Assessment & Recommendations

Transcription

1 Assessment & Recommendations Darryl Alva Aravindan Rajamani Parul Rannot

2 Agenda SWOT Analysis Problem Identification IT Objectives Recommendations Initiatives Timeline Key Performance Indicators Risk Assessment Conclusion

3 SWOT Analysis S Strengths Sufficient funds Reduced Commodity costs Existing positive vendor relationships One s strength can cover other s shortcoming O Opportunities Vendor Management : Exploit open competition for acquiring technologies Cost savings with enterprise wide licenses Best Practices from each service groups can be used to make NGITS effective and efficient W Weaknesses Resistance to invest in new technologies Capacity issue: Scaling up processes can be a problem T Threats Common Infrastructure: Single point of attack and also data security issues Internal conflicts

4 Problem Identification Low Cost Savings > 30% government employees Redundant Application Support & Work Disparate processes for same tasks Low Process Maturity Same services implemented by all organizations No Investments in new technology Low Customer Satisfaction Lack of Improvements Individual application license and implementation Multiple Architectures

5 Linking IT Objectives to Business Business Objectives IT Objectives Shared Centralized Services Consolidated IT service Provide assistance to stakeholders of NEG Cost Effectiveness Reduce IT operating costs Blanket License Agreement for all commodities Reliability One stop shop for resolving IT service issues Exceed customer expectations

6 Recommendations Implement Enterprise Architecture Setup Shared Service Management Office Hire a Chief Information Security Officer Hire Contractors for service desk

7 1. - Enterprise Architecture (EA) Value Add: Optimize consolidated infrastructure, applications, staff, processes Reduce Redundancy Faster, cheaper, simpler maintenance, upgrades and procurement Implementation: Federal Enterprise Architecture Framework (FEAF) Proven success stories in Federal Agencies* Hire external consultants with experience in FEAF Cost Benefits Cost 1% of Budget Benefit 5% of Budget * see Appendix

8 2.-Shared Office Value add: Knowledge Management Bank to utilize repeated processes Defined SLA & continuous improvements Implementation Office (SMO) ITIL certified managers for operation and transition processes Training to increase process maturity across the organizations Cost Benefits ROI 2.2 times * see Appendix ROI- Return on investment = (benefit-cost)/cost

9 3. - CISO Cost Benefits Value Add: Responsible for establishing and maintaining the organization vision and strategy Protection of information assets and technologies are adequately protected Secure Vendor management Implementation: Hire Certified CISO according to FAR Chief Information Security Officer Follow project plan Template for the New CISO's First 100 Days* * see Appendix

10 4. Hire Contractors Value Add: Government pays $126,087 for an employee to a Contractor s $70,000/Year Implementation: At least 30 % of service desk staff at NGITS are employees According to Federal regulation service desk job can be done by contractor Cost Benefits Cost cutting 13.5%* * see Appendix

11 Initiatives Timelines Milestone 1 Jan 2015 Milestone 2 June Milestone 3 Jan 2016 Milestone 4 June 2016 Milestone 5 Dec 2016 Office Phase 1: Hiring Phase 2: Transition Phase 3: Operation Information Security Office Enterprise Architecture Phase 1: Hiring Phase 1: Requirement gathering Phase 2: Process Implementation Phase 2: Two services implementation Phase 3: Three services implementation Phase 4: Remaining services implementation Hiring Contractors

12 Key Performance Indicators SMO Increase in Process Maturity and customer satisfaction SMO EA EA CISO Achieving defined SLA s Cost reduction over a period of time Lower licensing costs Reduction in % of threats & vulnerabilities CISO Improved contracts with clearly defined SLA s with Vendors

13 Risk Assessment Risks Mitigation A Inaccurate estimate of Life-Cycle Costs Regular check and re-estimate B Lack of stakeholders support & cooperation Buy in of all stakeholder C Turnover of key contractor personnel Rotation Policy & documentation D Increased vulnerability to CISO evaluation intrusions E Conflicts between agencies over shared services, infrastructure & Clear definition of objectives before starting initiatives vendors F Single point of failure of data security CISO reduces the vulnerabilities G Failure to scale up Include in EA design Likelihood Very Likely Quite Posible Likely Unlikely Posible E C B A D Minor Significant Major Catastrophic Impact G F

14 Conclusion NGITS is on the right track in the process of integration. Next steps: define detail goals and implement recommendation to accomplish the missions and achieve the vision.

15 Questions?

16 Appendix Current State Assessment Facts & Assumptions POC results and gaps Process Maturity IT Budget Service Catalogue Proposed Changes Responsibility Assignment Matrix Proposed Organization Structure Framework Information Federal Enterprise Architecture (FEA) ITIL in SMO CISO Cost Benefit Analysis Cost to IT Budget ratio Cost Benefit Analysis Contracting Cost Analysis- SMO Benefits of SMO Cost Analysis Enterprise Architecture (EA)

17 Facts & Assumptions Facts Total staff of seven organizations: 137,900 Total NGITS budget: $2.39 Billion Total NGITS staff: 607 Current number of formally defined shared services: 12 Assumptions Minimum number of employees on service desk: incidents per month Average cost per incident $50 Appendix

18 POC results and gaps Process Maturity Customer Satisfaction results Budget Current State 2/5 3.3/5 $2.4 B Goal in next 2 years 4/5 4/5 $2 B Appendix

19 Process Maturity for NEG Process ALRN Support BLAC Support CTRL Support DSS Support ENTER Support FELLOW Support GROW Support Average Process Maturity Event Management Incident Management Request Fulfillment Problem Management Access Management Transition Planning and Support Change Management Service Asset and Configuration Management Release and Deployment Management Service Validation and Testing Change Evaluation Knowledge Management Average Process Maturity Appendix

