Karen Evans is the US government's top IT executive - essentially, its de facto CIO. Her official title is administrator of the office of electronic government and IT at the White House Office of Management and Budget. Evans, also director of the Federal CIO Council, recently spoke with US Computerworld about the government's IT operations. Excerpts follow:
US Federal IT isn't always seen as cutting-edge. "Antiquated", "stovepipe" and "legacy" are words frequently used to describe it. Are they still apt?
"Antiquated", "stovepipe" and "legacy" is probably accurate at several of the major departments, but that isn't necessarily a bad thing. I don't think the government needs to be on the cutting edge, but we do want to be on the leading edge. For example, when the President wanted to make sure that we were improving security and that federal employees had good [interagency] credential verification procedures, the technology didn't exist at the time. We made it very clear what our requirements were, and industry came through and invented the technology that we needed.
Now we have an integrated solution between our logical systems and our physical systems. That's a huge undertaking. Normally, you would think [it would take] five to 10 years for the government to do that. We did all of that work in less than two years.
What kind of efficiencies are you getting from that?
What was happening in the past is when you moved from Agriculture to Justice, they would run all the same business processes again to revalidate that you are who you are. We're not doing that any more. In some of these positions, it would take six months to a year to get somebody to just move [to another agency]. So we set a metric of 45 days from the time a job is posted to the time the person actually appears on the job site, regardless of whether it's an internal candidate or an external candidate.
The ageing of government IT workers and outsourcing are sometimes tied together . . .
Sometimes.
Are they tied together in your mind?
The real short answer is no. We have done surveys and identified our skill gaps. A lot of things we're talking about that you would [put out to bid] - like a data centre type of service and some of these hosting services - those aren't some of the areas that we have identified as critical skill gaps for us and our workforce.
We've actually broken them out into four areas: project management, security, enterprise architecture and solution architectures. We have the authorization to fill vacancies in these skill gaps, so what we're working on is major recruitment activities, like internships [and] outreach to the universities. We have been quite successful in the cybersecurity area. But [recruits] have a tendency to go to the intelligence agencies, because people get pretty jazzed about working [there].
What changes have you made to improve IT security within the US government, and what still needs to be done?
We just recently released a policy dealing with Microsoft and standard configurations [for Windows Vista and XP]. When I really analyze what the issues are associated with our security going forward, we have a couple. The first part is people — gosh darn, it's people. [Chuckles.] People really have to understand the purpose of the information and how to secure the information.
The other part is basic types of system development and maintenance, like configuration management. With the policy that we just released, this is our opportunity to standardize the configuration [of Windows] all the way across the board in every federal agency, down to every desktop. When the government has a standard configuration, it makes it so much easier to maintain patches. That really is the heart of the issue. When you get down to "Why did that incident happen?" — a lot of times, it's because that particular system wasn't fully patched. We are also telling vendors that this is the standard configuration, so you have to make sure your products work on this configuration. That's a big change.
- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Strategies for Dealing With IT Complexity 24 December, 2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
9 Paths to Higher Performance 10 December, 2007 14:09:23
When an organization brings together talented people in a creative, collaborative environment it fosters a culture of high performance, which in turn leads to superior business resultsLike high-achieving individuals, some organizations seem to have the Midas touch. Virtually every initiative they touch earns them gold and even those that fail never seem to cost them much of anything at all - +
How to Get Real About Strategic Planning 04 February, 2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such - +
Hiring Manager: Emphasize Integrity, Attitude 14 December, 2007 11:18:07
William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool.William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool.
- +
Can Macs conquer the enterprise? 11 January, 2008 10:55:53
The field is wide open for a Macintosh insurrection on the business desktop. It could happen, but probably won't. Here's why.If Apple were a football team, the New England Patriots would have had some serious competition this year.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Discover the advantages of an open architecture multi-vendor network solution
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Enterprise Wireless WLAN Security
Taking On Demand CRM Integration to the Next Level
CRM your salespeople will love
Gaining Competitive Advantage Through Enterprise Planning
Security Inside Out
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperJoin Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
- White PaperView this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Chris Hoff on Virtualization and Cloud Computing 20 November, 2008 10:55:00
Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly. - +
Cybersecurity is focus of new start-up incubator 20 November, 2008 07:19:00
Texas uni announces the Institute for Cyber Security.The University of Texas at San Antonio Tuesday announced a technology incubator aimed at fostering IT security-based start-ups within the state. - +
Dilip Sarangan on Physical Security M&A 20 November, 2008 11:18:00
Dilip Sarangan tracks physical security companies for Frost & Sullivan. He expects the industry's "need to have" products to weather the economic storm well, with the big players (now including IBM and Cisco) looking for value-priced acquisitions. - +
International Challenges in PCI Security 20 November, 2008 09:15:00
In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective. - +
PCI council sharpens oversight of security auditors 19 November, 2008 10:53:00
Quality assurance plan targets security assessors and scanning vendorsThe PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.
Vignette Announces 2008 Excellence Awards 21 November, 2008 10:50:00
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 20 November, 2008 12:02:00
|
||
|
||
|
|
||
|
Radicati Market Quadrant 2008 on Corporate Web Security
An Analysis of the Market for Corporate Web Security Solutions, revealing Top Players, Mature Players, Specialists and Trail Blazers. Read on to discover who makes the grade.
Buying Guides
Buying Guides
