a "discovery" exercise on all the OIG networks and circuits at sites across the nation. This investigation included a physical inventory of all the hardware at OIG offices. "That helped out in determining any equipment that had reached end of life," said Brock Stevenson, the OIG's liaison to Microsoft.
As a result of the infrastructure cleanup, Stevenson said, the OIG was able to retire some legacy environments, such as an email security appliance and an email archiving system, and reap operational cost savings.
At DOL, the benefit of enterprise readiness was similar. "A good thing is that when you're moving to external services, that can help drive your internal standardization," Leaf said. "We had nine different email infrastructures that were all developed with different visions. It's like we had this house over decades where the individual occupants and owners all built out what they wanted. We actually had [sites] where people were buying parts for servers on eBay. Having an effort where you're going to get outside services is like having [a house] inspection -- it forces you to look at yourself and really start to standardize."
Leaf reminded IT managers that in moving to the cloud, they must retain clear oversight. "Delegation -- and that's what you're doing; you're delegating your authority of your IT services -- is not the same as abdication," she said. "The bottom line is when stuff is not working, it doesn't matter how many contracts you have out there, and it doesn't matter who wrote them. You are the IT services organization; you are the CIO or the office of the CIO. You are the one that [users] are going to come to."
Due diligence is key to oversight, she added. "Make sure you're managing the program like you would anything else."
Sharing experiences with other agencies that have migrated to the cloud or are planning a cloud move can make the experience less painful. The HHS OIG, in fact, is establishing a Microsoft Office 365 for Government federal users group.
"Our goal this summer is to set up a meeting to get as many in the federal community as possible and talk about our goals," Owens said. "We think if we speak with one voice to Microsoft, it will provide incredible value... we can share best-practices across the federal community to get the best value out of this investment. When we work with a vendor with one common voice, it's going to help them and it's going to help us."
NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.