One of the many benefits of being the director of research at GTRA is that it offers the opportunity to speak candidly and off the record with countless executives from Defense, Intelligence and Civilian agencies who share what they really care about, not what mandates and initiatives tell them to focus on.
The result is a real-time snapshot of the most frequently made comments by federal IT executives, some of which may come as a surprise. Among the most frequently uttered comments I’ve received over the past few months, which may or may-not come as a surprise:
#1: “Doing more with less” is so 2011… now I am all about efficiency – As we all know, the federal IT community loves its buzzwords. The funny things is that while terminology may change frequently the underlying problems and solutions being talked about do not, which is exactly what is going on right now with all the talk of efficiency. It took most of 2011 for executives to go through the emotional roller coaster related to reduced budgets: shock, anger, frustration, venting (lots and lots of venting…) and finally, acceptance. Thankfully, executives are now looking forward and taking a more positive spin on the problem by focusing on how to create a more efficient government through technology. Rightfully so, OMB is working hard to push this trend by focusing on how cloud, mobility, shared services and collaboration can help achieve this. I’ve even heard more than one person tell me that budget cuts were a good thing because without them there was not enough self-motivation to focus on efficiency, a view I completely agree with.
#2: How do I know I can trust my vendors with my Data? - With executives becoming more familiar with the cloud and deepening their understanding of how it works, the sophistication with which they are discussing cloud security has also increased. The most savvy CXOs I speak with voice concern about the security of their cloud vendors as it relates to Data: Where is it stored? How is that data center secured? Who has access to that data and where are they located? How would a breach be handled in the event the data and/or perpetrators are located outside of the US? FedRAMP is a phenomenal first step in the effort to identify and qualify trusted vendors but many in the community are already asking for more sophisticated tools and resources to address this concern as mission critical applications like email (which often carries extremely sensitive data) move to the cloud.
#3: Big Data sounds cool, but…. – Almost on cue, Big Data is the latest word everyone likes to throw around to show how cutting edge they are, but very few executives I speak with truly understand it and even fewer are using it. What’s even more interesting is the number of times I’ve been told “Well to be honest, there is no mandate to use it so it’s not big on my radar.” As I said in last month’s blog, except guidance and initiatives to start rolling out over the next few quarters, but right now only the earliest of early adopters in federal IT are digging into the benefits and uses of Big Data. (That said, Big Data will bring big value in the near future so if you want to differentiate yourself from the pack this is a great way to do it!)
#4: I hate BYOD - “Bring your own device” initiatives across the government are the one area where I see the biggest gap between implementation and genuine support. Since I am from the “don’t fight it, manage it” school of thought as it relates to the ever-changing culture and demand of employees, I personally am a fan of BYOD. However, a surprisingly large number of executives I speak with say that while they understand why it’s being done, they feel security is being compromised by the rush to implement BYOD. Phones are not as big of a concern as tablets, which many say should only be used as remote terminals and nothing more. I don’t see the BYOD trend going away, but I do think it will take some more convincing before executives are fully comfortable with the idea.
#5: I finally get it… Security is about people and culture, not technology – Perhaps one of the most gratifying trends I have noticed is that an increasing number of executives are not simply uttering the word “security” and “risk management”, but seem to be maturing in their understanding of what it takes to build a truly secure organization. It seems the masses have begun to understand (and vocalize) that technology alone will not solve the problem. More than ever before I see IT modernization strategies which include significant focus on people, training, education, collaboration and culture as keys to security. Over the past several decades technology has been adopted without the proper due diligence on security issues, but as agencies move to the cloud they are proactively asking smart questions balancing technology, people and governance. I have several theories on why this is the case, but what’s most important is that this shift is finally happening to the delight (and relief) of many.
Parham Eftekhari is co-founder and director of research for the Government Technology Research Alliance, and currently “neck-deep” in research for GTRA’s June 2012 Council Meeting.