When you serve as CIO for a federal agency, there are many IT challenges. One of the most fundamental is a basic lack of network visibility. Due to the incremental way most federal agency IT networks have been constructed, there is often no clear network architecture to reference when considering important IT changes or upgrades.
I experienced this firsthand when I served as CIO of the Department of Transportation. Like many agencies, we were exploring moving enterprise applications to the cloud. We identified our MS Exchange email application as something that could be migrated to MS 365 email, hosted in the cloud.
This migration was successful. However, the lack of visibility into our network data flows – the lack of an overall IT network blueprint—caused concern in all of my DoT business units. We determined that before any more applications or IT resources could be migrated we badly needed a clear understanding of network bandwidth requirements and data flows. After all, such migrations are counter-productive if they end up degrading end user application performance.
We engaged a contractor, and through them were introduced to Riverbed networking technology. In short order, the visibility Riverbed delivered proved to be a god-send. What began as an engagement to ensure our network had enough bandwidth quickly morphed into a huge “cyber hygiene” project—one we were very lucky to have!
Working with all eight of our internal departments, we had manually compiled a list of approximately 800 network devices across the agency network. Riverbed used that list as a starting point, quickly identifying where we needed to shore up software patches and weak passwords. This would have been a big improvement in network security and application performance, even if the process had ended there.
But it actually was just getting started. Riverbed then activated their auto-discovery functionality, cataloguing all devices and the devices they were connecting to across the agency network. Within a week or two, I could see my end-to-end network architecture for the first time. And as you might expect in an agency as widespread as DoT, we identified many hitherto unknown devices on our network.
Much of this was due to branch office self-servicing over the years. We identified a lot of consumer-grade equipment that had been “daisy-chained” onto the network over the years. This kind of shadow IT is often not enterprise grade, and it hampers strong cybersecurity. With a full catalogue of network devices in hand, I was able to remind all internal groups that there was an official change management policy to follow. And if it wasn’t, unauthorized applications would be locked out of the network.
This kind of network visibility should be mandatory for all federal agencies. Without clearly understanding where your network is today, you can’t make significant changes while minimizing risk. It enables IT leaders to start from a clean slate and identify what issues are most vital —usability, segmentation, overall network management? What began as a relatively simple project to avoid bandwidth bottlenecks ended up plugging a huge hole in our IT bucket.
This kind of IT visibility is essential for federal IT to leverage new technologies for better application performance and employee productivity. It allows you to clearly map out a game plan for major moves such as cloud migrations.
There is a well-known expression in IT: first you plan your work, then you work your plan. Riverbed allowed DoT to get our arms around our challenges and to clearly plan out a path to a better future state of IT.
This content is made possible by our sponsor. The editorial staff of Government Executive was not involved in its preparation.