Steve Grewal, the Education Department's chief information security officer, joined Federal News Radio on March 6, 2014, for an online chat.
Grewal answered questions about his agency's new security operations center (SOC), the cyber workforce, and challenges with security at the agency. View an archived version of the chat.
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Ask the CIO
Medicaid commission fine tuning cloud services after early adoption
Thursday - 8/22/2013, 1:41pm EDT
Chase joined the commission as it was standing up, meaning he created the IT network from scratch.
MACPAC immediately took advantage of the emerging cloud technology.
Chase said the commission signed on with Amazon Web Services to host its infrastructure and put its email and collaboration in the cloud using Google apps.
"Cloud computing has been a real journey for us at MACPAC," he said. "We were in a unique spot in time when it comes to the cloud."
Now, three years later, Chase is revisiting MACPAC's needs both in terms of infrastructure, storage and the like, but also the tools employees need.
"For MACPAC providing statistical analytics are key for our agency. It's important to maintain our data analytic capacity in house. So MACPAC is in the final stages of building an environment in the cloud using Amazon as the infrastructure-as-a- software provider and SAS software as our analytic engine," he said. "This will allow MACPAC to find the answers it needs from the data when the agency needs it and then spin down, and then spin down or turn off the services to save money when it does not."
He said MACPAC needs to analyze the Medicaid and CHIP payment data as a major part of its mission for Congress.
"For us the Medicaid data sets are relatively static in their nature," Chase said. "The answer really is how you use the data sets to answer the questions that are out there, and tease out what the questions are that Congress wants to answer."
MACPAC provides reports to Congress twice a year, March 15 and June 15.
Chase said the data analytic tools relate to how they are expanding its approach to the cloud.
He said MACPAC needs to tune its Amazon Web Services environment.
"We have successfully built the agency services in AWS cloud platform so the next step is to ensure the servers are right-sized through detailed monitoring and then secure a lower cost-per-hour using reserve computing prices," he said. "This is possible on our stable systems where our workloads are well defined."
Part of the reason for these fine tuning steps is because MACPAC had no historical data from which to base its needs off of.
Chase said that's why the cloud made perfect sense. He said the elasticity of the cloud helps deal with surges.
"We have three years under our belt now, but I don't think the answers are clear, and using big data continues to grow," he said. "So for us, building further capacity to store large data securely and perform analytics, really using cloud services is the right answer. Cloud offerings are fluid by nature. We don't need to over provision and it grows as our data grows. It provides MACPAC a highly cost effective way to manage its big data."
Cybersecurity remains MACPAC's biggest challenges despite having its data in a cloud and not having any of the more risky client-software hardware and software set ups.
Chase said all of the data is encrypted during transit, but they have to find a balance between security and usability.
"We are fortunate to have been able to build the agency from the ground up and this has allowed us to ensure the information security risk to the organization are first and foremost in each of the systems and services we deploy," he said.