Insight by Swish and Check Point

Interior’s IT modernization success relies on people, data

Network and Cloud Adoption Strategy

As a service, we care more about availability than the specifics about how those clouds are managed and so once they jump through all the hoops that are associated with security and all the compliance and oversight and contractor reporting requirements, how they actually do that work is less interesting to us now.

TIC 3.0 and Securing Cloud Services

We want to be one of the first departments, if we're able, to do a departmentwide deployment with [TIC] 3.0. But we're still trying to figure out what those requirements are. One of the challenges from a departmental perspective is the investment we're going to make in alignment with the requirements that are coming in the future?

Workforce Training

One of the most exciting things to come out recently was refocusing on how to develop the federal IT workforce toward that future. How do you take people who are in their mid-career roles and start moving them toward that vision of being that excellent group of problem solvers and analysts?

Diagnostic and Reporting Framework

The dashboard also has to be measurable in certain sense. Does that risk make sense to the analysts? Does that risk makes sense to the decision maker? How I process information and how Bill processes information versus how they analysts processes information is at different levels, and we got to have information fed to us in that format. When we talk about risk, it has to be in practical terms.


When it came to moving to the cloud, the Interior Department jumped ahead of nearly every other agency back in 2011 with its first email-as-a-service contract.

Nearly nine years later, Interior recently complicated its second round of moving email and collaboration tools the cloud.

Bill Vajda, Interior’s chief information officer, said the recently completed move to Office 365 from Google Apps for Government is one of several ongoing cloud modernization efforts.w

“As a service, we care more about availability than the specifics about how those clouds are managed and so once they jump through all the hoops that are associated with security and all the compliance and oversight and contractor reporting requirements, how they actually do that work is less interesting to us now,” Vajda said on Ask the CIO sponsored by Swishdata and Checkpoint Software Technologies. “Really, how they do that so its works in a way that ensures that you’ve got availability of that data that you’ve got transport ability of that data across all the different cloud domains that you’re working with, that’s actually out far larger part of the of the concerns that we deal with every day than just whether a server is up or down or not.”

He said the cloud is freeing up staff to be less “wires and pliers” and more “problem solvers.”

“What that allows us to do is really focus on the value add that we’re getting out of that operation and how we can use that to better serve the American public,” Vajda said. “One of the most exciting things to come out recently was refocusing on how to develop the federal IT workforce toward that future. How do you take people who are in their mid-career roles and start moving them toward that vision of being that excellent group of problem solvers and analysts?”

Vajda, who joined Interior in March 2019, said his office is partnering with Interior’s chief human capital officer’s office, the Office of Personnel Management and the federal CIO Council to help train employees with the right skillsets to be problem solvers today and in the future.

As with any technology modernization effort, there comes some risk, whether it’s security or understanding which applications are cloud-ready or ensuring the workforce has the right set of skills.

Interior, like most agencies, works in a hybrid-environment where some data and applications are in the cloud and others remain in their data center. According to the Federal IT Dashboard, Interior still has 11 regular data centers and 46 key mission facilities.

The agency’s long term vision with cloud is to get data, security and applications under a more standardized and controlled infrastructure that is available in a secure fashion.

“What the benefits are to us is I know where to make my security investments and it’s not the various endpoints that are all over the place or the many data centers that we have, but I know that from a security perspective, we have a containment, is that cloud provider, where we’re making all of our security investments over the long term,” said Jack Donnelly, Interior’s chief information security officer. “The strategy is there. Now it’s trying to get Interior into some manageable approach and transition them into a mostly cloud solution. It won’t be 100% because we have some one-offs, just like everything else, but security is a thread within the overall migration to the cloud, and we have our part.”

He said while he has no major concerns about moving data and applications to the cloud in a controlled, standard way, it’s the shadow IT or a high value asset like a point of sale system at the National Park Service that will be a major challenge.

“How do you protect that from a cloud perspective, what is our connection from our infrastructure to just distributed services all the way across the United States across multiple time zones, and then how do you get all of that IT to turn around and work together?” Donnelly said. “So that’s been a major challenge for us in these one off solutions and it’s not one, it’s not two. It’s some high number and it numbers into hundreds right when you have a lot of infrastructure to run and industrial control systems and sensor systems for all types of things.”

Donnelly said the modernization of the Trusted Internet Connections (TIC) program will make the move the cloud much easier, especially if Interior can rely on different tools to gain the same rigor.

“The idea is can you guarantee the security controls? Do you understand what they are? Do you understand the on-premise current solution and what the difference between that solution and the cloud service provider and the service solution is going to be once you get through that process?” he said. “You can either make a determination that you have a one-for-one security solution that meets all your requirements or there’s a shortfall and an investment needs to come later or it’s something that you need to work on into the future in terms of cloud implementation. It’s been an evolving security plan in TIC 3.0, in particular, there’s some interesting features there. What it basically says is, look, you don’t have to follow all the requirements that Homeland Security puts forward. What we like to do is have some very high level requirements, some use cases, and we’d like to see that implementation, not necessarily done by you, but you pick what you want to do on-premise or off premise on the cloud.”

Donnelly said Interior would like to be one of the agencies that tests out the TIC 3.0 use cases in the coming months.

All of this security data and mission information will eventually be fed into a new diagnostic and reporting framework to give Vajda, Donnelly and other executives a broader view of risk across the organization.

Donnelly said the goal is use the data to make near real-time decisions.

“It’s important at the end of the day because the data that we have there’s so much of it that we need machine learning and artificial intelligence to parse through the majority of it because we have a small number of analysts that could look at the dashboard,” he said. “The dashboard also has to be measurable in certain sense. Does that risk make sense to the analysts? Does that risk makes sense to the decision maker? How I process information and how Bill processes information versus how they analysts processes information is at different levels, and we got to have information fed to us in that format. When we talk about risk, it has to be in practical terms.”

He said that means the dashboard will quantify the risk in values that executives can understand like dollar figures.

“When you express risk in quantified measures, it makes the decision process from a decision maker perspective, much easier and tell you the truth,” Donnelly said.

He added Interior’s dashboard is working today and will become more sophisticated with more data and better analytics over time.

“We want to get to the idea of getting this data and making risk based decisions and preventing bad things from happening to us,” he said. The other part is how do we make smart IT investments?”