The Small Business Administration’s technology to-do list is split between internal and external customers.
But none of its priorities matter if it can’t secure those systems. So that’s why the SBA is turning to shared services to meet its cybersecurity demands.
Chase Garwood, the acting chief information officer at SBA, said the agency already is using the Justice Department’s Cybersecurity Assessment and Management (CSAM) tool to complete its reporting under the Federal Information Security Management Act. And now it’s turning to the Homeland Security Department to implement continuous monitoring.
“We’ve had quite a few management challenges from our Inspector General and we continue to look at those and hit those cybersecurity elements. So a big part of that in the next six months or so will be in continuous monitoring,” he said. “That’s just a capability the agency hasn’t been as robust as it could be in the last couple of years. But now that we are out of the continuing resolution, and now that we are moving forward for the rest of the fiscal year, we are looking to get into and deploying and starting to operate our configuration management to improve our cybersecurity posture, to know what’s on our networks, to make sure that the latest baseline and patches are up to date and moving that forward.”
Garwood said SBA made some good progress by deploying over the last year the 802.1x standard to improve its network defense. The standard secures an organizations network ports by applying access control rules so devices need to authenticate before they are allowed to log on.
SBA also is looking to partner with DHS U.S. Computer Emergency Response Team (U.S. CERT) to do penetration testing and implement continuous diagnostics as part of the continuous monitoring initiative.
Making better use of its data
In addition the DHS for shared services, SBA is buying services from the Treasury for talent management, and wants to buy a shared service for an online time-and- attendance system in the coming year.
Getting its computer security in better shape will help SBA better serve a growing list of internal and external customers.
Garwood said several of his priorities focus on both.
For instance, SBA is moving to Microsoft’s Dynamics CRM 2011 from its current customer relationship management tool.
Garwood said CRM 4 met its needs, but as with any software upgrade there are benefits and cost savings.
The updated CRM program also opens the door for SBA to improve how it manages and uses data to meet its mission.
Garwood said SBA is moving to more commercial data management software such as Microsoft’s I-Dashboard and SQL server reporting services and analysis.
“What that means is better ease of use for the enterprise and then the mission folks for business intelligence,” he said. “A big part of it is ease of reporting. It’s all about the data, but then it’s also the use of that data. We are going to more commercial-off-the-shelf solutions and common platforms, instead of what we normally had in the CIO community, which was running customized reports and scripts, which take a heavy load on your tier three database administrators and the other folks, which equates to costs and time motion. If we can off-load that and make it easier for our business users to run some reports off these COTS products, that’s where we are seeing some great benefits there.”
Additionally, Garwood also wants to improve the agency’s enterprise architecture, data governance and data framework to improve how SBA makes the data more usable.
SBA also is moving into the mobile computing space by developing a couple of new mobile apps to help both employees and small businesses. Garwood wouldn’t name the specific areas the apps would address because they aren’t quite ready yet.
SBA also will be renewing its mobile cellular services contract in the coming year. Currently, it’s with Research in Motion’s Blackberry.