Insight by Apptio

How the SEC is adjusting to cloud’s ‘pay by the drink’ model

IT Priorities at the SEC

We have a pretty diverse set of business needs that need to be balanced and prioritized across the across the commission. Those the discussions that we have at the CXO level are about understanding what are the applications for the underlying services, and the cost centers, and from an infrastructure perspective, what are those underlying needs?

Driving Costs Back into the Businesses

We made a conscious decision in terms of how we were setting up our environment to make sure that we had the right accounting, cost tracking mechanisms in place so as we're working with the divisions and offices in the SEC to migrate or build new applications that will be running in our cloud environments, we can directly track those costs back to those applications.

Pandemic Impact

Going back to the point of where the value of TBM is, what are the investments that we needed to make in areas all up and down the stack? And in what order did we need to make that happen? We found early on [during the pandemic], as a lot of agencies did, we actually didn't have enough phone lines coming into our data centers. Our phone design was, well, most people were calling out they weren't calling in to our on-premise capabilities. But particularly as we got going with video conferencing, we had to change that. We actually had to enable an awful lot of phone capacity to deal with that change and usage pattern. There were investments we needed to make in other areas actually to make that happen.

IT Modernization Planning

That enterprise data warehouse is going to live in a cloud environment because we have a need to be able to scale up and scale down, depending on what the issue of the day is. We have to make sure that we can store that data as cheaply as possible yet get still access it. It has to make sense from a cost perspective. The data is a key driver for our cloud strategy.

As the Securities and Exchange Commission has moved and more applications to the cloud over the last year, it found it needed a new approach to managing the cost of those applications.

Unlike on-premise data centers where you’d buy a rack of servers and it’s a sunk cost, the model for the cloud is much more fluid and, if not managed correctly, more pricey.

This is why Dave Bottom, the SEC’s chief information officer, said he’s hiring a new manager to oversee the “pay by the drink” model so as not to take a big bite out of the agency’s budget.

“It’s both the logging capabilities that come with the cloud today, and then setting up the right management structures to actually do something with that data. So one new role from an IT perspective is somebody that’s looking at our costs on a day-to-day basis in our cloud environments,” Bottom said on Ask the CIO, sponsored by Apptio. “We have not had to do that before in an on-premise world because the incentive there is to track the recapitalization of an asset.”

He said this new IT cost manager requires a different set of skills to ensure the SEC budget isn’t broken every month because of cloud usage.

“We made a conscious decision in terms of how we were setting up our environment to make sure that we had the right accounting, cost tracking mechanisms in place so as we’re working with the divisions and offices in the SEC to migrate or build new applications that will be running in our cloud environments, we can directly track those costs back to those applications,” Bottom said. “In our on-premise environment that is a shared service today mostly because we buy the hardware and the storage and the servers. We have a virtualization layer that sits on top of that. But we don’t do a good job of tracking that. We don’t have a way to do it right now.”

He said it’s hard to tell the mission areas what their application costs in terms of segmenting that hardware and software.

“As we convert from capital expenditures to operational expenditures, we are making a conscious decision about how we’re connecting our cost tracking capabilities within the agency and the capabilities that that cloud has built in that that that we’re adopting,” Bottom said.

Managing IT as a business

Bottom, who joined the SEC about a year ago from the Homeland Security Department’s Intelligence and Analysis division, sought to bring more rigor and collaboration to how the agency spent its IT budget.

The SEC, like many agencies, was just figuring out how to manage IT more like a business than an extra expense.

“We have a pretty diverse set of business needs that need to be balanced and prioritized across the across the commission. Those the discussions that we have at the CXO level are about understanding what are the applications for the underlying services, and the cost centers, and from an infrastructure perspective, what are those underlying needs?” Bottom said. “It’s not often just a technology discussion. It’s making sure we have the right people to manage our investments and to operate our capabilities while we’re trying to shift and be more responsive to the businesses.”

Bottom and his fellow CXOs met every two weeks over the first nine or so months he was on the job, and now they meet monthly to discuss agency’s business needs.

Another piece to the managing IT as a business puzzle is the SEC’s move toward DevSecOps and away from the waterfall methodology to develop applications.

“What we found there is that sometimes that’s a little bit more people intensive, particularly for asking somebody to be a product owner or a product manager, and not a project manager,” Bottom said. “We are more responsive to the business because the business is engaged every step of the way. But what we found is that it requires an increasing time commitment, so we making sure we have all the right people in the right spots now is actually just as much a conversation item as we manage our IT as a business.”

He added the biggest challenges is not money, but people with the right skillsets.

TBM benefits coming into focus

The SEC isn’t just training employees on agile or DevSecOps, but also the use of Technology Business Management (TBM) standards.

The Office of Management and Budget mandated agencies fully implement TBM to manage IT more like a business by fiscal 2022. The CIO Council recently a new guide developed by the Federal Technology Investment Management (FTIM) community of practice and the General Services Administration’s Office of Governmentwide Policy, called Meeting IT Priorities with TBM.

Bottom said the SEC has applied the standards and starting to see benefits from tying the cost towers to the cost pools.

“How are CXOs that are partnered with us across the commission understanding what the cost drivers are in terms of running IT infrastructure on a day-to-day basis,” he said. “That lexicon, I think, is just critically important to understand what dollars we’re spending in what area, and why. It is extremely useful in getting the point across to our CXOs. In the SEC, you’re always going to get the question, and you want to make sure that you’re sparking that conversation, why does it cost so much? We always need to be looking for ways to gain efficiencies. Using TBM in the way that we’ve allocated our budget, and the way that we show it, make makes that conversation easier to have.”

The end goal for the SEC to better understand the total cost of ownership for any IT project in a mission area.

Bottom said by having the linkage of cost and value in place and making sure that they are asking the right questions, the SEC is ensuring it’s making the best informed decision.

By managing IT more like a business, Bottom said his office can offer more shared services to the rest of the agency. He said by centralizing common services, the SEC can reduce costs and improve overall performance.

Bottom said the SEC has about 20-to-25% of its applications and systems in the cloud and that percentage is expected to increase to as much as 80% over the next two years.

Bottom added that move to the cloud will make its data more valuable.

The SEC created a data lake in 2015 and continues to mature its capabilities.

“We want to make sure that we have the appropriate safeguards around that from a mission use, and certainly appropriate use part of that. A big part of that is making data usable and discoverable across the commission,” he said. “That enterprise data warehouse is going to live in a cloud environment because we have a need to be able to scale up and scale down, depending on what the issue of the day is. We have to make sure that we can store that data as cheaply as possible yet get still access it. It has to make sense from a cost perspective. The data is a key driver for our cloud strategy.”

Featured speakers

  • David Bottom

    Chief Information Officer, Securities and Exchange Commission

  • Jason Miller

    Executive Editor, Federal News Network

Sign up for breaking news alerts