20 IT Budget for NGITS Organization IT Budget Commodity % Remaining Budget ALRN $1,146,000,000 72% $825,120,000 BLAC $910,250,000 74% $673,585,000 CTRL $768,000,000 52% $399,360,000 DSS $348,090,000 26% $90,503,400 ENTER $467,200,000 45% $210,240,000 FELLOW $269,700,000 49% $132,153,000 GROW $187,300,000 34% $63,682,000 Total $2,394,643,400 Appendix

21 Service Catalogue Asset management Report Distribution Incident and problem management Corporate Database Procurement Enterprise Data center Data warehouse, BI Network, Storage, Backup Appendix

22 Responsibility Assignment Matrix ALRN BLAC CTRL DSS ENTER FELLOW GROW SMO Planning Enterprise R C I Desktop Support R C I Data Warehousing and Business Intelligence Internet Telephony Service R C I R C I Server Hosting R C I Corporate Services R C I R Responsible C Consult I - Inform Factors Employee Strength Independent Customer Satisfaction Results Service Support Provided Appendix

23 Responsibility Assignment Matrix ALRN BLAC CTRL DSS ENTER FELLOW GROW SMO Planning Network Management R C I Storage Management R C I Printer Management R C I Database Management R C I Backup / Restore Management R C I Report Distribution R C I Procurement Support R C I R Responsible C Consult I - Inform Factors Employee Strength Independent Customer Satisfaction Results Service Support Provided

24 Proposed Organization Structure Director( NGITS) CISO SMO EA Service Managers Incident Manager Change Manager Problem Manager Knowledge Manager Release Manager Transition Manager Test Manager Request Manager Appendix

25 Federal Enterprise Architecture (FEA) Performance Reference Model (PRM) Business Reference Model (BRM) Data Reference Model (DRM) Application Reference Model (ARM) Infrastructure Reference Model (IRM) Source: Appendix

26 FEA Success Stories & Benefits FDA Increased cost savings Documented and standardized business processes Consolidation of IT infrastructure Cost Savings: $10 million Total IT Budget: $200 million FBI Consolidation of acquisition and management of IT Blanket Purchase Agreements with higher ROI Cost savings: $64 million Total IT Budget: $450million apprx HUD Improved service to customers Framework to manage and measure future change Cost Savings: $4 million Total IT Budget: $258 million Source: Appendix

27 ITIL through SMO Source: Appendix

28 Benefits of SMO 50% - 75% reduction in unplanned work for mission critical services 10% -25% labor productivity benefits 20% improvement in customer satisfaction surveys Appendix

29 Benefits of SMO Improvement Factor Current Assumption /month Reduction in incidents First call resolution rate Reduce first call time Redirect to self service Estimated Incident Management ROI Projected /month Savings /month 10% $48,000 20% 40% 30% $48,000 1 min 12 min 11 min $40,000 10% 0 10% $48,000 Total 184,000 Source: Appendix Yearly save $2million

30 CISO First 100 Days Source: Appendix

31 CISO Responsibilities CISOs must own, define and reliably execute these six security processes: security governance, policy management, awareness and education, identity and access management (IAM), vulnerability management, Incident response. CISOs will ensure that these four additional processes are defined and executed securely, regardless of ownership: Change management Business continuity management (BCM) and disaster recovery management Project life cycle management Vendor management.. Source: Appendix

32 Implementation Cost with respect to IT Budget Implementation Cost % of IT budget SMO $ 705, EA $ 24,336, CISO $ 178, Appendix

33 Cost Benefit Analysis- Contracting Federal Acquisition regulation history Assumption that at least 30% of people are current employees Total IT Staff Current staff Median range of salaries from $42,000 to $ Assumed Average Salary: $90, Government pays $126,087 for a Contractor s $70,000-a-Year Employee Salary ratio(contractor: Government Employee) is 0.55 Salary Comparison Criteria Government EmployeeContractor (Employee*0.55) Average Salary $90, $49, Average paid to 30% or 182 employees for a year $16,380, $9,009, Money saved At least $7,371,000 per year Appendix Source: tasc-tgic.org/downloads/.../components-of_cost-svc_contracts.ppt

34 Cost Analysis- SMO Role Salary ($/hr) Cost of hiring Managers Planning service enhancement in USD (4 months) Implementing service in USD (6 months) Monitoring service in USD (2 months) Total Cost Service Manager $134, Event Manager $55, Incident Manager $55, Request Manager $37, Change Manager $80, Transition Manager $78, Asset & Configuration Manager $85, Release & Deployment Manager $90, Test Manager $87, Total Cost $235, $352, $117, $705, Appendix

35 Steps To Select A Consulting Firm Step 1: Identify your goals and needs and plan for meeting those needs through a consulting firm Identifying Improvement Areas Assess Your Need for Change Management Step 2: Select the firm Request for Information (RFI) Request for Proposal (RFP) Step 3: Negotiate terms and contract with the consulting firm Source: Appendix

36 Cost Analysis- Enterprise Architecture Position Cost of Hiring Experienced Consulting firm No of employees required- N Labor charge/hr- L Per Hour Costs- R = L*N Per Year cost (R*52*40) Contracted for 2 years Partner $ 1,040, $ 2,080, Directors $ 1,248, $ 2,496, Manager $ 2,080, $ 4,160, Senior Associates $ 1,560, $ 3,120, Associates $ 2,080, $ 4,160, Business Analysts $ 2,080, $ 4,160, Developers $ 2,080, $ 4,160, Total $ 12,168, $ 24,336, Appendix