The Office of Personnel Management (OPM) is finishing up a 90-day sprint geared toward further cloud service adoption, and the agency’s acting CIO advised other organizations during MeriTalk’s virtual Cloud Cafe event on July 15 to toss out the on-prem rulebook when planning for their own cloud transitions.
Guy Cavallo, who took over as OPM’s Acting CIO in March after several years as Deputy CIO at the Small Business Administration (SBA), has long been a strong proponent of cloud service adoption by Federal agencies. Earlier this year, he pledged to build on digital transformation efforts at OPM with a focus on transitioning to the cloud and delivery of enterprise IT services.
“We are finishing up a 90-day sprint at OPM … and we are going to keep those rolling,” Cavallo said today.
“I have been lucky enough to lead the cloud effort at three separate agencies,” he said of his work at OPM, SBA, and the Transportation Security Agency (TSA). “I am following the same model [at OPM], just fine-tuning it.”
Cavallo emphasized that “you don’t need an army to move to the cloud, you need a handful of dedicated and experienced people” which may include agency staff and contractors. At OPM, he has employed five teams over the 90-day sprint, each focused on:
- Business service management;
- Platform engineering and architecture;
- Development operations;
- Cloud migration; and
- Cloud operations.
“What I tell them is … throw out everything that we have now, and don’t let on-premise rules govern” the cloud planning process, Cavallo said. He added, “we have to look at revamping all of our processes.”
On the security front, Cavallo said the cloud transition process also allows agencies to use cloud services to meet security requirements such as those implemented under the Continuous Diagnostics and Mitigation (CDM) program and Trusted Internet Connections (TIC) policies.
Part of the cloud transition process at OPM has included creating a cloud community of excellence, and Cavallo said he is “really excited” that dozens of agency tech staff that have been running legacy systems are participating.
Cavallo also emphasized that OPM is hiring to fill technology positions, and said he is open to hiring workers located around the country. “We are hiring remote everywhere,” he said, “unless it’s a job where I physically need somebody at that location.” With the advent of cloud services, he added, “I don’t need somebody sitting next to servers.”
Kill Your Printer
Asked what excites him in the current Federal IT environment, Cavallo said the ability to hire a remote workforce, and the broader push toward IT modernization are at the top of the list.
Also on that list: moving past the age of printers.
The past year-plus of remote work for many agency employees, he said, has “proven that we don’t need to print.”
As more Feds prepare to return to traditional office settings, “they are asking for the ability to print” after a year of not being able to, and “I say, why?” Changing the way government works in order to get rid of paper is “tremendous,” he offered.
Cyber EO Pushing Cloud, Zero Trust
Speaking on the same panel at MeriTalk’s Cloud Cafe event, Gina Fisk, Chief Information Security Officer of the Department of Energy’s (DoE) Office of Science, said her office’s cloud transition launched about three years ago, and that the Biden’s administration cybersecurity executive order issued in May is helping to reinforce the drive for cloud adoption, as well as improving security through adoption of zero trust concepts.
On a practical level, she illustrated the value of widespread cloud service use during the coronavirus pandemic when the White House in 2020 put together a consortium of government and private sector organizations to begin gathering vaccine research with the help of pooled high-performance computing resources.
“On March 22  we launched, and on March 26, we had projects running,” she said. “It really demonstrated the agility of the cloud.”
Cavallo called the cybersecurity executive order “one of the most important orders we have had in a long time,” and the push for better security architectures and cloud adoption “exactly what I think we need.” While the government has been moving in those directions on its own, “we have been doing this piecemeal,” he said, adding that the order represents a “more specific roadmap to do it.”
He also plugged the “native cyber capabilities” of cloud services including their ability to use machine learning and AI. He said OPM has implemented a central logging service in the cloud that is using native AI to help point the agency’s security operations center to potential vulnerabilities. “That’s the wave of the future,” Cavallo said.
Fisk said the executive order’s mandate for migration to zero trust architecture “is going to be key . . . It’s going to be impactful, but it’s going to be hard.”
“We have a lot of work ahead of us to strengthen our posture,” she said.
Christopher Weston, CIO at Awdata, explained during today’s panel discussion said that a high-level advantage to cloud services is that “you can virtualize or more into a cloud just about anything.”
He counseled to first “look at your data, figure out what you need … and how much security you need to be able to wrap around it.”
“The less control you have over the platform, the less secure you can make it … but also the cheaper it is,” Weston said. “So it’s a give and a take” depending on needs, he added.