Will the US government be more efficient with iPads and Google?
What legacy will Vivek Kundra, the first Federal Government CIO, leave when he goes to academia? For all the grand plans to modernize, rationalize and streamline IT, so far he's mostly taken the government out computer shopping at Best Buy.
Most of the news stories about his recent resignation have focused on his plan to move the government into cloud computing and whether it would survive his departure. But Kundra also modernized government in other ways, with a flare for adopting some consumer technologies.
Kundra is undeniably popular among the digerati. Craig ('s List) Newmark gushes about him. Observers, such as Federal Computer Week's Steve Kelman, praise his 25 Point Implementation Plan To Reform Federal Information Technology Management. (This Forbes blog enumerates those on the rumormill to replace Kundra.)
Reports also credit him with identifying billions of dollars of waste, such as in redundant government data centers, and working to consolidate them. It's not clear how much of this has actually happened, as the fate of such facilities always depends on whose congressional district they are in.
Ed O'Keefe of the Washington Post notes:
Kundra's pending departure also comes as the administration's e-government fund is slated to lose abut two-thirds of its funding to budget cuts. The fund finances some of the White House's most ambitious government transparency projects. Under the cutbacks, sites launched in the last two years to track government performance and spending -- and projects in Kundra's portfolio -- will be scrapped, curtailed or no longer updated.
In fact, Kundra's main talent seems to be getting people excited and starting up initiatives. As Jon Oltsik says in Network World Kundra was more of a CTO than a CIO. CTOs do the fun stuff for which Kundra was known. CIOs "tell the IT staff to cut costs by 25% while simultaneously delivering high-value business applications."
Given the current state of things, Kundra's obsession with moving government projects into "the cloud" and his insistence that it would save tons of money is speculative at best. Kundra identified $20 billion worth of IT spending that could be moved to the cloud but a lot of these projects were things like "moving 25,000 NOAA email accounts to the cloud," that would have been characterized as outsourcing 3 years ago, before Kundra arrived.
What I remember most about Kundra's tenure is his desire to bring modern computing systems to government workers. At the White House, systems are (or at least were, I'm not sure what's there now) relatively primitive and clunky. Remember the stink about Obama wanting to keep his Blackberry? And Blackberries are well-known as the most secure and securable of mobile devices. Kundra wanted users to be able to use their iPads and iPhones.
And this he actually accomplished, at least in part, since President Obama has an iPad. How's that for managing up? But the consumerization of Federal Government IT does seem to be in the making. iPhones and iPads are invading the Federal Government, and departments are moving tens of thousands of email addresses to Google Apps.
Is this a good idea? From the perspective of the users and, perhaps, of productivity, it would seem to be, although maybe there's more fun than productivity going on. But there is a security issue here. From the Washington Post:
So many consumer devices are being brought in by federal workers that Rep. Darrell Issa (R- Calif.), chairman of the House Committee on Oversight and Government Reform, recently voiced his concern about authorized uses in a rather surreal hearing, in which he held up an iPad and asked a White House official, "Are any of these carried into the White House?" When the official answered yes, Issa replied, "So people carry a product which circumvents your entire system by going to the AT&T network on a daily basis in the White House, isn't that true?" Eventually, the official conceded that was true. Issa said he is concerned about what it means for presidential recordkeeping. His office did not respond to a request for comment.
Recordkeeping, yeah. That too. I'm more concerned about security. I asked Charlie Miller, Principal Research Consultant at Accuvant, about it. Miller is famous as the most accomplished vulnerability researcher for Macs and iOS. He says:
It's hard to say. The best bet would not to be carrying around sensitive data in the first place. The second best thing would be to have some custom, locked-down kind of device.
Presumably the government, especially the White House, isn't using some off-the-shelf technology. But if they were Miller says one is probably as bad as the next. Blackberry has the best reputation, but it too fell to compromise at Pwn2Own this year.
There are management systems you can use to lock the devices down and remotely wipe if necessary, although users often complain about the restrictions they impose. MobileIron is such a system that can lock down iPhones.
Let's hope they're at least using something like this, although I know of one Big 4 firm that denies the use of iPhones and MobileIron wasn't good enough for them.
The sad reality of the Federal Government, and in fairness to Kundra, it's impossible to have real central IT administration authority. Even the individual departments are probably too vast for any one person to have real authority. And these groups generally have as much money as they need to keep their operations going; moving their applications operations to "the cloud" would be impossibly expensive. Perhaps for new systems it makes sense to mandate such new technologies, but that wouldn't have been as exciting for Kundra.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.