July 21, 2006 • Volume 4 • Number 10

INFRASTRUCTURE CONSOLIDATION

Produced by the Trezza Media Group and the Flyzik Group
Broadcast on WFED 1050 AM Washington, DC and online on Federal News Radio
July 11, 2006

The Panel
From left to right:

• Mark Day, CTO, EPA
• John Johnson, Assistant Commissioner, GSA
• Hord Tipton, CIO, Interior
• Jim Flyzik, The Flyzik Group: Moderator
• Mary Ellen Condon, Vice President, Deputy Director at SRA Orion Center for Homeland Security, SRA
• Steve Picot, Federal Area Manager Advanced Technologies - Data Center, Cisco Systems.
• Charlie Havekost, CIO, HHS


JIM FLYZIK, THE FLYZIK GROUP:

During today’s show we will discuss critical issues facing government and industry leaders as we move to optimize government infrastructure. With me today on the show are Charlie Havekost, the CIO of HHS, Hord Tipton, the CIO at the Department of the Interior, Mark Day, the CTO at EPA, John Johnson, Assistant Commissioner of GSA, Mary Ellen Condon, Vice President, Deputy Director at SRA Orion Center for Homeland Security, and Steve Picot, the federal area manager for advanced technology data center at Cisco Systems. Let’s get right into the issues on today’s show.

First I’d like to start off by asking each panelist to give us a little overview of your involvement with infrastructure optimization from your relative perspective. Let’s start with John Johnson. John, I know over at GSA you have ‘Networx’, ‘Alliant’ and a lot of other responsibilities, but can you give our listening audience an idea of involvement in infrastructure optimization?

THE PANELISTS ARE ON THE FRONT LINES OF GOVERNMENT’S INFRASTRUCTURE OPTIMIZATION AND CONSOLIDATION EFFORTS

JOHN JOHNSON, GSA:

Sure Jim, first of all let me say good afternoon and thanks for having us here. I’d like to say at GSA our focus really is on leveraging the collective buying power of government. And as you mentioned we are working programs such as ‘Alliant’ and ‘Networx’ and we think that collaboratively, working with the agencies to identify the requirements, and working together we can leverage a tremendous amount of volume, so that the cost per bit delivered through the programs that we implement are going to be tremendous in terms of providing substantial savings. But there are other obvious benefits.

Obviously as we move towards consolidation and interoperability it will enhance information sharing across the government, which certainly will make us more viable. We can also leverage thought leadership in terms of the best practices across government to achieve the best infrastructure possible so that we are a much more capable enterprise.  

JIM FLYZIK, THE FLYZIK GROUP:

Great. And we’ll come back and explore a lot of those issues as the show moves on here. Charlie Havekost over at HHS, you have a lot of sub-entities and bureau-level entities. I would imagine that infrastructure consolidation is something that is seen as a way to optimize what you are doing over there. Can you give us some ideas on how you are approaching it at HHS?

CHARLES HAVEKOST, HHS:

Sure Jim. HHS is a big agency and at times we need to look at how to leverage that economy of scale. So we look at infrastructure optimization as a way to reach that economy of scale, to get good services and to also be able to deal with things like disaster recovery and continuation of operations in a way that a small project might not be able to, or a quirky sub-level, bureau-level project might not be able to. So we are looking at infrastructure optimization and consolidation.

Over the past years we’ve put in what we call HHS net, a common backbone for all our operating divisions at HHS. That makes it possible that actually becomes a lever that we can use to lure some of the programs to accepting and using other application layer services that go across HHS, like consolidated desk top support, consolidated email, consolidated financial systems.

In the past it was necessary, if we had to consolidate a system for the whole department, the various bureaus, the various heads of geographical areas had to drop point to point connections. With our combined backbone for HHS, we can put these department-wide applications on that backbone then each of the operating divisions automatically has access to it. It’s a real big plus for us.

JIM FLYZIK, THE FLYZIK GROUP:

Great. We’ll come back to some of the relative advantages and disadvantages and constraints. Let’s get an industry perspective here as we move along. Steve Picot, how does a company like Cisco approach infrastructure optimization and consolidation? Are you following the customer lead or do you have things that you are doing as a company to try and get out in front of this to come up with creative ideas?

STEVE PICOT, CISCO SYSTEMS:

That’s a good question Jim. We make a big point of innovating in the sense of we try to do everything to ourselves first, if you will, prior to talking to our customers about it. Cisco itself, from an IT perspective, has consolidated a very large enterprise down to just three data centers as well as providing real time replication, we’ve experimented with mobile devices and security, challenges that are associated with those, as well as just general network security when you have a local organization that’s highly web related.

Some of the points we heard earlier around consolidation involve the proverbial putting your eggs in one basket. This brings up any network security challenges, brings up separation of data challenges because people simply don’t want their data in the same physical space as someone else’s. Secure information sharing as well as supporting initiatives like telework and continuity of government operations.  So the network is the ubiquitous piece of everybody’s enterprise and so our job is to make that more functional, more secure and aligned with some of these initiatives that we have been discussing here today.

JIM FLYZIK, THE FLYZIK GROUP:

Great thanks. I’d like to go back in a little while and explore that security question when you go to consolidation and optimization. Mark Day who is the CTO of EPA but playing another role right now, he’s on detail to the Office of Management and Budget where he’s heading up the government-wide line of business for infrastructure consolidation and optimization.

Mark, that’s quite an awesome task to take on. Maybe you can give our audience an idea of how you are approaching that and the kind of things that you are working on.

MARK DAY, EPA:

Sure, good afternoon Jim and thanks for the opportunity to talk about what we are working on. The task force actually is managed by GSA and we have taken on the question of how do we create the right governing structure and the right tools to optimize both the services and cost of the IT infrastructure of the government.

We’ve looked primarily to the private sector to understand the things that they have done to optimize their infrastructure, we’ve looked around at state governments, they have many optimization efforts ongoing today and we’ve also looked at various agencies who’ve approached shared services, and their governing structures in order to improve both the service and the cost of the IT infrastructure. I think everybody today is looking for better service and lower costs. Our job is to deliver the tools and the structures to do that.

JIM FLYZIK, THE FLYZIK GROUP:

Great, Mark. I like the idea too of reaching out to get input and trying to get some ideas from industry, who is I’m sure anxious. And talking about industry, Mary Ellen Condon from SRA, Mary Ellen, how does SRA approach large infrastructure consolidation projects?

MARY ELLEN CONDON, SRA:

Thank you Jim for the opportunity to be here with your fellow panelists. SRA approaches it from the business perspective of the client. In other words, the most important part of infrastructure optimization and consolidation is service delivery. So understanding the business goals of the organization, the delivery, who their customers are, and what are the most important things are an element of that strategic plan.

And as you lay it out over time you bring in processes and tools that are standards based to provide the flexibility to do this incremental growth as well as to always be enhancing and improving service delivery.

JIM FLYZIK, THE FLYZIK GROUP:

Good, thanks Mary Ellen. Now Hord Tipton, the CIO at the Department of the Interior, now Interior is another one of those agencies with a lot of sub-entities where the challenges of consolidation of infrastructure and optimization is one that falls into the hands of a good strong CIO. Hord, tell us a little bit about how you are approaching that and what you are doing over at Interior.

HORD TIPTON, INTERIOR:

Thanks Jim and good afternoon. I’m pleased to be here on behalf of the most important bureau or agency of the government. Interior, a lot of people have an in depth knowledge of Interior, is primarily a land managing agency, managing about 25% of the land in the United States and about 30% of the water. Water is probably not a real good topic to talk about today so I won’t touch that one, but if you’ll pardon me, I’ll just give a description of the challenge that we have.

We are scattered out over 2,500 offices in a very decentralized manner. We have 8,000 employees, about 300,000 volunteers and seasonal employees. As an example of an infrastructure that we started with about 4 years ago, to put some numbers with a complicated topic, Interior was trying to operate through about 700 email servers and about 2,500 Web servers, 50,000 web sites, 2 million web pages.

And I still to this day have one bureau that has 200 data centers. So you can see that this gives some scope of the challenge and the opportunities that we have to do consolidation, to do standardization and to do optimization. So we are at this point dealing with some cultural issues and a lot of financial restraints that actually come with trying to take on a challenge that fast. But we challenged it and we’ve taken it on and look at it as an overall IT transformation program.

ADVANTAGES OF GOVERNMENT-WIDE INFRASTRUCTURE CONSOLIDATION

JIM FLYZIK, THE FLYZIK GROUP:

Great. You brought in that word culture and I’m sure that plays a major part in a lot of these programs as we move forward. I’ve got a question for Mark Day and John Johnson. Since you both have a government-wide perspective in the jobs that you are doing, what do you see as some of the advantages for agencies to join a government wide program such as the one you are leading?

Let’s start with Mark. Mark why would an agency want to go with a government-wide program as opposed to building its own infrastructure?

MARK DAY, EPA:

There are a number of advantages. First, in the way that the task force is approaching this particular issue. We are building an infrastructure of metrics that allow a manager to understand the price and the performance that they are receiving and to compare that to industry averages. The informed buyer is the most powerful buyer and we are providing tools to allow agencies to really understand what they are getting for their dollar. That’s critical.

