IT Transformation: Achieve Savings and Modernization

Barry Morris

Barry Morris

Vice President, Dell EMC Federal Division
Barry Morris, Vice President of Dell EMC’s Federal Division, is responsible for general division management, providing leadership and vision to the Federal team, government contractors and partners, and Federal systems integrators. In this role, he is dedicated to helping agencies redefine IT in a more agile, trusted, and cost-efficient way. Morris brings 30 years of experience driving sales to the Federal government, and expanding coverage into the state and local government, education, and medical markets.

I once heard – “A comfort zone is a beautiful place, but nothing ever grows there.”

The same goes for the Federal government. We must think differently to grow and continue to move forward – keeping in mind that modernization is the key to the future.

Today, agencies are being challenged to innovate and modernize – often with limited resources. Many may think it’s expensive to innovate, but as Dell EMC’s Bettina Chavanne wrote in a recent article, IT modernization could be more obtainable than you think.

“All you need to start with is a mission to transform your thinking,” said Chavanne.

Think Big to Win Big

Most think of modernization in terms of hardware and software. But, the transformation includes human beings as well. By simplifying and automating an existing IT infrastructure, agencies can free up funds for innovation, and as Tony Scott often says, “flip the 80/20.”

“To think differently you need to collaborate in entirely new ways,” said Chavanne. “We’ve done this at Dell EMC and we see it all the time within our customer community. The successful groups, the ones that really transform, start by gathering a small but diverse group of people to help. You can’t have fresh ideas by using the same thinking and strategies that you use today.”

While on the road to IT transformation, be sure to keep the core mission of your agency at top of mind. With the mission as the central focus, your IT priorities can be determined from there.

Chavanne notes that it takes a strong team to break tradition, think differently, and apply new strategies. And, change doesn’t happen organically. But, if there’s a willingness to think differently, then there’s a clear way to transform IT. We must choose to break the cycle – and then, growth can begin.

“We are what we repeatedly do. Excellence, then, is not an act, but a habit.” – Aristotle

For more details on how to innovate and think differently at your agency, check out Bettina Chavanne’s article:

The Cybersecurity Ransomware Threat and Data Storage Implications

October is National Cybersecurity Awareness Month – the perfect time to learn more about different potential threats, and how to best protect your agency from them.

In late August, I participated in a Carahsoft/RSA event at the Washington D.C. Spy Museum focused on the cybersecurity threat known as “ransomware.” This threat is malware that infects computers, networks, and services, then locks the target using cryptography and notifies the target user(s) they will lose their data unless they pay a “ransom” to unlock, or decrypt their data. There is usually a very specific period associated with the ransomed data – usually measured in hours, or a few days at most. If the ransom is not paid, the encryption key will be destroyed – and access to the data will be lost forever.

The ransomware threat can be very compelling, according to keynote speaker Agent Stacy Stevens, Chief for Mission Critical Engagement Unit of the FBI Cyber Division. She noted that their Internet Crime Complaint Center (IC3) registered an increase in exposed losses of $939 million in 2016, up from just $4.5 million in 2013. Despite the risk, the FBI does not advise paying the ransom to secure the key and decrypt the data – there is never any real guarantee the key will be provided. They also note that paying the ransom only funds more illicit activity and emboldens the adversary. Simply put, the best advice offered by Agent Stevens to prepare for and/or counter the ransomware threat, is to “backup your stuff.” This precaution will enable organizations to minimize the potential loss of data and enhance operational resiliency and recovery.

Patrick Potter, GRC Strategist for RSA, covered many relevant topics on resiliency management and the ransomware threat. He cited a recent Interagency Report that documented over 4,000 daily ransomware attacks since early 2016 – a 300% increase over the 1,000 per day experienced in the Federal government in 2015. He went on to note the growing emphasis on resiliency – the ability to fight through or quickly rebound from attacks – observing that organizations are increasingly moving towards resiliency versus recovery models.

Given increasing emphasis on business and cybersecurity resiliency, it is vital to ensure our partners and customers are aware of the innovative data storage options that exist to support the desired level of operational flexibility. Of particular interest will be any of the Intelligent Data Storage (IDS), also known as Software Defined Storage (SDS), capabilities – such as Isilon, ScaleIO, and ECS – that offer a range of inherent cybersecurity resiliency features and functions not typically found in traditional hardware-based storage solutions. For instance, the ability to leverage erasure coding algorithms to store the data; non-rewritable/non-erasable storage options; the ability to protect the data from malicious or accidental alteration, consistent with stringent federal requirements such as SEC 17a-4; and, features turning the data storage itself into a proactive, data-driven component of an enterprise cybersecurity early-warning solution.

