Sanjay Sardar, FERC’s chief information officer, said the agency now is taking other steps to help its employees work from anywhere at any time.
“We’ve started actively working on defining applications as well that are internally focused and are externally focused to help enable our employees to increase their engagement with our user community,” he said. “We’ve working a lot with the open data initiative that the administration has been doing to give more open access to data and that is letting our employees work from anywhere.”
Sardar said sequestration-related budget cuts have slowed down these initiatives to some extent, but overall the mobile revolution has come to FERC.
“We look at mobility definitely as a productivity gain or enhancer, but it’s definitely for certain users in the sense that your job must require or need it,” Sardar said. “There is a range of folks that do require it, but we are trying to build in that mobile platform.”
Beyond laptops, FERC is rolling out network access through a virtual private network (VPN) and is using Citrix remote access technology.
A third security feature FERC is considering is a new technology called authenticated device program. Sardar said that technology will require users to not just authenticate their identity, but the device as well to the network.
“This will allow users to pick their own device, connect to our network using a secure tunnel, data would be used and saved in a secure environment and we would use our partners like F5 Networks to help with a rules based protocol,” he said. “But we have a lot of kinks to work out. The governance still is something we are playing around with. The policies are getting better and better defined across the board in the government, but it is something that has to be fully fleshed out. A good example is when you do bring-your-own-device, access is something that you are paying for or is the government paying for it? It is a worked based product tool. Those things haven’t been worked out yet and we still working with it.”
He said the goal of the authenticated device program is to reduce the risk of employees putting unapproved devices on the network and causing potential cyber vulnerabilities.
Additionally, as FERC moves closer to letting employees use their personal smartphones or tablets on the network, the authenticated device program becomes more important.
“As you bring your own device to our network, we will push rules and governance that you may or may not be comfortable with,” Sardar said. “The concept that this is your personal device, personal data and personal applications may or may not be personal. We will control that device. We would want a very secure profile, a very secure place you will be working on it and have that ability to remote wipe it when we think that it’s not secure anymore.”
Along with a major push for mobile, Sardar said FERC is rationalizing its applications and updating one of its most important ones.
He said over the next year FERC will move its document and records management system, called E-Library, to the cloud and is changing cloud mail providers over the next year.
“We have a lot of rewrites of applications that are coming up. This is a good opportunity for us because we are rewriting old software that was built over the last 10 or 15 years that we are now figuring out how to redo,” he said. “These are collections. These are workflow apps that will then get rebuilt whether using software-as-a-service, cloud-based hybrid model, storage-as-a-service or infrastructure-as-a-service, we will incorporate all of these ideas. In the next 10 months to a year, those are big priorities for us.”
Sardar said FERC will release a solicitation to update the E-Library program in the next few months.
“E-Library is at the heart of everything we do. All the work we produce as a commission is in E-Library. It is also plugged into most of our application and workflow infrastructure,” he said. “It’s a 10-year-old system. It’s a complex system that we want to redo. We are looking at it so we get a solution, not a product. We are looking for vendors to come in and tell us whether it’s a cloud- based system or an in-house system, it’s a managed system that we reap the benefits of not just implementing a product we have to maintain.”