Jose Arrieta is in love with the data layer.
In his role as the Department of Health and Human Services associate deputy assistant secretary for acquisition, Arrieta oversees the acquisition function across the highly decentralized agency. Like many government systems, HHS’ are often siloed and expensive to integrate, so the business processes are rife with manual tasks. And since the time and money required to modernize the systems wholesale are prohibitive, the inefficiencies persist.
Arrieta, however, believes that a robust, well-structured and immutable data layer offers a way out — allowing HHS and other agencies to automate and improve their business processes while running on top of the legacy systems. Specifically, he thinks blockchain can power that middleware for a wide range of government operations.
“Modernization historically has been about getting all the user’s requirements, and then designing a new system that’s going to replace the 10 systems that were currently in place,” Arrieta said at an April 11 FCW event on automation and cybersecurity. “I believe that there’s a unique opportunity now to actually layer your existing systems with a high-powered middleware. … you can let your existing operating environment deliver services and you can build micro-services off of your data layer to modernize your business systems at the same time.”
In his previous job at the General Services Administration, Arrieta piloted just such a solution for the IT Schedule 70 FASt Lane process, and “we were conservatively looking at lowering our OpEx costs by 80-90 percent,” he said. He sees similar opportunities at HHS and elsewhere.
The key, Arrieta argued, is to have a data layer that comes with “CIA” — confidentiality, integrity and accessibility. A blockchain distributed ledger checks all three boxes.
Agencies can “build microservices directly off of that data layer to drive business outcomes,” he said. “And you can test those microservices at a very low cost …. all while you’re leaving your existing environment in place.” That can allow agencies to modernize processes now, he said, “and then you can slowly move off of your existing IT architecture” as the resources to do so are available.
Such an approach also creates “a new layer of security around your data layer,’ Arrieta added. And because the data integrity is improved, robotic process automation and machine learning can become much more accurate and effective.
Developing that data layer is not easy, Arrieta stressed — both deciding what to include and extracting it from existing systems are significant challenges. He recommended starting small, with a specific process “that you actually own” — and offered up basic access controls as an example.
“A user needs access,” he said “So what does the individual receiving that request do?” Common steps would be checking the user’s security clearance, verifying that he or she has taking the required training and signed the rules of engagement for that system, and then issuing a username and password.
“What if I automated that entire process?” Arrieta asked. “And what does that do with the time that my federal employee now has?”
KPMG Principal Tony Hubbard, who also spoke at the April 11 event, agreed that access control was “a perfect example where automation can really lend itself to support an effort.” He also urged agencies to look at their Risk Management Framework efforts and the challenges of “taking systems to the accreditation stage. ”
“It’s very cumbersome, with a lot of manual processes,” Hubbard said. “For those of us who work in the cybersecurity field, there’s probably no better example than RMF that can be automated.”
Such use cases are a far cry from the enterprisewide, nine-figure modernization efforts that often draw the spotlight in government, but Hubbard and Arrieta both stressed the importance of starting small and building on early successes.
“These are little changes,” Arrieta said. “But the ripple effect that they have on your agency is huge.”