data be protected through shared services?

Lloyd McCoy Jr.

By Lloyd McCoy, DOD manager

Any guesses on how much data is generated every year by government and government-related apps? More than 1,000 billion bytes. It’s a staggering number.

Naturally you wonder how is all of that data protected? How do we protect the information that makes our electric grid, air traffic, voting processes and other government-controlled functions keep working safely and reliably?

One obvious answer is to improve the way services are shared between government agencies – and between government and private industry.

The First Step—Understand your Processes

While shared services seems to be the only way to ensure data security in government processes, it also raises many questions. How should these services work? Should there be shared sensors among agencies? How do you address information flowing to and from Trusted Internet Connections (TIC)?

The issue gets particularly thorny when considering IT modernization (not just modernizing legacy systems, but the entire government IT infrastructure). It’s important to be able to analyze risk with shared services, particularly when agencies are making procurement decisions. Right now the only “risk” being considered in IT procurement is financial; the risk to mission fulfillment is not necessarily tied back to the process.

Late last year, a government symposium brought together government experts to discuss the state of shared services in government.

Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications at the Department of Homeland Security, said the agency will continue to use its influence to encourage industry to adopt new cybersecurity processes. That means being able to identify critical systems and infrastructure, and prioritizing which of these systems are to be defended.

It also means understanding who is involved in delivering those services, the infrastructures connected to those services and every party connected to that infrastructure. “We shouldn’t accept the fundamental way a network works,” Manfra said. Better knowledge of the processes is the only way to keep bad actors at bay.

Shared Service ROI Demands Complete Participation

So down the road, mission risk will become increasingly important. For now, however, the measure of success for shared services still centers around return on investment. That return is directly related to complete involvement by every organization that touches relevant information, processes and infrastructure.

Almost by definition, shared services cut across every aspect of an organization’s IT needs – from email to data centers to cybersecurity. When agreement is reached across the board, the return on investment can be considerable.

The Department of Commerce is enjoying “tremendous success” from shared services, in terms of increased efficiency, productivity and cost savings, according to the agency’s acting chief information officer/chief information security officer, Rod Turk. Similarly, the U.S. Trade and Development Agency is moving email, network drives and collaboration tools to the cloud. Benjamin Bergerson, that agency’s CIO, estimated a return on investment of $4.6 billion from a base procurement budget of $75 million.

That kind of ROI is always at the forefront of thinking in federal procurement of shared services. U.S. Trade and Development stressed that because “information lives everywhere,” solutions can’t be stove-piped. “We have to be smart with requirements, auditing and follow-through,” Bergerson said.

In shared services, everyone in government needs to be all in. Agencies have a responsibility to transition completely to the shared services model when it becomes available. Costs can go up if any organization drops out. And if ROI can’t be demonstrated at the outset, you’ll lose interest. Lose that interest and the concept simply won’t work over the long haul.

For organizations with small budgets, government experts seem to agree that practically the only way to ensure ROI on IT procurement is through shared services. Acquisition cycles must allow for the purchase of technologies and services that are shared. Processes within business units must adjust to that mindset, and move from the ingrained preference for customization.

There are still some issues to be addressed before everyone will be fully on board with the idea of shared services in government. But because the government is increasingly moving to the cloud, the sooner everyone is on board, the sooner government as a whole will realize the benefit.

This blog originally appeared on the Government InfoSec blog on the IDG Contributor Network.

Want more insight on IT trends in the public sector? Subscribe to the Government Sales Insider blog.

About Lloyd McCoy Jr.
Lloyd McCoy is the Department of Defense Consultant on the Market Intelligence team. Prior to working for immixGroup, he worked in the public sector as a senior analyst with the Defense Department. Lloyd primarily monitors and analyzes issues relating to the Navy/Marine Corps, Defense Health Agency, and the Defense Information Systems Agency

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: