When the Department of Homeland Security hired Chief Information Officer Richard Spires three years ago, he became the seventh CIO in eight years tasked with bringing rationality to DHS‘s unwieldy IT fiefdoms – and delivering on a mandate for sharing information across the department.

Spires, a former IRS deputy commissioner in charge of operations, quickly set his sights beyond technology matters, persuading the department’s top officials that to succeed, it would take a functioning governance board and the commitment of top leadership to support that governance if DHS was to achieve those goals.

That effort, followed by a systematic portfolio review of every major IT program across the DHS, is clearly paying off, according to a Congressional report from the Government Accountability Office. The report, issued Sept. 18, generally praised the Department of Homeland Security for making progress in achieving its information-sharing mission. But it also cautioned DHS that further steps should be taken to continue that progress and improve its efforts.

The GAO auditors reviewed information obtained from customers of DHS’s information sharing efforts, including 10 of 77 fusion centers, where states and major urban areas collaborate with federal agencies to improve information sharing; 1 of 7 DHS operational components who participate in the DHS Intelligence Enterprise, ICE; and 2 of DHS’s 16 intelligence community customers, the Office of the Director of National Intelligence (ODNI) and the Federal Bureau of Investigation (FBI).

Investigators concluded DHS’s governance board is proving effective in enhancing collaboration among DHS components. The board has also developed and documented a process to prioritize some of the initiatives for additional oversight and support.

However, GAO said DHS needs to do more to sustain its progress: specifically updating its processes for identifying information-sharing gaps and the results; and analyzing root causes of those gaps. It also said DHS lacks an institutional record that would help it replicate and sustain

those information-sharing efforts.

The report also noted that funding constraints appear to be having a significant impact on DHS’s key information-sharing initiatives.

“Progress has slowed for half of the 18 key initiatives, in part because of funding constraints,” the investigation found, noting five of DHS’s top eight priority information-sharing initiatives

currently face funding shortfalls.

The governance board has not been able to secure additional funds for these initiatives because they ultimately compete for funding within the budgets of individual components, although the board’s involvement has kept some initiatives from experiencing funding cuts, according to DHS officials.

DHS’s eight priority information-sharing initiatives, as of September 2012, include:

  • Controlled Homeland Information Sharing Environment
  • Information Sharing Segment Architecture Transition
  • Law Enforcement Information Sharing Initiative
  • Common Operating Picture/User-Defined Operation Picture
  • Traveler Enforcement Compliance System Modernization
  • Private Sector Information Sharing Work Plan
  • Homeland Secure Data Network
  • Homeland Security Information Network
However, GAO also noted that “DHS has not yet determined the specific capabilities each particular program must implement for DHS to conclude that it has improved information sharing enough to achieve its information-sharing vision for 2015.”

Establishing the level of capabilities programs must implement could help DHS prioritize programs, and track and assess progress toward its vision, the report said.

DHS responded to GAO’s report, saying department officials concurred with GAO’s recommendations.

Fueled by the widespread adoption of increasingly powerful mobile devices, we are in the midst of one of the most exciting technology eras ever. Half of American adults now own smartphones and over 20% are already using tablets. This pace of adoption is unprecedented as the first Apple iPhone was only introduced five years ago with the Apple iPad arriving in just the past two years.

The rapid emergence of this mass market has shattered the cost constraints for going mobile for every organization, including government agencies. For a technology geek like myself, what’s most exciting is the opportunity this creates to untether knowledge workers from the desktop so that they can be equally effective in the field. Keep reading →

For any government organization, migrating IT assets to the cloud is a major one. Seductive claims float through government hallways about increased efficiency combined with decreased costs. The risks and rewards are discussed endlessly by CIOs, CFOs and IT managers as they struggle with slashed budgets and demands for more savings. At the top of the risk/reward pyramid is the potential for significant cost savings that will make the big shift worth all the time and expense. So, what more than anything else will ensure that cloud migration pays off? The answer is sound governance.

