When Allen Hill joined the Federal Communications Commission just about two years ago as its chief information officer, he faced a common challenge. How could he move away from outdated technology to provide the commission’s internal and external customers with modern and seamless services?
To accomplish that goal, Hill has been focused four specific areas to modernize the mission areas, including modernization, operational efficiency, full stack observability and zero trust architecture.
“How do we bring in the technologies and optimize them? For example, we have moved out three-fourths of our servers of the data center. We had about 1,200 when I came here and now we are in a multi cloud environment. We’re going to finish the rest by end of year,” Hill said during a recent webinar sponsored by ACT-IAC, an excerpt of which appeared on Ask the CIO. “We are creating operational efficiencies. So, for example, we have, in the case of where we may have 90 something servers that were performing a function and we were able to collapse that down to less than a dozen. That brings value to the taxpayers, and then also getting the visibility we need. So doing that full stack observability, we are seeing everything we need for telemetry, and then using that intelligence comes from for the zero trust.”
As part of this four-pronged modernization approach, Hill, who joined the commission from the General Services Administration in July 2022, said the FCC’s enterprise architecture and gap analysis are helping to guide them to their future state.
“We also did a gap analysis, where we have capabilities and what do we need to fill? That gave us the focus and where we go next,” Hill said. “We are taking a portfolio product approach to how we manage our enterprise, and getting out of the capital expenditures approach and into an operational expenditure approach because funding cycles can be vicious as can contract and acquisitions. I’m very much a believer of anything as-a-service. The cloud business model has shown that approach can deliver technologies much faster to us and keep us up to date.”
FCC got rid of 900 servers
To that end, Hill said the FCC has nine active sponsorships under the cloud security program known as FedRAMP.
Over the last two years, Hill has used the savings from each of the focus areas to modernize the FCC’s capabilities and get out from under technical debt.
He said when he arrived at the commission, he had to figure out the fastest and easiest way to get out from under the old technology.
For example, the FCC moved about 900 servers out of the data center as part of a massive network upgrade. Hill said now the FCC is using a software-defined network that will further support its future state.
“Whether it’s platform-as-a-service or software-as-a-service, even getting into serverless environments, microservices and things like that, we were very deliberate in that process of bringing on a team of folks to help us that has expertise that both technical and business,” he said. “In our rationalization document, the first thing it says is I need an inventory of everything. What is the hardware? What is the size? What software are we running? Then going through and saying, how do we rationalize it? Not just rationalize from a technology perspective, but also from what I call the 360 degree view. There’s the business side, there’s the technology side, there’s the budget side and there’s the acquisition side, and then being able to see holistically everything we need to account for, and then laying out where we had 10 different stage gates to what we did to get between the initial contact to the put into the cloud and being very deliberate.”
Moving away from the FCC’s legacy technology wasn’t a simple “lift and shift” either. Hill said his team split the current applications into three categories: those that could easily be refactored and moved to the cloud, those that needed some minor updating before moving to the cloud and then those that needed a major upgrade before they could move off premise.
Getting the data to support zero trust
Hill said that effort required the FCC to go through an application rationalization effort as well as understand the integrations of each tool.
“It’s called reengineering, but we want to minimize how we take old technology and put it in some type of container that’s keeping the old technology. We want the technology to be able to be used in native state in the cloud,” he said. “We want to get to the modern and operational efficiency aspects of the technologies and take the old technologies and collapse them.”
Hill took a similar approach to implementing zero trust, staring first with creating the full stack observability.
Hill said today he can go in and see down to the data level, getting granular to the application level where everything is happening.
“Why is that important? Because I can now see the kind of telemetry that feeds, from an operational perspective, information that is important for operational control if there’s a problem from a security perspective,” he said. “The speed that vulnerabilities come out when it’s first discovered to the cyber defense designation to it being patched is too much of a gap. We’ve got to get a point to be able to see East West movement. So that full stack observability gives us the kind of telemetry we need to do the automation so we can get real zero trust capabilities stop East West movement before it starts.”
Full stack observability is more than security. It also helps the FCC address network latency and other performance issues.
Hill said the tools help the FCC deliver a better customer experience to its users.
All of these technology upgrades over the last two years set the foundation for the FCC being able to deliver new capabilities to the mission areas.
Hill said the focus on having an infrastructure or platform approach in the cloud to provide tools or services is a major culture change for the commission.
“We’re going to look at it and say, what is the technical stack that we need to bring this together to reduce our footprint, and then take that cost avoidance and allow us to begin to continue to move and other investments we need because we have a backlog of demand that we need to invest in?” he said. “How do we reduce our costs and at the same time take that cost avoidance and reinvest it in other capabilities to deliver the services? What we don’t want to do is to make our offices and bureaus go out there and buy a capability. We want to buy capabilities that use enterprise delivery approaches that can fulfill a broader audience than just a bureau or office.”
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.