In practice, cultural resistance to technological innovation in the federal government comes down to individuals who won’t get with the program — server huggers and privilege hogs.
That was the takeaway from a fireside chat between federal agency CIOs Tuesday at the Public Sector Innovation Summit, presented by VMware.
One of the biggest priorities for her organization, explained Janice Glover-Jones, CIO of the Defense Intelligence Agency, was keeping a tighter reign on the number of privileged users — those with the ability to download or install software, or access specially protected data, for instance. “Just because you have access to the network, doesn’t mean you should have access to all the data that resides on the network,” she told a standing-room-only crowd at the Ritz-Carlton in Pentagon City, Virginia.
“We’re moving to ‘just enough privilege,’ and ‘just in time privileges’ and how do you automate that,” she said. “But that also requires a cultural shift, because what I’ve noticed in our workforce in particular, is that people have put their value around the fact that they have system privileges, whether or not they need them to do their day-to-day jobs.”
And joining the privilege hogs on the public enemies’ list: the server huggers
“We still have a ways to go before we can unlock the full value of the cloud,” said Gary Wang, the deputy CIO of the Army. “We still have a lot of what I call server huggers,” he said to laughter.
That was one of a series of cultural issues he identified. “Everyone’s … still incentivized to do empire building,” he added.
“We need to move to a place where your value in the organization is not defined by how much [hardware] you control, but by how much your knowledge and skill facilitates the flow of information,” he explained to FedScoop after the panel.
The final cultural issue identified by the speakers was a mindset that security could be attained by “cobbling together” a set of vendor solutions, in the words of Michael Hermus, chief technology officer for the Department of Homeland Security.
“A massive proliferation of solutions out there from people trying to solve this [security] challenge. That’s an opportunity but it can be a problem, as well.
“Simply assembling a set of tools does not create a robust security strategy in and of itself,” he added.