And then there is the dessert bar. The chocolate fountain, the soft serve ice cream and all the cookies and brownies you can eat in the form of software-as-a-service. Like any good all-you-can-eat buffet, you have to save room for dessert.
The one thing that has become clear to Karl Mathias, the chief information officer of the U.S. Marshals Service in the Justice Department, this smorgasbord of cloud can’t be all you can eat, but all you care to eat.
“The hunger and desire for new applications in the cloud grew so much that we actually, in the last three years, put together an IT investment management process so we could get our arms around these kinds of things,” Mathias said on Federal News Network’s Cloud Exchange. “We’ve put in a disciplined management process for our internal folks. There’s all kinds of these little mission systems, like body worn cameras for example, that they want to move to the cloud. The only thing we have to want monitor is that IT investment management because there is way more desire than there is budget available.”
The IT investment management brings in not just IT leadership, but really anyone that has a stake in the modernization effort, including agents from the field and other mission areas.
“It’s a shark tank approach. Every year you have to recompete for funding for your project. Some people after they get feedback from senior leadership realize that’s not going anywhere. And sometimes you ranked high, but the funding didn’t reach down to you so you’ll have to resubmit,” he said. “The mission and IT folks are required to come in and pitch their product. And when we could meet—we’ve done it virtually for the last year and a half—we literally set up a round table and pitch the product and explain why it was important.”
A major reason for that increased desire for cloud services is the Marshals Service’s success in moving mission critical applications to the cloud.
Success driving more desire
Mathias said over the last five or six years his office has worked with the mission side to put applications like the warrant tracking system, the prisoner operations system and several others in the cloud with great success.
“When it comes to reporting and dashboards now, our abilities have just exploded in the way we can provide information and decision making capabilities to the senior leaders,” he said. “For example, when it comes to prisoner operations, one of the problems we have is the US Marshals does not actually own prisons, we rent cells that we use to place people while they’re on trial. We need to know where they’re at and who’s got capacity. That was a very difficult question to answer in our on-premise environment. Now, with the various reporting tools we have, not only can we answer that question, we can say this facility has this many open cells and you can see it on a map. You can drill down and look to see you can integrate things like what’s their COVID case rate. Those were things we had a real problem implementing before moving to the cloud.”
Mathias said another example is using software-as-a-service (SaaS) to collect and process video from body worn cameras.
The US Marshals Service has been working with other law enforcement agencies to solve this big data challenge by sharing the video images to a secure private sector cloud instance.
“You can put the video in their cloud instance. They manage it. It’s trusted by the judicial system. We can access it and we don’t have to buy special software to do the redaction and things like that, the blurring of faces of people who shouldn’t be identified,” Mathias said. “I hate to think what it would take to implement that on-premise. As we move forward to now where our deputies are going to be doing it, the use of that cloud is now going to explode some more, but it’s a good thing. The tools are there, and it’s going to have a huge positive impact on us.”
SaaS is the future
In fact, Mathias said he’d like to move most of the agency’s applications to a SaaS environment.
Currently, the Marshals Service has about 60% of all applications in a cloud instance whether SaaS or infrastructure-as-a-service.
Initially, Mathias said, most of the modernization effort has been lift-and-shift with about 20% of the applications so far needing to be refactored or upgraded to move to the cloud.
“We would refactor and redo everything if we could. That world doesn’t exist. We have budgets and time constraints. One of our driving time constraints is that we have equipment in a FBI data center in Pocatello, Idaho, in a legacy data center. They’re shutting that down next March. So I’ve got to be out of there by January. There’s no time to refactor everything I have sitting there that we would like to put in the cloud in that time,” he said. “We’ll do some lift-and-shift, and we’re also doing some more creative approaches with how we can operate out of our other data centers. There’s a combination of approaches we’re taking, but by the end of fiscal 2024 I’d like get to be in the cloud for most things.”
One of the ways Mathias hopes to speed up that transition is a bigger focus on DevSecOps for software development.
He said currently his office can deliver a minimum viable product in three-to-six months on most development initiatives through an agile process. Mathias would like to see that time to capabilities shrink because with DevSecOps there is always new software under development.
“We’re really good at agile. I think we’re still looking at another year before we can really tackle DevSecOps,” Mathias said. “I know there’s a lot of people, if you read The Phoenix Project, you should do it while I’m on fire and burning. Nope, don’t think I will. I’ll manage my risk by not trying to do too many things at once. The conclusion I’ve come to is that agile is wonderful for developing and maintaining software projects. It’s wonderful for when I’m attacking certain types of operations and maintenance projects. But we’re talking about things like cloud migration, it gets a little less effective because of that spider web effect. You just got dependencies in there that you need to take account of as you move through it. And as much as we don’t like to admit it sometimes upfront analyzing those dependencies and developing a work breakdown structure with milestones is the best approach to take. I’ve decided if it’s a straight up engineering project, think civil engineering, we can go with some more traditional techniques.”
As the U.S. Marshals Service continues to modernize its technology infrastructure and applications, Mathias said capabilities like robotics process automation to remove paper and time consuming data entry from the mission processes, better predictive analytics and artificial intelligence to drive decision making and, of course, better security through a zero trust framework are on the short term horizon.
“I would rather the deputy out taking care of prisoners or catching fugitives then moving from this spreadsheet to that spreadsheet. Essentially, that’s what was going on at the Austin processing center for some of the financial transactions. But there’s similar types of things that happen in our operational community we could probably take care of with RPA,” he said. “Right now there’s, once again, more hunger, more need than budget and time.”