Keep Control, Capture the Gain

Without a clear and effective governance model guiding every step of cloud migration – from assessment through development and implementation to management of the new service-based infrastructure – you may end up just moving IT assets to a new place. To realize gains, you must first realize something else: when you migrate to the cloud you are moving into an entirely different control environment.

Moving from direct control of IT assets to service-based control is fundamental to everything that follows. It is not just a matter of purchasing space from a cloud provider. Instead, it is a matter of moving the functions of your organization to a service-based delivery model, which requires a new way of thinking about your business functions or mission. Who needs what, when, how much, how often and where? If you can’t measure it, you can’t control it; if you can’t control it, you can’t manage it. This time-tested saying explains the central importance of reliable governance.

The ITIL Governance Model

There is one proven governance model that is specifically suited to a move to service-based virtualization. Information Technology Infrastructure Library (ITIL®) is the global standard in IT Service Management, developed by the Office of Governance Commerce (OCG) on behalf of the British government. ITIL contains publicly available technical publications for the comprehensive planning, provision and support of IT services. Worldwide, ITIL is the most widely used best practice for IT Service Management. Adherence to ITIL can provide government organizations with the appropriate service orientation needed to effectively capture the benefits of cloud migration so they meet the universal mandates of economy, efficiency and effectiveness.

Unlike standard asset acquisition governance models, ITIL originated in and for a service-on-demand environment. This is of key importance, because government organizations migrating to the cloud find themselves in a new world where everything, from infrastructure to storage to security, is provided as-a-service (aaS). To realize the advantages and potential cost savings, an aaS mentality has to be adopted and guided by an aaS-oriented governance model, namely ITIL.

Surmount Obstacles

Typical obstacles for government CIOs pursuing a cloud migration mission are questions of why do it, what will migrate, when and at what cost, who will manage it, how and at what risk? A fundamental purpose of ITIL governance principles is to answer these questions and guide the migration around obstacles. This can be highly complex and should never be viewed as a turnkey transaction, just handing over control to a provider. Change management is built into the process and must be delineated and agreed upon in the Service Level Agreement (SLA) with the cloud service provider. Having ITIL governance as a guide helps ensure that the CIO stays in control and ends up with the reliability, availability, survivability and security his/her mission requires.

Stick to Principles

What are the guiding principles when considering moving IT assets to the cloud environment and when one wants to maintain control of the migration and capture cost savings?

  • Remember, you are moving into a service-based world-that is really what the cloud is all about, and IT budget savings is only a by-product.
  • ITIL governance metrics will help determine just what you need- don’t fall into the uneconomical mistake of just filling available cloud space.
  • Integrate effective change management throughout your organization to get the most out of migration-ITIL governance principles offer a consistent approach that helps limit risk.
  • Maintain focus on user and customer satisfaction during and after migration-apply ITIL best practices for service operation and continual service improvement.

Adopt a New Service Perspective

In summary, to realize the cost-saving and operational efficiency benefits of the cloud, organizations need to recognize and adopt a new service-based perspective, viewing all business functions through an aaS lens. One of the best possible ways to gain that new perspective is to adopt the ITIL governance model, which was designed specifically with service in mind. If you fail to accept a service perspective and just hand your IT assets over to a cloud provider without a firm governance model in place, you run the risk of simply moving assets without gaining the savings.

ITIL is a readily and easily available means to avoid the risk of lost savings. It provides a clear, proven roadmap to cloud migration. ITIL governance is what unites IT and business functions via services, and without it, a transition to the cloud is in danger of going off track. Any government agency would be well advised to at least perform a governance assessment before embarking on an IT asset migration. It is even possible ITIL is already in place in your enterprise and you may not know it.

Keith Rhodes (pictured above, left) is the chief technology officer for QinetiQ North America’s Services and Solutions sector. He can be reached at: [email protected]. Viswa Kumar (pictured above, right) is the director of quality and infrastructure standards for the Process, Quality Management & Training division of QinetiQ North America. He can be reached at [email protected].