CIOs: Use the Cloud, or Else?


If you’re responsible for managing your agency’s IT and you haven’t moved applications to the cloud, at least one CIO thinks you should get the ax.

If you’re responsible for managing your agency’s IT and you haven’t moved applications to the cloud, one agency chief information officer believes you should get the ax.

“As a business person, not a career government person, I believe that if you’re the CIO of an organization . . . and you’re still writing code and custom developing applications in Java or investing in data centers, you should be fired,” said Joe Paiva, CIO at the International Trade Administration. “Summarily fired.”

Paiva spoke Wednesday during a panel discussion on cloud computing hosted by the Advanced Technology Academic Research Center.

“Our job is to fill gaps in the marketplace, not to compete with it,” Paiva said. “If anyone in this room believes the government can run a data center better than Amazon Web Services or Microsoft or Google, they should have their badges revoked.”

Still, there was far from a consensus among panelists.

Mark Schwartz, CIO of U.S. Citizenship and Immigration Services, pushed back on the issue of custom development, adding that many agencies, including CIS, are forced to customize applications to make them fit mission requirements or needs.

And while Paiva argued customization could lead to security vulnerabilities, Schwartz said it’s not prudent to expect every out-of-the-box solution to fit in perfectly with existing systems and applications.

Schwartz acknowledged flaws in the way federal agencies migrate to the cloud and how they handle IT security in general.

Security packages, for example, shouldn’t only amount to manually testing, he said. Such processes ought to be automated, freeing up employee hours for more productive labor. The Federal Risk and Authorization Management Program continues to modify its approach to authorization security packages.

“There’s a lot of waste in the system right now,” Schwartz said.

The panel also addressed culture change, perhaps the toughest nontechnical challenge toward implementing emerging technologies.

New approaches – even ones backed by solid business cases – can face criticism from risk-averse execs and decision-makers, and sometimes rank-and-file employees, too. Not to mention backlash from contractors who may view innovative approaches to IT dilemmas as threats to their revenue streams.

“Sometimes, you’ve got to take the heat,” said Chad Sheridan, CIO of the Agriculture Department’s Risk Management Agency.

Forward-thinking CIOs, he said, are going to challenge old ways of doing things and that can upset some people.

When asked for tips on navigating relationships among contractors, contracting officers, vendors and other personnel, Sheridan replied, “I don’t know, I think I find a way to piss ‘em all off.” He added that developing relationships among bureau- and department-level leadership is probably more important than policies.

“It’s all about people,” Sheridan said. “It doesn’t mean we don’t need to have policy or follow regulations. But how do you work with your bureau CIO and department level CISOs and CIOs? The more we reach out, the more we partner,” the better off we’ll be.

Good CIOs, it seems, are bound to ruffle feathers, and that isn’t necessarily a bad thing.

(Image via /