The second thing that we are doing is creating governance models and processes that will allow agencies to aggregate their demand. Obviously when you have more demand and a larger volume you can command better prices you can work on better structures and then there are many agencies who solve problems. There is no need to spend the money to resolve problems bureau by bureau, agency by agency. We can bring together the best and let them provide services to others who don’t have to spend their time solving those problems.

JIM FLYZIK, THE FLYZIK GROUP:

Well said. John Johnson at GSA can you add to some of Mark’s comments?

JOHN JOHNSON, GSA:

Thanks Jim. It pretty much elaborates on what Mark had said. As I had mentioned before, we do leverage the government’s buying power. Today Jim for example, we serve about 135 different federal agencies in 191 different countries, providing everything from basic calling card service to IT services with embedded security. And working collaboratively with the agencies we’ve identified a very, very robust portfolio of service offerings within the ‘Networx’ program.

And it’s not just a matter of putting contracts together, we actually do analysis to determine whether or not we are actually achieving the best bang for the buck as I’ve mentioned before. For example today we believe that we are about 40% below the best commercial pricing, i.e. the pricing that a large corporation would receive as a result of aggregating their bucks.

So the reasons are obvious. There are obvious economic benefits. When you also include the intellectual capital that could be shared agency to agency to improve upon that, it’s an obvious benefit to the government.

HOW AGENCIES BENEFIT FROM INFRASTRUCTURE CONSOLIDATION

JIM FLYZIK, THE FLYZIK GROUP:

Great. Let’s hear now from the agency perspective at Interior and HHS. Hord Tipton, the reverse to that same question, how do you feel that an agency benefits from a government wide program or how do you look at that question of when to use a government wide program versus a department program?

HORD TIPTON, INTERIOR:

First of all you’d have to look at and check on various levels of government.  And with Interior, these people out of the 2,500 offices have a fear of me when I talk consolidation. Their culture kicks in at that level. And we have been through that experience that we really have to start your consolidation and collaboration and your explanations of the value that’s added by doing things in a more efficient and effective way at the bottom level.

There is some concern on occasions when we try to do this from the top down and jump immediately into it without actually doing what I look at as some staging on that. But when you get there, the savings are tremendous. In our first year, through enterprise agreements and collective buying, at the same time that GSA was working in that area, we saved over $100 million.

And that’s not pocket change for us.

JIM FLYZIK, THE FLYZIK GROUP: Right, that’s impressive. Charlie Havekost over at HHS, how do you look at government wide initiatives versus to agency wide initiatives and view that decision as a relative advantage?

CHARLES HAVEKOST, HHS:

This is an interesting question and a somewhat philosophical question: what services have been commoditized and can be sourced from an external entity and what needs to be customized and tailored to specific business requirements?

And I think folks spend a lot of time thinking about what needs to be customized and tailored and don’t think so much about what is the value of going to a more commodity solution. It is true that you can build a perfect solution in infrastructure and application for a small part of the organization but we also have to realize that 100 or 1000 times perfect, is from a more holistic view a very imperfect environment, a very fragmented and broken environment. We have to think about the advantages of using a commodity service that may not have exactly the bells and whistles that we would have built if we had built it custom ourselves.

We can have that commodity service, and we can get it from somebody else, we can have people who are more specialized than we can afford to have ourselves working on that and supporting it. We also can have our staff trained on a service or on an infrastructure that is used across a much wider audience and that training that we put into that staff in turn has more value because that staff are available in a research capacity for another part of the organization because they are familiar with the exact applications of the infrastructure that they are going to be using in a crisis.  

JIM FLYZIK, THE FLYZIK GROUP:

Great Charlie well said. We are going to take a short break and when we come back we are going to talk about some of the challenges of approaching infrastructure optimization. We’ll start with Steve and Mary Ellen from the industry perspective and then hear from our government guests.

INDUSTRY PERSPECTIVES

JIM FLYZIK, THE FLYZIK GROUP:

Welcome back. I’m Jim Flyzik and when we left we were exploring the idea of the challenges and the difficult challenges we are trying to overcome when trying to establish infrastructure optimization. Let’s start from the industry viewpoint. Let’s start with Mary Ellen this time. Mary Ellen what do you think are some of the most difficult challenges that you need to overcome to achieve infrastructure consolidation and optimization?

MARY ELLEN CONDON, SRA: 
 

Thank you for that question, that easy question Jim. If only it were that easy. The initial challenge is communications and understanding the culture of the organization and what they are trying to accomplish, because optimization for optimization sake is not going to sell.

What is the mission delivery that we are trying to accomplish? Then as you lay that out, there is an incremental process to get there. And then finally what Charlie was talking about before is going with COTS and that means using standards. (They) are very important in providing that flexibility and growth capability over time and to maximize the ability to utilize good costs when it becomes available. So that’s how we try to structure our approach and have had success doing that.

