While the toll the pandemic is taking on public health and the economy cannot be understated, the federal response has a silver lining. Thanks to the surge in telework, coupled with the surge in public demand for information about COVID-19, health information and financial relief through the CARES Act, agencies are making long-overdue upgrades to legacy systems and patchworks of systems, with small, nimble programs leading the way.
In the short term, the crisis has acted as a “forcing function” for IT modernization, said Egon Rinderer, federal chief technology officer for Tanium, an endpoint security firm.
“This really is challenging everyone in the same way,” Rinderer said. “The days of cobbling something together … that’s done.”
On the federal side, the Small Business Administration (SBA) used lessons learned from its cloud migration to overhaul its website in less than 10 days, addressing the spike in demand from both small businesses seeking relief and new vendors and small banks who require access to the agency’s E-Tran solution to process Paycheck Protection Program (PPP) loan applications.
SBA already had an understanding of "what it meant to be digital-services-focused,” said John Foster, chief operating officer and partner of Fearless Solutions, the contractor that led the cloud migration for SBA’s website.
This understanding included knowing how to pursue rapid deployment, allowing the agency to implement a serverless system on the website’s backend to automatically scale for surges in website traffic. While official statistics for traffic are unavailable, sources estimate SBA’s site saw 10 to 20 times the number of usual visits following passage of the CARES Act.
“At its core, SBA.gov is an information-sharing platform,” Foster explained. “That information needs to be correct, concise and updated in real time.”
The solution for SBA could be twofold, Foster added. Not only did the agency address the spike in demand from small businesses, but also the team has developed an open-source solutions for the company in the past - building a "very collaborative process" that supports standardization and integration.
In the future, the agency could build on that trend by developing an open-source solution for new vendors and banks to integrate with SBA’s E-Tran solution, which processes paperwork for grant and loan applications. While the old architecture can pose a barrier to entry for new vendors, the open-source system would use standardized data, removing obstacles to integration.
It was a “herculean task” to adapt so rapidly, said Delali Dzirasa, Fearless Solutions’ CEO and founder, but “[we’re] super proud to be part of that team” taking on the challenge.
SBA is not the only agency that has had to quickly adapt to the challenges the pandemic and related crises pose. Gary Newgaard, vice president of public sector for storage solutions provider Pure Storage, said that the public sector should be commended for standing up telework infrastructure at such a large scale in a matter of hours or days.
“The mission hasn’t changed,” said Newgaard. “But how we go about it has.”
The next hurdle, Newgaard said, will be overcoming hurdles for data access in procurement. It remains difficult to memorialize and execute approvals in a timely manner, although some state and local governments are changing those policies out of recognition for the critical role procurement has in obtaining essential medical equipment.
In the long term, changes to infrastructure will go together with policy changes to ensure organizations can rapidly pivot in times of crisis.
“Everyone’s business continuity plan is going to include something about this in the future,” said Rinderer.
Rinderer predicted that the lessons learned from this crisis will push organizations to move away from on-prem systems and servers, instead developing a strategy to give people access wherever they are. As organizations work on those strategies, “anything that generates help desk tickets” will raise organizational awareness on what needs to be part of the plan. That might include bring-your-own-device (BYOD) policies and tools that communicate to users why a system may not be working or denying access, even if the problem is due to something as simple as an out-of-date software patch.
“Shared consciousness is the keystone of everything,” Rinderer said.