Jay Mahanand, the chief information officer at the U.S. Agency for International Development, said the agency accomplished what few others have been able to do: Get out of deep technical debt, by taking full advantage of the cloud and consolidating data centers.
“We started pretty early. The first thing we had issues with was the business of USAID in Afghanistan. We were looking to do emails and folks were having issues as far as getting into the email systems and doing their business,” Mahanand said on Ask the CIO. “One of the things that popped up was cloud services and cloud email. We took that as a sign that we really needed to do something because we weren’t able to do the business of the agency. So that started our journey as we moved to cloud email using Google’s suite of applications.”
USAID then started moving its data centers and applications to public and private clouds.
“We created a process, as OMB laid out, if you are looking at a service, make a determination about whether or not it can be moved to the cloud,” Mahanand said. “We continue that move throughout because there is nothing that is preventing us from doing that. When we started looking at the security of the cloud providers, they have to go through the same rigor as we do internally for any of our internal applications. We see that as a plus. We continue the journey.”
USAID’s journey is different from most agencies.
The Office of Management and Budget continues to push agencies to modernize legacy systems, estimating in 2017 that the government has at least $7 billion in technical debt.
A recent Government Accountability Office report highlighted for a third time how legacy systems, some that have been around for more than 35 years, continue to plague agency services.
FITARA creates portfolio approach to IT
So for USAID to find their way out of technical debt is significant and part of the reason why the agency also has done well on its Federal IT Acquisition Reform Act (FITARA) scores, earning one of the few “As.” The most recent FITARA scorecard downgraded USAID to a “B-” only because Mahanand doesn’t report directly to the head of the agency. The agency received “As” in four of the six areas: CIO authorities, transparency and risk management, portfolio review, data center optimization and software licensing.
“We’ve got a really good relationship with the CAO and CFO when it comes to things we need to comply and execute FITARA,” he said. “What we’ve seen is the need to educate the staff itself. It’s a marketing campaign we’ve started and it will take us awhile, but we are in a good place.”
Mahanand said FITARA is helping him and other senior leaders understand the portfolio of IT across USAID, and then make informed decisions about priorities.
USAID is working with Congress to establish the transfer authorities of savings from IT modernization into its working capital fund as part of its fiscal 2020 budget request.
“In terms of the IT cost center, it is something that I manage so as far as any authorities it’s not an issue,” he said. “I manage the investment board along with one of the independent bureaus so when it comes to IT, the control is within the CIO’s office.”
The collaboration across the agency and through the investment board helped Mahanand decide his priorities over the coming year.
Priorities over the next year
One big one is to implement an enterprise portfolio management program that USAID will deploy worldwide.
Mahanand said the application will bring all the data about the programs USAID is working on whether it’s health or school construction or water programs.
“Right now there are systems there, but it’s not tied into the enterprise. The financials or procurement or some of the budget information is not there. So this integrated system will help us collect information centrally about these programs and help us better understand the program’s performance,” he said. “It’s also capturing data that could be shared with the public or shared internally across the agency.”
The EPMP is a cloud based program that will incorporate the Login.gov technology to help ensure secure access.
USAID also recently awarded a new operations and maintenance contract to run its help desk, its security and network operations centers and other back-office functions. Mahanand said the implementation of the contract awarded to NTT DATA Federal Services under a five-year, $218 million contract.
Mahanand said USAID received a rating of 3.8 out of 5 on the National Institute of Standards and Technology cybersecurity maturity model.
“For us to keep up with all the changes in cybersecurity, we have to keep up with the tools, process and governance,” he said. “We have a clear roadmap of what we need to have in place.”
He said USAID created tasks, internal standards and milestones to continue to improve on the NIST maturity model.
“It’s an ongoing thing over the last couple of years to look at the maturity model and see how close we can get to it,” he said. “We do a self-assessment because it’s something we want to make sure we understand. Senior management has supported us and provided the funding that we needed to improve.”