JIM FLYZIK, THE FLYZIK GROUP:

Steve Picot, I imagine Cisco has been involved in many, many programs and projects along these lines. What are some of the challenges you see and ways to overcome them?

STEVE PICOT, CISCO SYSTEMS:

I think we are developing a theme here. Obviously cultural and process issues are always a barrier when we come in with a technology solution, so Mary Ellen’s point. If the leadership of that organization is not prepared to, and the classic paradigm would be the ERP system, where an ERP system rolls in with best practices for work flow but an organization will then thwart that by modifying that to fit their older and in many cases more inefficient work flow.

That’s a case of process and culture beating technology and they win almost every time. Another thing is looking at areas of consolidation as an opportunity to move to efficiency. So in a case like a large organization or something like HHS where you are trying to consolidate numerous silos into 2 or 3 more secure information sharing organizations, you again run into the cultural issues because as I said earlier, it’s the I don’t want my stuff on their box comes into play.

CHALLENGES AHEAD

JIM FLYZIK, THE FLYZIK GROUP:

Been there, done that, we know that issue. John Johnson, I imagine with a program like networks, you bump into an issue or two along the way with a few challenges to get everybody on the same page. What do you think are some of the more difficult challenges that you need to overcome to move forward?          

JOHN JOHNSON, GSA:

Obviously Jim we want to buy what the customers want and what they need. And we work closely with the customers to make sure that we understand what their needs are and one of our challenges is obtaining a deep understanding of what our customers’ requirements are and we work hard at that. We had the interagency management council that we work with day to day to identify requirements for programs such as Networx.

We have other bodies with our other programs, our GWACs and our schedules programs. But understanding what they need and putting that in place is certainly a significant challenge and we plan to broaden that as time goes on now that we’ve expanded to the Integrated Technology Service addressing all of IT and network. But let me point out one thing that does come to mind when you speak of challenge and that’s the optimization activity that’s underway in terms of when we consolidate. That means that we need to be careful that we don’t optimize for economy only, that we look at the resiliency of the network in terms of its ability to respond in a crisis or an emergency.

JIM FLYZIK, THE FLYZIK GROUP:

That’s a great point John. I’m glad you put that on the table; that is so important. The old eggs in one basket issue. Hord Tipton, I guess with your agency being the most important agency in town doesn’t mean that all your sub units rush to consolidate, I imagine you bump into a challenge or two along the way; what do you see as some of your most difficult challenges that you need to address.

HORD TIPTON, INTERIOR:

Well funding does come to the top of the list, but we’ll save that one for a bit later. The first one is to convince the people who own well over a 1,000 systems scattered throughout our agency at this point, that there is a positive value for them to willingly come to the table and to help us to do more than to cut down on servers, but to provide better service.

Quality of service is very important. But they fear not only control of the boxes, they fear the disruption that comes with making a change.

Regardless of who is running the system or the infrastructure, or controlling the infrastructure, they don’t like to see disruptions in service delivery. And everyone is working more hours than they are supposed to be working on these things. And it takes time. It takes time to figure out how to do this correctly and people are just having a very difficult time finding enough time to do that.

JIM FLYZIK, THE FLYZIK GROUP:

Yes, the change issue and that fear of change and getting people to view change as an opportunity is a tough one. Charlie?

CHARLES HAVEKOST, HHS:

Well I want to amplify a bit on what Hord was saying and to even personalize it more. If you think about an infrastructure consolidation, an application like email, something that’s very commoditized these days, and you go to consolidate email and you talk to the person who runs the email server in a small office. And that person has identified themselves as an email server runner, an email service provider for that organization for the past, maybe 10 years.

And they are the voice of authority for email for that organization. Suddenly there’s a consolidation and that person first of all doesn’t know what it is they do next. There is individual career development issue for that person, and for that person it’s also very difficult to bring that person round and say that the consolidated service is OK.

And so that person is in some ways the voice of authority for email or any other service, and is maybe the mythmaker in that office. And they will say “oh well this consolidated service can’t do this” and that person is disincentivized to be happy about that consolidation. I think that’s one of the real issues to get to a consolidated environment that has had good customer satisfaction.

It’s something that we have to overcome with consolidation. We have to provide service that is above and beyond the call of duty in order to make that happen.

JIM FLYZIK, THE FLYZIK GROUP:

Well said, I think that issue is so important. We’ve seen it in just about every major program that we’ve done in the government over the past several decades. Where people just have this fear of change and fear of changing their day to day jobs. Mark Day – stepping into this government wide infrastructure consolidation, I would guess you bump into a few constraints and a few issues along the way. Can you add to the dialogue here?

