IT Automation in the Public Sector: An Interview with SolarWinds’ VP of Product Management

A few weeks ago, SolarWinds released the results of their 2014 public sector survey on IT automation, so we sat down with Chris LaPoint, SolarWinds’ VP of Product Management, to discuss the findings.

For quick context, here are a few survey highlights:

• More than 84% of survey respondents said the automation of information technologies in their infrastructures was a time- and money-saving investment for their teams, and 67% of respondents have seen increases in their teams’ productivity as a result of investments in automation.
• Of those that have already begun to implement a variety of automation technologies, network configuration management was determined the most valuable tool in terms of time and money saved by over 58% of respondents, followed by help desk automation (42%), IP address management (39%), and application/server provisioning and configuration management (37%).
• Despite growing adoption of IT automation, 53% of respondents said their IT departments have not hired any new IT pros in the past two years.
• Automating IT management is a goal for 63% of government IT pros in 2014.

DLT: Based on these results, what are your main takeaways and what’s your gut telling you? Do these findings show a positive or negative trend?

Chris: Overall, I think these findings show a positive trend. Look at the survey highlights: 67% have seen an increase in their teams’ productivity as a result of IT automation investments. Technology mapped to process is always challenging because every organization is going to have their own nuances of workflow or policy that must be mapped.  A lot of times, this requires process reengineering and/or custom configuration of the product to meet their needs.  So I take this as a positive sign that agencies have gotten this far.

For the 55% who said that automation technology has somewhat saved them time, what recommendations would you offer to get them to the 29% who say it’s been a huge time saver? Is there something extra the big savers are doing to get the most out of their investment?

One of things I’d recommend is to continue to look at the specific points of pain. Do projects one at a time as opposed to tackling a grandiose solution. Be pragmatic as you expand your deployment to other related problems.

Then really look at the evaluation criteria. What is the most important problem to solve first? Again, don’t look at the big process: Be aware of the forest, but focus on the trees.

Why are some saving more than others? I’d speculate that the big savers are those that started simple and chose solutions they could get up and running themselves, internally. They orientated their efforts toward specific pains instead of larger “solutions” which are almost always more complex to implement and require long, expensive services engagements before they deliver any value.

Why do the mobile numbers appear so low? Is it because mobile is still new? Or are there other underlying reasons?

Mobile technology is newer, so more agencies, I’m sure, are focusing their efforts on problems they can solve quickly and cheaply. A lot of hype around mobile management is contextual.  For example, mobile device management, mobile application management, and container-based security approaches involve getting buy-in across the entire agency to deploy software on each device and submit to constraints around their usage; this is obviously not a trivial task.

I think slow adoption on the mobile side is also due to the fact that many of the basic security problems related to mobile can be easily handled with existing technology the agencies already have deployed. For instance, Microsoft Exchange ActiveSync includes the ability to enforce the use of a pin and to execute a remote data wipe if a device is lost or stolen for any ActiveSync-connected devices.

You had a nice range of organizations, from federal to SLED and contractors. Did you see a variance in their responses when compared to one another?

Overall, there wasn’t a lot of variance among them – plus or minus 10% at most.

However, we did see a big variance when the respondents identified their biggest challenges to automating technologies in their environments. Federal respondents said budget (62%), SLED said training (54%), and contractors identified integrating new tools with automation (62%) as the primary impediments to automation.

For the federal market, budget is their primary concern because of the sequestration fallout from 2013. They’re at the phase where they’ve got a lot of complex IT infrastructure in place and now they are looking at overlaying management on top, but they simply can’t afford many of the solutions that are out there.

State and local organizations tend to face a lack of available personnel. That leads to IT workers being asked to do more than what they were initially hired for, so wide-ranging expertise is valued; hence the need for more training. They also share a problem with their federal counterparts in that IT professionals are generally just asked to do more with fewer available resources.

A contractor’s livelihood is technology and expertise, so it makes sense that training and budget aren’t their primary concerns.  They’re always going to struggle with bolting all the pieces together, especially if they weren’t built to integrate from the beginning.

The report found that 53.2% of respondents say their team size hasn’t changed while only 10.8% said they’re hiring people specifically for their automation experience. Is stagnation in the IT workforce a problem for the public sector?

Even as automation allows these agencies to do more with less, there are a number of reasons to keep the same team size. Technologies like virtualization and converged systems (compute, storage, and network into a single infrastructure device) are creating new skill set needs within agencies across all problem domains. For example, a network engineer used to only focus on keeping the physical network infrastructure running. Now, they have to worry about both the physical and virtual network, which means a lot more interaction with their virtualization admin counterparts and more complex troubleshooting scenarios. Similarly, as more and more databases become “virtualized,” the DBA must deal with a new set of challenges with managing performance and availability.

So while the team size hasn’t changed for all organizations, roles are certainly evolving. We’re seeing more and more customers experiencing the pains of IT convergence: previously separated stacks (server, network, storage, database, applications) that are becoming virtualized and combined, creating a new host of management problems. Oracle Exadata is an example of a converged infrastructure technology. In this case, when so many “stacks” are combined into one product, who owns it? IT convergence is changing how IT teams are managed, how IT experts are training, and how agencies are hiring.

With 60% of respondents factoring compliance reporting requirements into their automation decisions, what advice can you offer them when considering their options and how they go about remaining compliant?

The public sector needs to take a more pragmatic approach to addressing compliance by looking at the operational problems that are at their foundation. For instance, the NIST Continuous Security Monitoring framework provides good guidelines to help IT pros maintain compliance. The process is closed loop: assess, implement controls, monitor, assess, re-implement new controls, and again and again. I like to think of this methodology as “closed-loop compliance.” And this framework also describes a number of components to ensure continuous compliance (e.g. network configuration management, log management, vulnerability assessment, etc.).  The trick is that many of these have operational drivers for deployment that can be used to start a sustainable compliance journey.

As an example: Say you need to backup network configurations in case something happens and you need to revert to the last known good config. That’s an operational need that you’ll need to sustain forever. Once you’ve done that, you now have the network configurations you can use to do network compliance auditing consistently, thereby taking a great first step towards continuous monitoring. Log management for troubleshooting can also lead to log management for compliance.  And so on…

In summary, start simple in one particular area. Ask yourself: Can I solve an operational problem at the same time as a compliance problem? This will help in mobilizing staff and gaining traction in moving projects forward.

Ready to step up your IT management game? Want to know how other federal agencies are solving IT challenges? Curious about SolarWinds newest products and features? Please join SolarWinds on Wednesday February 26, 2014, from 8:00 a.m. - 12:00 p.m. EST, at the Ronald Reagan Building and International Trade Center Washington, DC, for a live, in-person federal user group. Or online on Thursday, March 6, 2014 in the Federal and Government Group.