Are shared services the answer to data protection?

Here’s a staggering, almost incomprehensible statistic: Over 1,000 billion bytes of data are generated every year in government and government-related applications (yes, you read that right).

The natural question that comes from that statistic is how does anyone defend all that data? How do we ensure we can protect the information that makes our electric grid, air traffic, voting processes and other government-controlled functions keep working safely and reliably?

The answer, of course, is to improve the way in which services are shared between government agencies – and between government and private industry.

The first step: understand your processes

Right now, shared services are seen as perhaps the only way to ensure data security in essential government processes. At the same time, however, the notion of shared services seems to raise almost as many questions as answers. How should these services work?  Should there be shared sensors among agencies? How do you address information flowing to and from Trusted Internet Connections (TIC)?

The issue gets particularly thorny when considering IT modernization (not just modernizing legacy systems, but the entire government IT infrastructure). It’s important to be able to analyze risk with shared services, particularly when agencies are making procurement decisions. Right now, the only “risk” being considered in IT procurement is financial; the risk to mission fulfillment is not necessarily tied back to the process.

Late last year, a government symposium brought together government experts to discuss the state of shared services in government.

Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications at the Department of Homeland Security (DHS), said the agency will continue to use its influence to encourage industry to adopt new cybersecurity processes. That means being able to identify critical systems and infrastructure and prioritizing which of these systems are to be defended.

For Manfra, that means understanding who is involved in delivering those services, the infrastructures connected to those services and every party connected to that infrastructure. “We shouldn’t accept the fundamental way a network works,” Manfra said. Better knowledge of the processes is the only way to keep bad actors at bay.

Shared service ROI demands complete participation

So down the road, mission risk will become increasingly important. For now, however, the measure of success for shared services still centers around return on investment (ROI). That return is directly related to complete involvement by every organization that touches relevant information, processes and infrastructure.

Almost by definition, shared services cut across every aspect of an organization’s IT needs – from email to data centers to cybersecurity. When agreement is reached across the board, the return on investment can be considerable.

The Department of Commerce is enjoying “tremendous success” from shared services, in terms of increased efficiency, productivity and cost savings, according to the agency’s acting chief information officer/chief information security officer, Rod Turk. Similarly, the U.S. Trade and Development Agency is moving email, network drives and collaboration tools to the cloud. Benjamin Bergerson, that agency’s CIO, estimated a return on investment of $4.6 billion from a base procurement budget of $75 million.

That kind of ROI is always at the forefront of thinking in federal procurement of shared services. U.S. Trade and Development stressed that because “information lives everywhere,” solutions can’t be stove-piped. “We have to be smart with requirements, auditing and follow-through,” Bergerson said.

In shared services, everyone in government needs to be all in. Agencies have a responsibility to transition completely to the shared services model when it becomes available. Costs can go up if any organization drops out. And if ROI can’t be demonstrated at the outset, you’ll lose interest. Lose that interest and the concept simply won’t work over the long haul.

For organizations with small budgets, government experts seem to agree that practically the only way to ensure ROI on IT procurement is through shared services. Acquisition cycles must allow for the purchase of technologies and services that are shared. Processes within business units must adjust to that mindset and move from the ingrained preference for customization.

There are still some issues to be addressed before everyone will be fully on board with the idea of shared services in government. But because the government is increasingly moving to the cloud, the sooner everyone is on board, the sooner government as a whole will realize the benefit.

This article is published as part of the IDG Contributor Network. Want to Join?