MARK DAY, EPA:

Well, I think people have covered the constraints pretty well. I think that we have to deal with a couple of ideas. The first is: the senior executive of the business unit that owns the service today who is thinking about consolidation plays is primarily worried about one question; will my mission get done if someone else runs part of what I rely upon?

And they are very nervous that it isn’t their person that they are coming to, to get their email, to get their data center or whatever it is.

So I think in some ways we have to assure the senior executives in those business units about the service level, we also I think in some cases have to educate them on the service level that they have.

Being CTO of EPA I’ve consolidated many things and we have discovered people who thought they had good backup systems, they didn’t. We’ve found people who thought they had good emergency redundancy, they did not have those things, and the myth maker, as I think Charlie called it, sometimes perpetuated a myth that wasn’t exactly right, not out of intent, not out of maliciousness, but simply because they are the lone person by themselves working an issue they don’t always have the community of interest to know the best practices and to be part of a larger organization where they have more advancement opportunity and they have a broader range of sharing of knowledge.

So I think at the heart of this whole conversation is two things: convince the senior manager and convince the staff person that there is a future in the broader sense if they become part of a bigger solution.

FUNDING

JIM FLYZIK, THE FLYZIK GROUP:

I agree that comfort zone and job security issue and threatening thing. But you brought up a lot of points there, all of you did, we talked funding, security, getting management on board, senior leadership behind it. Hord you first brought up that funding issue, so let’s explore that a little bit. I know the old pass the hat routine sometimes doesn’t work very well.

You’ve got to figure out ways to fund these things and when you’ve got a consolidated program and different units that are part of the organization all have to contribute funding, it becomes a very difficult thing, especially in the government where the appropriations committees aren’t necessarily appropriating money in a way that makes it real easy to fund some of these efforts. But how do you approach it over at Interior and how are you guys looking at it? Do you have a model or some way of prorating costs that you guys use over there?

HORD TIPTON, INTERIOR:

There are two points that I’d like to make there. One, in creating an overall atmosphere of participating and actually getting help from your IT people, and system owners to actually participate in this, you do need to create an incentive. And at Interior, and I think with many of my colleagues, we do not have a direct appropriation for IT so we have to constantly point out that every dollar that we spend on IT has to be collected, monitored and reviewed from program areas. So if I buy a server it’s generally at the expense of a grazing program or a recreational program, of one of the many programs that we run.

So when we do have a success in referencing the $100 million that we first came with, if we can go back to the people that you got that money from in the first place and show them that here’s some return and share the wealth, if you will, and that trickles down to people in the field who all of a sudden can see some of their dollars coming back. That is a real motivator. When I talk with the bureau heads, it’s do you really want your Park Ranger running a web server off their desk? You hired them to be Park Rangers. Let’s start consolidating.

Well, Parks has been a good example of consolidating web servers. They went from 68 web servers down to 7. And they did that with just a little prodding and motivation and they put more people back doing their work that they were hired for.

The second point, and I’ll make this very quickly, is transparency. The better job that we do managing IT, the computers run, the telephones work, the radios and the systems are operating smoothly, we become transparent. And when you are transparent in today’s climate, there is a tendency not to fund that particular area, you go to the catastrophes, you go to the more pressing problems, if you will. So it takes a lot of work. It takes a lot of support from your senior management; you have to constantly have visibility in your program and reporting structures to let people know that you are continuing to add value and what happens if you aren’t around.                   

JIM FLYZIK, THE FLYZIK GROUP:

Great. And I like that point and I bet  that if you take a look at the Park Rangers you won’t find in their job description anywhere that they are to operate and maintain servers or networks. Charlie Havekost, how about you? I know when I was at Treasury I used to tell them it’s time to start dialing for dollars again. Let’s start calling up all the bureaus and calling up the Hill or whatever. But how about at HHS do you have a way of funding these consolidated efforts?

CHARLES HAVEKOST, HHS:

We do have a fund that is collected from all of our operating divisions for some of the department-wide initiatives that need to be done and that don’t have lines in the budget. That’s an important thing to do.

The funding on consolidations sometimes is really challenging because the folks who have the services being consolidated may not have accurately costed out what it costs them to run that service at a bureau or sub agency level. They may not have costed out the rent for the floor space, the HVAC, the particular fragment of every single person who spends time on that.

And then suddenly they are going to buy this service from a hosting or an infrastructure provider where it is well costed out, where there is an accurate SLA and there is an accurate price for that and they compare this accurate price with their past price which may not have been very accurate because of the things that were not included in the cost of that particular service. And we end up with an apples to oranges price comparison and sometimes that’s a little bit difficult to get through.

We have to figure it out and that’s an important part of every consolidation is to figure out how to describe that costing in a way that makes clear the value proposition to the organizations that you are going to be serving.