All of these SDS features enhance the cybersecurity resiliency of mission critical business environments. Furthermore, cybersecurity is frequently one of the first opportunities for introducing big data analytics solutions, such as Splunk or Hadoop, into an enterprise. The initial introduction of these powerful cyber analytics tools can provide a tremendous, and high return-on-investment (ROI), impetus for expanding an organization’s data storage capacity, based upon real risk reduction and cost savings. The implications of an improved cybersecurity resiliency operation can lower overall operational risk and expand the data storage requirements – providing more access to data for better decision making and higher probability cyber forensics.

For more information, contact your regional Dell Technologies cybersecurity expert, or feel free to ping me at audie.hittle@dell.com.

Layered Data Protection Strategy: Keeping our Military Health Information Secure

Barry Morris

Barry Morris

Vice President, Dell EMC Federal Division
Barry Morris, Vice President of Dell EMC’s Federal Division, is responsible for general division management, providing leadership and vision to the Federal team, government contractors and partners, and Federal systems integrators. In this role, he is dedicated to helping agencies redefine IT in a more agile, trusted, and cost-efficient way. Morris brings 30 years of experience driving sales to the Federal government, and expanding coverage into the state and local government, education, and medical markets.

As military healthcare organizations increase their use of technology to improve care delivery, they also must keep patient information highly available, protected, and secure.

The challenge is that healthcare data is high value for criminals, and needs to be secured against a growing wave of destructive, malicious attacks from this new breed of cybercriminals who target this data.

In a recent Healthcare IT News article, Dave Dimond, chief technology officer for Dell EMC’s global health business, shared insight on the best way to approach data protection, saying, “Organizations need to consider three-layered protection. You need to assume the threat is in the system and has been evolving.”

“Security and business resilience wasn’t well defined or well-funded about five years ago,” Dimond said in a recent MeriTalk article. “When the health care industry first began to adopt electronic health records (EHRs), the focus was on disaster recovery. Now, executive leadership is beginning to look more toward operation without interruption.”

Military healthcare organizations need top security for their patient data – such as three-layered protection – to ensure secure operational readiness and resiliency.

Three-Layered Protection with Dell EMC

 As military health IT teams modernize their infrastructure to work toward all of their goals – from EHR modernization, to improving population health, to supporting the warfighter in the field – they must ensure their vital patient data is protected. In a recent white paper, we outline a multilayer approach to secure healthcare’s most vital patient data.

One of the key aspects of this layered data protection strategy is a data vault, protected by an “air gap” – a space between the main system and the backup system that opens to synchronize the data and closes immediately, providing an isolated environment.

The layered data protection strategy is comprised of three layers:

  • Traditional Data Protection Best Practices – Deploy a layered data protection approach for more business critical systems but always include a point-in-time, off array, independent backup with DR Replication
  • Additional Hardening and Protection Features – DPS product specific hardening guides; encryption in-flight and/or at rest; retention lock with separate security officer credentials
  • Advanced Protection Services – Isolated Recovery Solution; Dell EMC service offerings; use of evolving security analytics – such as RSA Security Analytics

The speed of change in devices and in the technology environment are very different than they were five years ago, Roberta Katz, director of Dell EMC’s Global Solutions, Healthcare-Life Sciences says. Protecting data now requires “a whole portfolio of protection strategies.”

Learn More:

DCOI Takes Over Data Center Consolidation Efforts

Barry Morris

Barry Morris

Vice President, Dell EMC Federal Division
Barry Morris, Vice President of Dell EMC’s Federal Division, is responsible for general division management, providing leadership and vision to the Federal team, government contractors and partners, and Federal systems integrators. In this role, he is dedicated to helping agencies redefine IT in a more agile, trusted, and cost-efficient way. Morris brings 30 years of experience driving sales to the Federal government, and expanding coverage into the state and local government, education, and medical markets.

The new Data Center Optimization Initiative (DCOI) aims to reverse continued data center sprawl and at the same time, modernize – a better approach than the original FDCCI.

