konklone
commented
7 years ago [Inlining a best-effort version of the attached comment below. If there were links in the original, they are not maintained in the below version. Download the original attachment in the issue above to see the original comment.]
Response to White House Office of American Innovation
Report to the President on Federal IT Modernization
Comments by Veritas Technologies
September 20, 2017Introduction
Thank you for the opportunity to provide feedback on the report of the White House Office of American Innovation/American Technology Council to the President released for public comment on August 30, 2017. Veritas is supportive of the overall vision of the report and its focus upon building a more modern and secure architecture for federal IT systems through leveraging commercial cloud and IT modernization and shared services. Veritas offers our views on how best to improve the report and the specific programmatic efforts it will spur.
General Comments
We appreciate the work undertaken by the White House Office of American Innovation and the American Technology Counsel and commend your efforts in keeping the focus upon IT modernization. IT modernization is a critical step to creating a responsive, efficient, and effective federal government. As agencies embrace cloud computing and other innovative technologies, government agencies will drive down the cost of IT operations, while allowing for greater innovation, reduced vendor lock-in, the provision of on demand security updating and patching. These steps will dramatically improve IT operations across government by using secure, modern, and proven commercial solutions.
While we are supportive of the overall goals of the report – promoting IT modernization, prioritizing the protection of high value assets, enabling shared services, and modernizing the trusted internet connection-- we believe more emphasis should be placed upon a critical issue determining whether an IT modernization effort is a success or failure – the management of agency data.
As a worldwide leader in data management solutions, Veritas has seen first-hand the critical role that data plays in IT modernization --in both the public and private sectors. For that reason, we believe this critical initiative should be expanded to include a stronger focus on the management and modernization of data. As the White House is aware, data governance, migration, management, and security are often the critical factor for program success. Poor data management is often what drives costs and results in overruns. The same holds true as it relates to shared systems and shared services or migration into cloud environments.
We believe that as agencies consider what systems to modernize, they must also consider how those modernization efforts will be impacted by data-related issues by building data governance and management into modernization enterprise roadmaps.
Furthermore, agencies must evaluate the tools necessary to enable the optimization of legacy systems or migration of applications, systems, and data to new platforms.
In this context, having a complete understanding of how you are going to migrate data within systems from legacy IT to modernized systems, becomes essential.
Veritas believes the following critical data issues must be kept in mind when modernizing IT:
• What data must be archived? Agencies must inventory and review key data sets as an asset class in accordance with OMB directives. • How will the data be optimized, utilized, and stored in a secure fashion meeting NIST security standards? • How can the data be safely and effectively transported to new systems? • Will the data support the implementation of big data analytics and forensic tools? • Can the agency retrieve the data from any specific vendor without incurring significant additional cost? • How will the various data directives regarding privacy, transparency and open access be accommodated? • How will the infrastructure / data be protected and recoverable in a Disaster situation? • Once the Infrastructure, Applications, and Data are modernized, is the information easily discoverable? • How will you effectively monitor and manage the modernized systems and data? • Can agencies understand and track who is leveraging and who has access to what data within an Agency – Address the insider threat, strengthen the agency security posture?
In addition, agencies, will have challenges associated with E-discovery and management, and must ensure they have tools to effectively monitor and manage data while going through a modernization.
High Value Assets
The report prioritizes enhancement of security and privacy controls for those assets that are essential or pose the greatest cybersecurity risk (HVA). To protect these HVAs, it is important to move towards implementation of modern IT architectures. There is a need to protect these HVAs on multiple levels, as well as a need for visibility and insight into the data to determine where the biggest threats lurk. With so much to look at and comb through, using technology that will help streamline the process of determining HVAs quickly will be key to providing protection.
Most agencies struggle with gaining visibility and insight into their fastest growing class of data—unstructured data. This type of data includes things like emails, documents, and image files. Unstructured data exposes organizations to potentially harmful security vulnerabilities and unintended personally identifiable information (PII) leaks. The problem is expected to intensify as the amount of unstructured data grows.
Organizations should be able to quickly scan and tag data to ensure that sensitive or risky information is properly managed and protected. There is a need for broad visibility into PII so that agencies can meet compliance regulations that require discrete retention policies be implemented and enforced across the organization’s entire data estate – regardless of where that data lives.
Being able to look at risk analytics from different insights – content classification, metadata analytics, and user behavior – is key to being able to uncover potential bad actors or malicious activities. Being able to classify data quickly and simply is the first-line of defense for identifying suspicious activity and initiating remediation efforts to keep sensitive files protected. Having the capability to hunt for an organization’s riskiest files and being able to use artificial intelligence to prioritize how files are scanned will allow for the capability of being able to dash through petabytes of data to illuminate the darkest of data.
We encourage you to considering addressing issues related to the modernization and management of data in more detail as a critical factor in ensuring effective IT modernization.
On behalf of Veritas, we thank you for the opportunity to provide these comments and look forward to working with you as the report’s recommendations are implemented.
About Veritas Technologies
Veritas Technologies LLC develops and delivers backup and recovery, business continuity, information governance, and storage management solutions worldwide. The company provides backup and recovery products comprising system recovery solutions for protecting desktops, laptops, servers, and virtual machines; and NetBackup appliances that provide backup and recovery for data centers, remote offices, and virtual environments.
Dear Sirs.
On behalf of Veritas, we are pleased to submit the following comments to the Report to the President on IT Modernization. Thank you for this opportunity to comment and we look forward to continuing the dialogue.
Rich Beutel and Mike Hettinger on behalf of Veritas Cyrrus Analytics LLC/Hettinger Strategy Group Veritas IT Mod Comments 9.20.17-FINAL.pdf