The cloud is not a new place for the Federal Trade Commission.
But over the next few years, the FTC is going to get much more familiar with the “as-a-service” model.
Raghav Vajjhala, the chief information officer of the FTC, said the agency will use a new multiple award contract with four vendors as the launching point for the agency’s IT modernization efforts.
“Now we will go through that tough work of trying to figure out what are those right task orders to write, what things move first, what things second and what things move third,” Vajjhala said on Ask the CIO. “That is a big effort for us, sequencing it out and working with our customers to get them ready [for the change].”
For instance, among the first areas of change FTC employees will experience is with their email. Vajjhala said among the first task orders is moving email to the cloud. Additionally, he said network modernization is another short term priority.
“Over the last couple of years, we have been steadily moving all of our old legacy TDM connections and moving on to Ethernet. Now I want to take the next step, which is to look at what is the optimal way to design a network that minimizes a lot of latency and bandwidth issues that a lot of other agencies have encountered when they’ve moved a lot of their stuff into the cloud,” he said. “We really want to make sure we take care of the foundational elements upfront for all of our cloud migrations, which means we will focus on those things that are not as exciting as some of the other things out there.”
The FTC awarded a blanket purchase agreement worth about $100 million over five years for an assortment of IT support services.
The new contract is not the FTC’s first foray into the cloud. It already moved several applications, including the FTC.gov website and the Do Not Call List, into the cloud.
Vajjhala said over the last year the FTC received approval from the Federal Risk Authorization Management Program (FedRAMP) for a legal review product.
“We consistently, whenever we have a refresh opportunity, consider what is another way of doing this? Can we take advantage of something that is already built in the cloud and how do we work through our acquisition and budgeting programs to make it happen?” he said. “A big part of moving to the cloud is it’s not glamorous. It’s a lot of hard work identifying individual pieces of equipment and individual services and trying to figure out when is the right time to move it.”
Vajjhala said he expects to move 60-to-70 percent of FTC’s data into a cloud over the next few years.
“My job is to make sure regardless where IT is done, it’s done well,” he said. “We are building a community of support here at the FTC that allows us the flexibility to make mistakes. Any kind of contract action is an exercise of risk management. Inevitably, we will take an action to move something to the cloud that doesn’t work out well. We thought the BPA was a great mechanism to mitigate that risk and at the same point build a lot of trust with the vendor community.”
Another short term priority for the FTC and the cloud is its security services and platforms.
Vajjhala said for the cloud environments to work well, the FTC needs a more distributed approach to security.
“Our biggest effort is going to be how to re-engineer our entire security platform so regardless of where our content is, we can always enforce our controls and policies consistently regardless of the device our customers are using and regardless of where and when they are working,” he said. “After we get through that, it’s primarily a procurement exercise of how and when we choose to adopt different cloud services.”
Vajjhala said developing a great security environment will lead to a much improved customer service for his internal and FTC’s external users.
At the same time, Vajjhala said over the past few years the FTC started updating its security policies and guidance to get ready for cloud and off-premise services.
“Our first cut was to get stability for how we make decisions and make sure they are repeatable and measurable throughout the entire effort,” he said. “As a small agency, we’ve never really had a 24/7 mission purpose that many of the large agencies do. But that has been changing. There is no down time for litigation anymore. We have a lot of teams operating all the time so we realized we needed our cyber operations to step up and be the same capacity and same caliber.”
Vajjhala said a key piece to that effort has been the continuous diagnostics and mitigation (CDM) program from the Homeland Security Department. The FTC is in Group F where DHS, through its vendors, will provide cyber shared services.