JIM FLYZIK, THE FLYZIK GROUP:

John Johnson I know that in GSA and the FTS program there’s the annual battles of the budgets and the funding and so forth and the agencies but GSA has been in this business for quite some time and do you see that using similar models with the networks? How do you approach the funding issue with GSA programs?

JOHN JOHNSON, GSA:

Well I am going to look at that a little differently than a CIO would. Obviously our CIO at GSA would have similar views as Charlie and the others do. When we talk about funding in GSA about some of the major programs that we have such as the ‘Networx’ or FTS 2001, we do have a fee structure. So we charge the agency a certain fee and that fee is used for our developmental activities and our acquisition activities, our implementation and operations activities.

The example is forthcoming transition for Networx we have built up a reserve account so that we will have some monies to offset the expense to move forward to the Networx environment. That’s always a contentious issue as you might imagine and we are always looking at that fee to make sure it’s at the right level in terms of we want to accomplish hoping that we break even at the end of the year. It’s a contentious issue and it continues to be.

In the schedule side ¾ % is maintaining the people there in the day to day management of that activity and the GWAC in the assistant areas is about 3 – 4 %. So we have various fees, it depends on what we are doing and we dialogue with our customers often about those fees.

JIM FLYZIK, THE FLYZIK GROUP:

Great, thanks. I know the fees are never controversial and everyone’s always excited about the fee structure. We need to take another short break and when we come back Mark I’ll ask you about how you are going to approach that funding issue as up move to the government wide e-Gov programs.

Break

JIM FLYZIK, THE FLYZIK GROUP:

Welcome back.  Before the break we heard a little about the funding issue from the perspective of our government folks, but before we leave that and switch over to security, Mark Day, when you step in to these e-Gov programs where you now have to approach a government wide activity such as this, funding is always a concern and I know a lot of agencies immediately see you and say oh – oh he’s going to be calling me up and get a chunk of my budget. Mark how you approach that in your line of business.

MARK DAY, EPA:

The truth is that I think many of the problems stem from some of the things that have been mentioned here. Accuracy of cost. We know what the formal data center costs, but the buyer of the hidden file server with the Park Ranger running it does not always know what the cost is. So we have to have accuracy of costs. On all parts, not just the formal parts that we manage well today. We need to see everything.

Second, any fee structure that we set up, and it has to be a fee structure that is based upon the service delivered, not an allocation scheme. Allocation schemes are always suspect, they are always subject to manipulation by others, and there is always a fear associated with allocation schemes.

The schemes that seem to work best in the private sector and in state experience and even looking at international markets, suggest if you have fees that are based on the actual cost of delivering the service, you do two things. You create transparency that people trust and they have an incentive to change behavior. We begin to have demand management and not just provision management. So the users have to understand how they can change things.

At EPA, let me just give you one quick example. We didn’t have a fee for service structure for a long time and when we introduced one into the agency, 10,000 phone lines disappeared in two months. People simply didn’t turn their phone lines off when people moved. There was no incentive to do so. When there was a fee of course they began to pay for it. So I think that’s part of the issue.

A final point I’d like to make very quickly is that many agencies have working capital fund or fee for service structures which allow small, very small profits, 2, 3, 4% and allow depreciation to be captured on equipment. We found at EPA we could fund many consolidation issues using that depreciation, using that small profit and we rolled over many of our consolidation efforts within those working capital funds.

JIM FLYZIK, THE FLYZIK GROUP:

Great, I like that working capital fund idea and I really like your point about pay for performance. You pay based on the services received. We need to switch over and talk about that security and resilience issue that have been brought up by a number of folks and their comments. Let’s get firstly an industry view point.

Mary Ellen, you had a reputation in the security field when you were in government and still carry that strong reputation, so the security issue is one you’ve been around. How do you look at when you trying to have these various missions and different functional areas with law enforcement and perhaps intelligence related, administrative traffic, and now you are going to consolidate them on one network? How do you approach that in security concerns?

MARY ELLEN CONDON, SRA:

Thanks for that question and yes, security is one of my passions. I think much of the comments today support the fact that there is good planning and good understanding in the business mission of the organization. And what really needs to be protected and how it needs to be protected. So number one is integrating your security strategy at the very beginning into your overall plan. As we use standards and COTS, we actually make it easier to have a secure environment. Customization often causes problems, unintended but it often causes security glitches.

The other thing is you use some of the classic things, compartmentalization when it’s appropriate, role-based access, but all of those features are easier to deploy and for the user to use in a structured environment, in which they understand the levels of service they are getting and how it’s being delivered. And together all these things provide a much better level of service and more secure, never perfect, but more secure to the end user.

