The Small Business Administration has spent the last year preparing for its technology future.
SBA’s network backbone wasn’t up to the task of supporting many of its planned modernization efforts.
“The agency committed to modernizing as quickly as possible. Senior leadership recognized that some things have been neglected for a period of time so they put their money where their mouth is and let the procurement of all new routers and switches across the U.S., which is a significant undertaking,” said Keith Bluestein, the acting chief information officer of the SBA. “The project is about 60 percent complete and should be done by year’s end. We knew we had significant legacy issues with the local data center here so we have been very focused in moving as much of the stuff we have here to a cloud environment.”
Now that the network is on the path toward modernization, Bluestein initiated a major agencywide cloud initiative.
Over the Memorial Day weekend, SBA IT staff and contractors moved the agency to Microsoft Office 365 in the cloud, initially just for email.
“That will enable the other capabilities in the coming months,” he said. “Concurrent with that, we’ve also been consolidating our SharePoint instances. When I came here we had several instances with SharePoint 2007, SharePoint 2010 and SharePoint 2013. We are migrating all of that to coexist with the Office 365 instance, and we are going from 2007 instances to 2010 and taking all 2010 instances to 2013 so we can shift that into the cloud as well.”
Bluestein said since he came to SBA in May 2015 as the deputy CIO after spending most of his career with the Navy. He became acting CIO in September when Renee Macklin moved on to the Commerce Department.
Bluestein said the network and data center updates had to get started before SBA could take advantage of the cloud.
He said SBA had a data center meltdown before he arrived, which highlighted the need to update.
“Our youngest switch in our network was going end of life in July of last year, so it was clear we needed to update the transport out there, and even though we are driving a lot of things to the cloud, not everything will be in the cloud so people can reach back to the network,” Bluestein said. “The other thing that we did when we bought the equipment for the infrastructure refresh was buy some overhead in here. Fortunately our leadership was forward thinking. We want to give services such as unified communications, desktop video teleconferencing and let people operate in a modern environment, and we will only be able to do that if we pipe lots of data across our data and across the U.S. They agreed to that and bought the equipment that can handle that.”
SBA plans to take advantage of a host of tools provided by Office 365, including Skype for Business and document collaboration capabilities called One Drive.
“It’s basically a shared drive that everyone has, and it’s originally provisioned at more than 1 terabyte so everybody has a lot of space on there. When you collaborate on a document now, you attach it and send it to 86 people on the email distribution list. With One Drive, you can just send a link and everyone can access that one document, which saves you bandwidth and improves performance,” he said. “They have a lot of storage. In a lot of cases one of the issues we always had, we never had enough storage in the agency. So when someone needed something, we constantly trying to figure out how we were going to re-provision more storage for these individuals. We didn’t do a very good job of managing our storage area network so that gives you that capability.”
Email-in-the-cloud is a perfect example of the need for more storage. SBA employees used to have only 500 megabytes of storage, but now are getting 50 gigabytes. Bluestein said the change will alleviate the constant need for employees to archive documents and will give them a better user experience.
The other major change the network modernization is bringing for SBA is addressing a host of cybersecurity challenges raised by the Government Accountability Office.
In September 2015, GAO made 69 recommendations to fix management problems at the SBA. Of those 69 recommendations, auditors made 30 that focused on IT security.
Rep. Steve Chabot (R-Ohio), chairman of the Small Business Committee, said in January he wants these 30 problems resolved by June 30.
Bluestein said some of those challenges have been outstanding for many years. But over the last few months, he has been meeting with the Chief Digital Officer Tracy Terrill and Deputy Administrator Doug Kramer daily on these issues.
“If you don’t have someone who is driving that for a long period of time, certainly driving it more than 12 months at time, some of the things could fall off the plate. I think that was what I found were areas we just needed to take a pretty good focus on,” he said. “We didn’t have a very robust patch and application management process in place, which we have certainly taken a focus on. The process of how we audit our systems and monitor our systems was not as robust as it probably ought to have been. We have certainly focused on that, and what that has resulted in is actually bringing significant numbers down. For instance, the remediation items that we needed, not just the paperwork items, but also application specific things where we had counts in the hundreds of thousands and we are down literally to the single digits worth of thousands in some of the outstanding issues we might have.”
Bluestein said SBA focused on several different things, including on the people side. He said SBA will soon hire a new chief information security officer.
“We are focused on are we actually making our fabric more secure here and put ourselves in a better posture, and certainly we are getting there,” he said. “I think the IG and certainly our auditors that are here are seeing that as well.”