Insight by Veritas

How to achieve operational resiliency

Federal agencies and the people who staff them have had a crash course in how to keep operating effectively when a totally unexpected situation arises suddenly. What some of observers had referred to as a “black swan” event.

The pandemic has shown the importance of continuity of operations plans (COOP), and that they be tested and revised periodically. It has shown the importance of a robust and adaptable information technology infrastructure, and of how cybersecurity defenses must also be flexible and adaptable.

If you add up these factors, they amount to a more holistic concept that encompasses COOP, virtual private network capacity, and cybersecurity. You might call it operational resiliency.

“Operational resiliency really refers to the concept of any enterprise organization being ready to execute on its mission,” says Alex Restrepo, senior principal for solutions marketing at Veritas.

He spoke as part of a discussion along with Scott Sloan, Veritas senior director of sales engineering for U.S. public sector, in a webinar moderated by Federal News Network’s Tom Temin.

Restrepo said a given agency faces three potential impediments to its ability to reach its mission outcomes.

  • Complexity of the IT environment itself. When organizations add new applications and data sources, they often layer new technology on existing, thereby multiplying the potential conflicts that can interrupt IT services. Another growing complexity factor is adoption of multiple commercial cloud services, along with continued operation and enhancements of agency data centers.
  • Constantly morphing cybersecurity attacks. For instance, the sudden move to mass teleworking has caused a new wave of expertly-crafted phishing and ransomware attacks.
  • Sudden unknown occurrences. “The unknown things like the current pandemic is an example of the unknown impacting business,” Restrepo said.

Sloan pointed out that while so far federal agencies have escaped crippling ransomware attacks, state and local agencies have not been so lucky. He cited the attack on Baltimore a year ago. The ransomware demand for the city’s access to its data was $76,000. “But they decided not to pay. This decision cost the city at least $18 million,” – a combination of the costs to restore its systems and of lost fees revenue while city business stopped.

Keeping resilient

Resiliency is more than the ability to steer around cyber attacks and respond to events like the pandemic or the more-frequent lapses in funding from Congressional logjams, according to Sloan and Restrepo.

A change in charter or regulation can also force a scramble. Nearly every year, for example, Congress tweaks and sometimes radically overhauls the tax code. That forces the need for rapid and reliable changes in IRS systems. The Small Business Administration faced two big changes at once. Not only did its people have to suddenly telework, but it also got a trillion-dollar assignment under the Payroll Protection Plan.

How to deal?

Fundamentally it requires visibility into your own infrastructure and into the nature and location of data.

“If I don’t have good visibility into my entire infrastructure, it’s very difficult for me to pivot and be agile in the face of changes like we’re seeing right now,” Restrepo said.

Secondly, and related to visibility is the ability to change the infrastructure, move data and applications around in failover situations, in some automated or orchestrated way. Planning for resiliency here will quickly reveal the complexity of an environment.

“You want to make sure you have good orchestration tools that are able to take into account the environment. And then move it non-disruptively when necessary,” Restrepo said. Technologies such as virtualization and containerization can aid the movement of workloads and dealing with sudden changes in demand.

Resiliency planning can also aid in another government-wide imperative, namely modernization. Removing complexity should be a component of modernization, Sloan said.

“Agencies thought they could do massive replacements of technology like moving everything to the cloud. But what we’ve been seeing is way more adding of technology than replacing it,” he said. “The result can be a tangle of overlapping and redundant systems that cost money, slow innovation and hinder the agencies from identifying new mission opportunities.”

Check out the videos for more detail on the challenges of operational resiliency.

Operational Resiliency

From our perspective all data is fungible, to the extent that it can move from one form factor to another one underlying infrastructure to another. The key here is really understanding a what data you have.

Building a Plan for Resiliency

Agencies thought they could do massive replacements of technology like moving everything to the cloud. But what we've been seeing is way more adding of technology than replacing it. The result can be a tangle of overlapping and redundant systems that cost money, slow innovation, and hinder the agencies from identifying new mission opportunities.

Unknowns That Affect Federal Agencies

We already see impacts to missions and outcomes on some agencies [that] have put projects on hold while they only focus on keeping their mission afloat. Others haven't missed a beat. They've been able to adapt to the changing environment…since they had a good response plan in place.

Listen to the full show: