3 CIO Insights on Cloud, Security and Mobile

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

Government security and the need for more collaboration was the focus of many of the discussions this year at the semi-annual Government Technology Research Alliance Summit, which took place at the end of November.

I really love the GTRA events because they bring together many government officials, and they seem to feel a bit freer to talk, mostly openly, about technology topics that touch government. The winter forum this year focused on security in various areas like mobility and cloud, and even a few rarely discussed areas such as the supply chain.

One of the most discussed topics at the event was the adoption of new technology like cloud computing and mobile applications, and the dire need for the federal government to share and collaborate on security data governmentwide. The consensus seemed to be that without that collaboration, there is no united front, and some agencies are always going to be falling behind.

Some newish technologies like cloud have started to be embraced by some federal agencies, though many still struggle with it, especially in terms of security protocols and policies. Tim Rapp, information and education technology chief information officer for the Uniformed Services University of the Health Sciences, spoke about how he sees cloud technology in government following a similar but slow path to acceptance as other technologies before it.

“If you rewind 10 to 15 years ago, I think it’s very similar to how wireless was viewed,” he said. “If you rewind seven years ago, it’s very similar to the way mobile devices were viewed. As a security approach to these things, I think the initial reaction was ‘our policy is no, don’t have it, don’t use it, our policy is that you’re not going to be allowed to,’ and now this is happening with the cloud and we have to deal with it.”

Many officials stressed the need to receive security data from larger agencies. Environmental Protection Agency CIO Ann Dunkin said smaller organizations like EPA needed Defense Department expertise to make their networks safer.

“The DOD’s security budget is more than half of the EPA’s entire budget, so it’s just absolutely critical for smaller agencies, like EPA, to share data,” she said. “We can’t possibly gather even a small fraction of the intelligence that our counterparts at DOD and larger agencies can, so we’re very reliant on other agencies to help us out with all ranges of data to help us be more secure. I think that’s the most important thing for us because 99 percent of the time, we are the recipient, though occasionally, we’re able to provide data back that is useful to the rest of the government.”

DOD Principal Deputy CIO David DeVries says DOD is happy to help other agencies as much as possible.

“Ten years ago, only DOD cared about data security, and now the question is, how do we share information so that everyone can take the right stance on it?” he asked. “Because together, we’re all facing enemies that come at us every second of the day.”

And that security data being shared throughout government should probably focus on the big picture, especially so it can be most useful to civilian agencies.

“I think when we start giving special attention to these little knickknacks here and there, I think we lose focus of the fact that what we really need to be looking at is, what are the enterprise approaches?” said Carlos Segarra, chief information security officer for the Department of Housing and Urban Development. “I don’t think we need to be focused on individual items within the realm of things we need to secure. I think we need to be focused on something much larger. How do we manage identity? How do we manage connectivity? How do we manage the networks? What are the things we’re doing at enterprise levels that will ultimately secure these things?”

And the security concerns at the federal level are multiplied for state and local governments, where even the small security budget talked about by EPA’s Dunkin would probably be considered lavish. Craig McComb is the IT manager for Montgomery County, Ohio. Until 2013 he worked in the federal government, including as the CIO for the Air Force Life Cycle Management Center at Wright-Patterson Air Force Base. He talked about the problems of deploying technology without first understanding how to secure it, as was done in his state when iPads were issued to Children’s Services caseworkers and Adult Protective Services field employees.

“So our concern is, now we’re carrying around citizen data, which is stored in state-run and managed systems with 240 iPads deployed that weren’t secured up front,” McComb said. “There’s some applications that we run that will not work on AirWatch and will not work in that secure environment. The focus right now is just on trying to stabilize and optimize infrastructure because leadership over the last 12 years thought infrastructure was too expensive.”

Government collaboration on security issues may not be a silver bullet, but it would at least go a long way to helping government deploy new technologies more quickly and securely. It will be interesting to see if any headway on that is made by the time the next GTRA forum rolls around in May.

(Image via Maksim Kabakou/Shutterstock.com)