JIM FLYZIK, THE FLYZIK GROUP:

Steve Picot at Cisco, I would imagine that this is a major priority for you too as you look at deploying networks you always want to be seen as having a quality service anyway and with quality the security comes along with that. Can you comment on the security issues that go along with consolidation?

STEVE PICOT, CISCO SYSTEMS:

With the network comes great responsibility and the network has typically been the entry point for some of the worst denial of service and virus attacks we’ve seen in the last few years. The Ninja virus was a classic example. About a year of productivity was lost collectively in the US from that and recovering from that. Let me give you an example of a solution to that.

We were asked by DOD about a year and a half ago to look at their coalition information sharing environment, they were spending a tremendous amount of capital on building multiple redundant and in many cases parallel networks to support these coalition environments that are involved in a lot of our current war operations. Cisco got together with industry partners, like Microsoft and EMC to develop  applications that encrypt data and put together a reference architecture that not only works on a perfect world scenario, but you can roll into an existing scenario and add defense in depth; things like Mary Ellen brought up, role based access controls, the ability to secure mobile devices as well as data centers and we’ve had this thing in place for about a year and a half now at central command and have just gone through a first round of ethical hacking and we passed with flying colors.

So I think that there’s very much the capability in the industry right now to go into legacy environments and apply some best practices and have a very secure environment both from a data at rest perspective as well as people roaming around with laptops.

JIM FLYZIK, THE FLYZIK GROUP:

It’s nice to hear you’re talking proactive too. In security it always seems like we are reactive, constantly chasing after fixing the problems. Let’s hear from the government. Let’s start with Hord Tipton, Hord the security resiliency as you go into infrastructure optimization, does it become a bigger problem, how are you addressing this?

HORD TIPTON, INTERIOR:

No actually I think it becomes a much smaller problem and for that reason we use security as a primary driver for either consolidation or, probably more importantly for standardization, which leads back to your architecture. And in developing an architecture we added just this year a particular module for architecture on security. We wanted to make sure that that was in synch with our security policy and that we’ve looked at our organization as a whole.

If we have a good security pattern that works in one particular application, we want to use it in as many places as we can. And my theory is that it also is a huge cost savings in terms of maintenance and headaches because I would much rather patch 7 servers than have to patch 68 servers in that area at least. The savings on that are just huge and the security in my mind is actually accelerated.

In our case I inherited a situation in an agency that information is one of our biggest products and the culture of our people is to put information out for the public. We are not a national defense agency and our people are not trained nor were they trained in the notion of having to protect themselves from hackers and the threats that we face today.

So we’ve had to change that attitude and in doing that we’ve had to harden perimeters, we’ve had to harden applications and just do a lot of huge things that people right now were wondering at the time at least, why are we spending so much money to do this and now I think it’s becoming obvious with all of the instances of recent, that why are we spending $3.5 million per year on security to $40 million is not such a bad idea. It may have been a pretty decent investment after all.

The last thing I will mention is when you start getting your security to the point that you think you have it well architected, you have a good operational plan in place, then you are thinking about the people and you will never get a risk based management scheme, as security is, eliminate all these things because of that people element.

So I have put a huge emphasis this year on training. Security awareness, role based training for IT specialists, and how do you know when these people are trained? How do you know when they are at least at some capable level of being able to do what they claim they can do? So we emphasize certification in the appropriate areas. I had for example I think it was four CISSPs, Certified Information Systems Professionals coming into Interior 4 years ago. Today I have 106. And that’s kind of the way we bench mark. 

SECURITY

JIM FLYZIK, THE FLYZIK GROUP:

I tell you that people issue too with training, it seems like over the years whenever budgets get cut training budgets are the first ones to go and I’m glad to see you prioritizing that. Mark, is security going to be a concern in your line of business?

MARK DAY, EPA:

Well I hope it is. If not we are missing the boat on one of the key service components of this whole thing. I find that security is a seller. Hord made the point and I think that it is true. Ask any agency manager anywhere, do you want to be responsible for the security and privacy data or would you like me to do that for you? And I think you’ll find many of them quite willing to entertain that conversation.

We had a very tough audit at EPA some years ago and got ahead of the curve because of that very tough GAO audit. We found that it is a people issue, explaining why in the early years was very tough. People did not want to spend more money on security and I think that when we build shared services across the government there will be a resistance sometimes because price includes security when it’s well done. And sometimes it’s easy to do it cheaper when you don’t have all the tools correctly identified.

JIM FLYZIK, THE FLYZIK GROUP:

Charlie Havekost?

CHARLES HAVEKOST, HHS:

I think there’s a real opportunity in infrastructure consolidation to enhance security because the consolidations cause the security to become more formalized. When somebody’s running a business system in their office there may be things that they take on trust. There may be things that are implemented by somebody who works for them that are not nearly as formalized, as written down, role-based access, things that are necessary for security.

