Fresh off notching an A+ grade on the latest FITARA Scorecard, the Department of Education knows it has a handle on good IT, and agency CISO Steven Hernandez said today he credits a measure of that success to an important mindset change on data.
Speaking today at the Splunk GovSummit, Hernandez explained data dominance as “the relentless pursuit of any data that holds relevance to risk in our enterprise.” And he emphasized the importance of building relationships within organizations in order to get access to relevant data.
“This is a data era,” Hernandez said. “The more data points I have around an event, the more confidence I have in what’s exactly happening.”
With the department overseeing hundreds of millions of records, $150 billion of financial aid, and an accounts receivable portfolio of over $1 trillion, Hernandez said it takes a lot of data to manage risks.
“If we don’t have that mindset of data dominance,” Hernandez said, “we’re always going to have a blind spot.”
Crediting the President’s Management Agenda (PMA) for charting the right course, Hernandez said the department’s transformation from a legacy IT environment to a more modern environment started two years ago.
One of the directions that Hernandez took from the PMA was that “if we can do it in the cloud, we should.” The department now has none of its own data centers, while managing 40 different cloud providers.
“We’re beyond data center consolidation now,” Hernandez said. “We’re actually on cloud consolidation.”
Hernandez called FedRAMP vital to the agency’s efforts, saying that the organization does not “buy cloud unless it meets the FedRAMP requirements.” FedRAMP provides an additional 52 controls above the 250 controls provided by FISMA, Hernandez said.