Sanjay Gupta, chief technology officer at the Small Business Administration (SBA), discussed last week how his agency has aggressively moved to the cloud while keeping security at the forefront with new pilots to meet Federal requirements.
“When you talk to your business leaders, what’s the number one frustration with IT? It takes too long to deliver anything,” said Gupta at FCW’s AccelerateGov conference on September 27. “This is where the cloud comes in, and really where I see it being a gamechanger,” he said.
Gupta described how SBA went from having no cloud presence to designing an architecture in 80 days, putting the agency on the “fast track” to the cloud. “We’re left lane riders at 90 miles per hour,” he quipped.
The CTO also recalled how the agency’s quick move to the cloud proved its worth when hurricane season hit in 2017 and SBA needed to scale up for its Disaster Loan Assistance program. “We didn’t need to buy new hardware. We can use the cloud to support the surge,” said Gupta, who noted that instead of spending $250,000 on hardware, the agency spun up virtual desktops to support the increased workload. “This is tangible, definite business value,” he added.
With SBA’s move to the cloud, the agency ran into challenges meeting requirements of the Trusted Internet Connections Initiative (TIC) and the Continuous Diagnostics and Mitigation Program (CDM).
“We recognized that the TIC … wasn’t designed with cloud in mind, so we were already trying to work around it,” said Gupta. He described how SBA formed a team with colleagues from the Office of Management and Budget, the General Services Administration and the Department of Homeland Security to design a 90-day pilot for TIC. Through the pilot, SBA was able to reduce the processing time for large datasets from hours to seconds, according to Gupta. “What we demonstrated is that we have the ability to achieve the goals of TIC. It’s just how we are reaching them,” he said.
With the success of the TIC pilot, SBA has turned its attention toward a CDM pilot.
“What we’re trying to do is demonstrate to the CDM team that we can achieve the objectives of CDM, much like the TIC, without following the prescriptive nature of CDM,” said Gupta. He described how cloud tools can send logs to both SBA and DHS to allow them visibility into SBA’s security posture. “This is fundamentally different than the ways things are done,” he said.