Sometimes it’s easier to overlook that when you are running the service yourself. When you are buying the service you are very concerned about the formal IT security that’s associated with that service that cause people to be better consumers of security when they are consumers of these consolidated infrastructures.

It just makes people look at that more. In the service that I’m buying, what is the security there, what am I buying for my security? That’s a question that if you are funding a system in an office or bureau that question may not be asked as exclusively.

JIM FLYZIK, THE FLYZIK GROUP:

Very well said. John Johnson. Resiliency and security have to be major issues for you. How are you approaching those?

JOHN JOHNSON, GSA:

As you know Jim, I came from the Defense Department and worked on the early Defense Information Systems Network at the time we were working with the joint staff to develop the requirements, or actually implement the requirements for the DISN at the time. And it was interesting for me to move from DOD from a command and control environment to FTS and look at what FTS provides the agencies and what contracts and what DOD was building in a command and control environment.

And what I noticed when I first arrived was that FTS was looked at as being a kind of a plain old vanilla telecom provider and the organization has really transformed itself in terms of getting really seriously behind our unique requirements to identify security, or invent security within our proposals or our contracts. Today we have tiered security that we’ve identified in the ‘Networks’ program so that agencies can identify the degree of security they require from the infrastructure perspective and order it up that way.

We are trying to make it easy for agencies to move in that direction. And we’ve seen, we’ve witnessed some improvements in that area. SSA has ordered up a certain degree of security through the FTS2001. We’ve put in place tier 2 security and tier 3 security and now we are working with DHS.

So FTS and now soon to be the Integrated Technology Service with the combination of FSS is looking very seriously and has looked very seriously at security and has embedded security within our product line. My main concern, however, is this: is that while we have done that we need to make sure that we have the governing structure in place and I think Mark mentioned that, to ensure that it remains relevant, that what we’ve done remains relevant over time as the risks increase.

FUTURE VISION

JIM FLYZIK, THE FLYZIK GROUP:

Great. Panelists, we are down to about 2 minutes left for our show today so what I’d like to do is get to each one of you for a final last thought on the subject. Maybe thoughts for the future, where we are going. We will just quickly come right down the table and we’ll start with Hord Tipton. Hord, what is your final word on the subject for us today?

HORD TIPTON, INTERIOR:

Well, just real quickly, we started IT transformation 4 years ago at Interior. That consisted primarily of consolidating 13 networks, stemmed into 1 wide area network, we call that Phase 1. We’ve now extended that down into control over our bureaus. And going into Phase 3 as we speak will be the effort it takes our optimization, consolidation and standardization effort right down to the desk top.

JIM FLYZIK, THE FLYZIK GROUP:

Great. Mary Ellen, your final thought.

MARY ELLEN CONDON, SRA:

I see this process as an evolutionary rather than a revolutionary process, it makes it more important that standards and governance and flexibility and integration of these things be an ongoing thing, it’s not a one time experience.

JIM FLYZIK, THE FLYZIK GROUP:

Good, well said. Mark?

MARK DAY, EPA:

Well bottom line is that mission and services to the citizens is enhanced because agency managers are good buyers with solid information about their IT infrastructure. Staff are focusing on the most important information management issues, not running commodities; and the federal government is getting the best deal for the buck.

JIM FLYZIK, THE FLYZIK GROUP:

Great. Steve?

STEVE PICOT, CISCO SYSTEMS:

It’s clear that industry and government need to stay in lock step and technology leaders need to understand where the developments are and industry needs to be proactive in bringing those solutions to the government. We can’t just jump on the fire of the moment.

JIM FLYZIK, THE FLYZIK GROUP:

Charlie Havekost.

CHARLES HAVEKOST, HHS:

I have to say a word to anybody out there who is thinking how is this consolidation going to affect my career? That’s a really important question and you need to think about how consolidation is giving you the opportunity to take that next step up in your career, perhaps to work in an area that has a broader impact than just your office or bureau.

JIM FLYZIK, THE FLYZIK GROUP:

Great. John, you have the final thought on this subject.

JOHN JOHNSON, GSA:

Well thank you and I’ll use that as an opportunity give a commercial and that commercial is this: we are getting ready to undergo the largest transition in the history of the government in terms of moving from the FTS 2001 environment to ‘Networx’. Rather than look at it as a transition, you’ve got to look at it as an opportunity to transform. Take advantage of the services and technologies that are out there, the security requirements that are embedded and use our energy and time to really make a difference.

JIM FLYZIK, THE FLYZIK GROUP: 

That’s great John, that’s precisely the last point I’d like to make. The purpose of the show here, which I hope we’ve accomplished, is to help government and industry work together to solve some of our nation’s critical programs and relevant issues and I want to thank the guests for all being here.