The secret to FITARA compliance
- By Mike Walsh
- Feb 15, 2019
Even as agencies continue to struggle to do better than status quo compliance with the annual Federal IT Acquisition Reform Act, the next self-reporting period is looming. Instead of creating strategies to force-fit legacy systems into compliance, agencies might do better by starting over.
From a contractor’s perspective, that probably makes sense. Retrofitting new equipment into a legacy infrastructure is considerably harder than helping an agency design and cultivate a new service delivery model.
Before anyone takes offense, let me say that “starting over” here means rethinking the age-old approach to IT infrastructure and creating a strategy that offers a glide path for transitioning into next generation, DevOps-based solutions. This transitional approach is more likely to offer rapid, demonstrable results to get toward compliance more easily, and advances your previous efforts.
The “Cloud First” and “Cloud Smart” initiatives intended to bring federal infrastructure into the modern day create an ideal opportunity for a fresh view, regardless of current investments.
Will it be possible for agencies to see success before the next FITARA reporting period? Not through to completion, perhaps, but this approach will enable agencies to hit measurable milestones that may have been missed previously.
The way forward to FITARA compliance is through open networks, open standards, and a paradigm shift in the architectural approach (it’s already happening with software). Whereas building out the network is a common theme and has been government IT’s primary focus, moving forward, the perspective should be to look at the entire stack “as a service.”
Federal legacy IT investments are becoming obsolete, with outdated software languages and hardware components no longer supported by the manufacturers. Some agencies have reported using some components that are as much as 50 years old.
So rethinking how the federal IT infrastructure is composed is not a case of throwing the baby out with the bathwater. Rather, we should consider drawing a whole new bath, because the baby still needs one.
FITARA compliance is an interconnected system
Compliance with FITARA should not be approached item-by-item, because problems in one area can adversely affect success in another. The entire scorecard is a system, and only system-wide architectural thinking will improve overall grades.
Consider that some of the major setbacks faced by agencies in FITARA compliance fall under the Federal Data Center Optimization Initiative (DCOI), and portfolio review.
FITARA requires that agencies have strategies for data center inventory, a strategy for consolidating and optimizing the data centers (including planned cost savings), and quarterly updates on progress. OMB has established a goal of saving $2.7 billion on federal data centers.
Five agencies – DOD, DOI, Energy, OPM and VA – received failing grades in this area.
IT Portfolio review requires agencies to implement a process to review IT investment portfolios for potential waste and duplication. To help manage existing systems, OMB launched PortfolioStat, requiring annual IT portfolio reviews to reduce commodity IT spending and to show how agencies’ IT investments align with their mission.
Four agencies—USDA, DOD, HUD, and OPM—received failing grades. (To be fair, all of these agencies have reported some cost savings through this effort.)
Simple logic shows that these two elements are inextricably connected. After all, if you don’t have a firm handle on your IT portfolio, data center consolidation will suffer. You can’t consolidate elements that you don’t know you have in the first place.
Automation, and looking to the cloud for answers
Truly modernizing infrastructure and improving grades related to data center consolidation and portfolio review means forgetting legacy plans (and networks) while looking to cloud-like enablement.
Agencies must strike a balance between working toward FITARA compliance as it has been thought of in the past and moving to the cloud by embracing a hybrid mode. That’s only reasonable, as the administration’s “Cloud Smart” initiative are pushing agencies in that direction.
Automation is clearly the way forward, and agencies must start incorporating a kind of Cloud Smart thinking to drive integration. Automation drives consolidation, and agencies need the right mechanics in place to enable automation capability.
Yesterday’s data center environments are mechanical, manually driven, heavy on trouble tickets ranging from change control, across the network to the server to the applications. It’s already a stack approach with manual management. It’s common for data centers to lack true automation, because many systems were deployed during an era predating such technology.
Successful integration and automation is a full-stack approach. By applying machine learning and artificial intelligence, agencies gain tremendous monitoring capabilities allowing them to handle other aspects of compliance (such as portfolio review) to gaining much sought after visibility into and across the IT portfolio.
The finer points of review, and the burden on the workforce
Obviously, portfolio review is a data-driven activity, and it should take into account not only hardware but applications as well. How well do agencies know about the environment intelligence that is attached to the data center? For example, are they running VMware, containers, a financial database, a PKI structure? Which of their resources, if any, are going into the cloud?
These are all considered assets, and the scope of that type of review is one of the reasons the government is taking an active interest in machine learning and analytics.
Agencies have to be more systematic and strategic about what’s happening in their IT environment. By using machine learning and artificial intelligence, they can gain a better understanding of where things stand now, and what needs to be done to move further towards data center consolidation. Visibility drives evidence based decision making which has been bogged down to legacy, static technologies.
In the continuum from portfolio review to data consolidation, IT transformation is essential. A transformative approach to IT architecture creates a glide path to smoother, more cloud-like capabilities, and a more sure-fire way to begin modeling and interpreting the results of IT portfolio review.
And lest you think that this may be too much of a burden, consider that transforming IT architecture with automation actually makes use of the workforce’s existing skill set, and reduces the amount of retooling or re-training required.
Open standards and Cloud First principles leverage previous training from the network environment into a software defined data center and applications environment with more cloud-like capabilities. It actually reduced the learning curve, and allows the same people to focus their efforts by leveraging pre-existing skills and focusing on the differences between application stacks.
Automating the data center environment is necessary to get agencies out of their outmoded legacy (network centric) operations into new virtual machines and container-based environments. That in turn is where data center consolidation efforts will finally pay off in measurable ways, where FITARA scorecards will see dramatic improvement – and where federal IT architecture will actually become Cloud Smart.
Mike Walsh is senior sales director, U.S. federal government, for Big Switch Networks.