- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
CIO - When CIOs in the federal government talk about their customers, they are often referring to the nontechnical employees within their agencies.
So, like their colleagues in the private sector, federal CIOs face the challenge of rolling out user-friendly applications and services, while at the same time ensuring that those products are secure enough to meet government standards and can stand up to an ever-more varied and sophisticated body of threats.
Cloud Brings New Expectations of IT Services
The government's ongoing shift to the cloud has created a special set of challenges around that balancing act, particularly as employees grow more resistant to access and device limitations in the workplace, according to senior IT officials speaking at a panel discussion hosted by Federal News Radio yesterday.
"Customer expectations are higher now," said Shawn Kingsberry, CIO of the Recovery, Accountability and Transparency Board. "Everyone's so mobile, and at home they do so many things and have access to so much information, the expectations in the office are even higher when you look at the services that have to be delivered."
The government's shift to the cloud is already well underway. In response to a series of directives, dating from the Obama administration's cloud-first policy, agency and department CIOs have been moving systems to the cloud, often beginning with back-office processes like email and Web hosting, but increasingly making the move with more heavyweight, mission-critical applications.
A law enforcement official, would be expected to run regular background checks on individuals associated with an investigation. But what happens when he uses that access to run a check on the boy his daughter has started dating?
Security is often cited as among the chief barriers to the government's further adoption of cloud technologies. A fundamental friction arises in the push for more open, collaborative services that can better support business objectives and an increasingly mobile workforce that can seem at odds with a traditional, locked-down security posture.
"It's that balance that you have to get," Kingsberry said. "You want to deliver the service, but there are tradeoffs."
Those challenges can be more acute when dealing with sensitive types of data or in environments that call for heightened security, such as the military or intelligence communities. Cmdr. Cayetano Thornton, deputy director of the Health Information Technology Directorate for the Defense Heath Agency, a new agency set up to improve health care delivery to the various branches of the military, operates in a world where those concerns intersect.
"If you ask the security bubbas, they would lock everything down, but that prevents us from delivering quality health care," Thornton said.
Adding Finer Controls to Who, What and Where of Data Access
You can expect a more nuanced, situational security framework that would move beyond the traditional models of role-based access and network perimeters. The "three-dimensional" view of security and access controls they described would take a more fine-grained approach to who should be able to retrieve certain types of information that would consider factors such as the time of day of the request, location and device being used.