Need for Speed: How OIT's Strategic Plan is Turbocharging Performance

Published Monday, August 28, 2023

Read Time: 4 minutes

OIT Strategy In-Depth title card with mountain in the background and text of Goal #5: Modernize, protect, and streamline IT infrastructure to deliver the best experience to our customers

Just as speed was a big performance driver in the early days of the automobile, the need for speed has become a critical factor in the development and delivery of information systems and software applications that enable CMS to achieve its mission.

As cars were getting faster and more reliable, the U.S. needed an infrastructure system of interconnected roads and highways that allowed motorists to travel coast to coast safely and at high speeds.

Likewise, Goal 5 aims to help OIT modernize, protect, and streamline IT infrastructure in ways that will enable application and systems developers to focus on what they do best - design applications and systems that meet the needs of CMS business owners and allow them to deliver the best possible experience to our customers.

“At a high level, what we're trying to do with Goal 5 is make sure CMS is able to deliver on its mission with speed while ensuring that we have the security and resilience we need to work as much as possible and as hard as possible to enable that speed,” says Rajiv Uppal.

OIT's Director and Chief Information Officer doesn’t want developers to spend a lot of time thinking about and redoing infrastructure whenever CMS wants to build a new system or application.

“What we're trying to do is create a platform and a framework whereby things like identity are secure and the people who are building the systems can focus on the systems and the people who are building the applications can focus on the application development side of things.”

The benefits of this approach are two-fold. When developers are free to focus on their specialty areas, they can build tools faster and more securely because security is already taken care of at the infrastructure level.

“The other benefit is that it actually helps us reduce the complexity of the infrastructure because the way we do things today, everybody builds things their own way,” Uppal says. “We end up with such a vast array of technologies that it becomes difficult to manage and secure. By going down this path, we will increase application development speed, reduce complexity, and increase security.”

How are we making all this happen?

We’re enabling continuous delivery by integrating the batCAVE Platform as a Service (PaaS) on CMS Cloud to transparently codify policy and security controls.
We’re redesigning the ATO process to increase security while reducing burden and making the authorization process easier.
We developed the EASi workflow system to give users a clear idea of what the governance steps are and where they are in the governance process.
We’re incorporating Zero Trust into core OIT services by streamlining Identity Management (IDM) and designing it with security in mind.
We developed a world-class mission control center for real-time visibility into infrastructure health and the status of all of our systems.

“We are making great strides in this area with batCAVE and we’re taking care of a lot of infrastructure complexities and security issues,” Uppal says. “But we have to do more to enhance accessibility.”

To get to the next level of accessibility, Goal 5 calls for a framework that combines the platforms and best practices for systems development.

“The idea here is that when we bring on new vendor partners, they know exactly what CMS expects them to do in terms of building systems, how they should be designed with human-centered design considerations and accessibility in mind, the platforms they need to use, and how they should be getting access to data,” Uppal says. “All of this should be part of that framework.”

Moving forward, the central question facing OIT is this: Can accessibility and maximum usability be built up front into our systems from the start rather than just checking a box for compliance?

“We think about human-centered design,” Uppal says. “Accessibility should be at the same level. When you start building a system, think about accessibility and design for accessibility, not just for the 508-compliance test at the end.”

It’s important to remember the intent of Goal 5. “We never want to forget the intent,” Uppal says. “We are here to make sure the systems that are being built are secure and well-architected, and our role is to help reduce the complexity in the infrastructure and the environment at CMS.”