There has been consolidation progress. A recent blog post by Federal CIO Tony Scott, shares that FDCCI has helped the Federal government close more than 1,900 data centers, reducing the real estate footprint of Federal data centers by more than 1.2 million square feet, and resulting in nearly $1 billion in savings.

But, we’re not there yet. According to the Government Accountability Office (GAO), the number of Federal data centers grew to 11,700 by November 2015 – up from more than 9,000 in 2014, 2,100 in 2011, and 1,100 in 2009 – as we were trying to reduce.

DCOI takes a more holistic approach, with a development freeze on current and new data centers, continued consolidation strategies, cloud investment under Cloud First, and an expanded shared services initiative. And, DCOI lays out specific optimization goals around power efficiency, automated infrastructure management, and server and facility utilization.

DCOI shows we’ve learned from our success and failures over the past few years, and agencies have high hopes for this initiative. According to a recent article, “The DCOI could be the best thing to happen to Federal cloud adoption in a while.”

Is Your Agency Prepared? 

The DCOI will focus on three primary areas within agencies’ data center management strategies:

  • Optimization: Agencies will be required to achieve five optimization targets that will improve the efficiency of Federal data centers – energy metering, power usage effectiveness, virtualization, server utilization and automated monitoring, and facility utilization
  • Cost Savings and Avoidance: By the end of fiscal year 2018, agencies must reduce Government-wide annual costs attributable to physical data centers by at least 25%
  • Closed Data Centers: Agencies must close at least 25% of tiered data centers, and 60% of non-tiered data centers, government-wide by the end of 2018

As noted by Federal CIO Tony Scott, “The important work agencies are undertaking as part of the DCOI will help move the Federal government toward an IT portfolio that is more efficient, more effective, more secure, and better able to deliver world-class services to the American people.”

To meet DCOI goals, agencies need modern data centers. At EMC, we believe this means the data center is built on a series of components:  flash, cloud-enabled, scale-out, and software-defined technologies, to help achieve efficiency and utilization goals, power shared services, and automate & simplify. Learn more in my recent blog post:  Technology Foundation for the Modern Data Center.

Data-Driven Cybersecurity Leveraging Intelligent Data Storage

Cybersecurity has moved front and center in technology, business, academic, and government communities. Inadequate threat protection has the potential of bringing operations to a halt, and cyber investments consume increasing portions of available IT and operating budgets.

The U.S. Federal government’s cyber focus is growing. In fact, the Fiscal Year 2017 Budget invests $19 billion in overall Federal resources for cybersecurity to support a broad-based cybersecurity strategy for securing the Government. And, the Department of Defense has requested a 16 percent year over year increase in their cyber budget to help the U.S. Cyber Command mature in operational readiness. As a result, operational demand for innovative and efficient solutions is growing rapidly and ranks as a top priority.

Intelligent Data Storage (IDS) plays an important role, as I discussed in a recent article. IDS contributes to cyber resiliency – which is the ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from disruptions.

And, as agencies wrestle with cyber big data, “data lakes” – a new data storage paradigm – provide the infrastructure to manage the volume of cyber data and reduce information silos. A data lake offers scale out storage for data consolidation (structured and unstructured data), and enables in-place big data analytics.

MeriTalk, the Government IT Network, validated the importance of these proactive, data-driven capabilities, surveying more than 300 Federal, state and local cybersecurity professionals in March of 2015. Their research shows that 86% of Federal cyber leaders believe big data analytics would significantly improve their cyber defenses, and 61% of IT managers say they could better detect an ongoing security breach by leveraging big data analytics.

This is exactly the type of cybersecurity big data analytics scenario where IDS capabilities – or Software-Defined Storage (SDS), can help – recognizing the flexibility, automation, and efficiency of storage when hardware can be separated from, and controlled by, the software.

My recent article in The National Cybersecurity Institute (NCI) addresses research and innovative data-driven IDS capabilities – such as EMC’s Isilon and various EMC SDS solutions – that contribute to cybersecurity resiliency functional areas.

The intent and focus of this paper is to enhance awareness, discussion, and interaction to stimulate innovation and accelerate the transition and creative technology application of IDS/SDS capabilities that contribute to data-driven cybersecurity solutions.

Please feel free to contact me at audie.hittle@emc.com if you have any questions on the IDS approach or available solutions