Cloud Exchange 2023: DoJ’s Brian Merrick on modernizing IT service delivery

From forecasting IT enterprise requirements to implementing a zero trust architecture, DoJ’s IT modernization approach is focused on enhancing service delivery...

The Justice Department is aiming to improve its IT service delivery through a “full spectrum effort,” a top official said, with DoJ looking to better forecast enterprise needs across its divisions and components.

Brian Merrick, deputy director of solutions delivery staff at DoJ, said the agency has been able to adopt a modern collaboration suite of tools and more recently modernized its IT ticketing system through a Software-as-a-Service capability.

“We’re working on initiatives now to improve our demand forecasting for different service, how we integrate emerging tech into our business portfolios,” Merrick said on Federal News Network’s Cloud Exchange 2023. “So it’s definitely a full spectrum effort. And each component is looking at this through their own unique lens, but with the same basic commonalities towards trying to maximize mission effectiveness, and trying to reduce cost and complexity.”

Forecasting with IT dashboards

Merrick’s team is in a crucial position at DoJ, which recently named “Enhance Service Delivery” as one of its major priorities under the department’s most recently issued IT Strategic Plan.

Merrick said the plan to improve demand forecasting across DoJ involves moving away from an ad hoc approach to IT requirements to a much more “robust, requirements gathering process” involving dashboards and automating visibility into the needs of the service delivery team’s customers.

“We really need a much more defined process with clear parameters on how we’re going to make decisions about what types of services we’re going to deliver and in what fashion and the guardrails around it,” he said. “And certainly, we want to focus our resources on those requirements that have the most commonality between different customer bases and requirements, or meet special, unique, highly critical requirements as well.”

Modern applications and data analytics

Some of the crucial technology needs on the table at DoJ today include the legal matters management process, Merrick said. That’s one area where DoJ is turning to potential SaaS tools.

“We have several litigating components that are in dire need of really robust functionality due to just the massive increase in electronic discovery requirements that are happening,” Merrick said.

He said the service delivery team is working with those components to understand how to get the best return on investment and scale a potential solution across multiple components.

“What we’re trying to do, especially in that legal matter space, is look at it as a portfolio of different opportunities to provide services, and then from that boil down the certain key building block elements from a toolset standpoint, and then creating those with an eye towards reuse so that we don’t have to completely create a whole-cloth new solution,” Merrick said.

His team is also looking to modernize how it provides data visualizations and decision support to the department’s senior leaders.

“We started looking at some of the more modern tools to do that, and potentially creating more of a data analytic capability specific to decision support requirements,” Merrick said.

Meanwhile, on the law enforcement side of DoJ, communications interoperability, particularly with radio technologies, remains a major challenge. Merrick said DoJ is planning a pilot project in 2025 to get after the interoperability challenge.

“We have a lot of really great specific point capabilities that are in place, and as we go forward, trying to really create those smooth paths to interoperating, I think is going to pay off dividends,” he said.

Zero trust push

As with other federal agencies, DoJ is also moving to adopt a “zero trust” security architecture as it continues to modernize its IT environments. Merrick said DoJ views the zero trust concept as one of the “largest enablers” toward adopting secure cloud services and other modern IT applications.

“We really wanted to look at it holistically, and provide an easy path and actual tools, practical capabilities for all of our components, all of our customers or partners, or our community to us in a way that would help make us more secure over time,” Merrick said of DoJ’s zero trust approach.

DoJ has piloted a number of zero trust tools, including an endpoint detect and response (EDR) capability, and the department has now nearly completed its implementation of the EDR solution, Merrick said.

“The next big step is really moving out on our identity solution,” he said.

DoJ is moving toward a single identity capability, with approximately 60 applications already having it integrated, Merrick said. A major step forward, he added, will be integrating the identity solution into DoJ’s primary email collaboration suite this fall.

“We want every user that interacts with our data to have a unique identity,” Merrick said. “That really paves the way for a lot of benefits down the road, especially as we move to cloud, the reliance on physical networks reduces, and that identity sort of becomes the quasi network, if you will, of the past.”

And the third major prong to DOJ’s zero trust approach is integrating a cloud broker into its environment as it shifts away from the traditional network environment and using virtual private networks for access to DoJ resources.

Merrick said while there remains a number of challenges to DoJ’s zero trust implementation, including change management, there is a “groundswell of support” for the department’s approach as well.

“We’re going to be able to have unprecedented capability to really understand our users’ behavior, and integrate threat behaviors and risk into our access rules, and be able to control what folks are accessing in a way that we just haven’t been able to do before,” Merrick said.

To read or watch other sessions on demand, go to our 2023 Cloud Exchange event page.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories