Welcome!

SDN Journal Authors: Pat Romanski, Patrick Hubbard, Elizabeth White, Sven Olav Lund, Liz McMillan

Related Topics: Microservices Expo, Containers Expo Blog, @CloudExpo, Cloud Security, Government Cloud, @BigDataExpo, SDN Journal

Microservices Expo: Article

Lessons of the Healthcare.gov Fiasco

Contributed by Guest Author Steve Hawald, Executive Partner/Analyst

One of the advantages ZapThink brings to the discussion of Enterprise IT is our global perspective. As we travel the world, we hear the opinions of many people across many countries and industries. From this context we can confirm that most of the planet believes the US government is the laughingstock of the developed world. We finally resolve the shutdown of the government (at least temporarily) over the Affordable Care Act (ACA) only to find that the centerpiece of the ACA rollout - the Healthcare.gov Web site - suffered from severe flaws. Seriously, can't we get anything right?

The embarrassing failure of the ACA Web site is even more ironic considering the federal government's long history of expensive, "big bang" IT projects like the Navy Marine Corps Intranet and the FBI Sentinel case management system that time and again failed in spectacular fashion. We were supposed to have learned some important lessons from such fiascos. In fact, the Obama administration has made substantial progress turning over a new leaf in the rollout of large IT initiatives, focusing on more Agile, Service-Oriented, and Cloud-centric efforts that lower both risks and cost. Why, then, did the Web site at the center of Obama's centerpiece legislation fail so miserably, and how can we avoid such failures in the future?

Placing Healthcare.gov into Context
Compared to other high-profile, complex federal IT programs, the ACA healthcare exchange program may have racked up the most program missteps for leadership and management in today's IT world. On the other hand, other major government consolidation Web sites, such as USAJOBS and USAspending, have had significant IT problems as well. Revelations from key IT sources illustrate how immense the technology architecture and design problems are: missing or bad data, duplicate records, lack of audit controls, insufficient testing, and inadequate Cybersecurity controls, to name a few.

According to Aneesh Chopra, the first US Chief Technology Officer, the site's problems were due to heavy traffic. It was built for 60,000 concurrent users - an estimate based on the Medicare.gov site of 30,000 daily users. However, Healthcare.gov had to support one million simultaneous users out of the gate. Also, the former CTO points to a minor Private Cloud scalability issue and a few additional IT missteps.

And yet, many insurance and technology leaders, analysts, Web developers, and contractors have pointed out serious IT methodology, architecture design and security flaws with the Healthcare.gov Web site as long ago as early 2012. These central IT challenges focus on leadership, management, architecture, cost management, IT workforce issues, and stakeholder decisions and roles.

This IT program appears to have fallen apart due to a number of requirement changes within two weeks of product launch from the administration. Such last minute changes introduce substantial risks into any IT project. All critical production systems should ideally have hard lead times and freeze dates, in conjunction with an iterative, Agile methodology for such changes to be successful. For example, the IRS has a similar IT playbook for new tax laws every year as many commercial firms do.

How to Fix Healthcare.gov
The number of critical technology areas that have been failing and the risk of skipping full operational and Cybersecurity testing and review place this application at high risk. The exchange portal needs an IT rescue or reset, which would involve taking the site down for application overhaul.

It may require as many as 5 million lines of software code to be ripped out and replaced to avoid inaccurate enrollment data and improper payments for services, mitigating further costly recovery. It should also have a full architecture review and be retested for data quality with key stakeholders, security for accessing other federal databases, as well as security for citizen privacy and data protection from hackers for identity fraud and misuse.

Key IT takeaways on this effort for any organization, federal or private, include:

  • Executive teams should be flexible on critical product rollout dates and execute strong leadership using governance for accountability and transparency over requirement changes and risks to avoid program chaos on cost, schedule, Cybersecurity, quality, and usability.
  • Executive leadership must have common product communication messaging on the purpose and value to all levels of the organization, stakeholders, and customers for accepting the product with confidence and trust.
  • EA teams should have crafted an Agile Enterprise Architecture using a Cloud roadmap for driving the business needs today, as well as future requirements for improving customer satisfaction and usability.
  • Executive and IT leadership decisions to insource complex integration architecture must be evaluated with the right team level of skill mix, training and resources, and leadership must be willing to outsource resources for any skill gaps.
  • Procurement teams should use trusted partnerships with core domain, Agile Architecture, and project management (PM) skills as well as corporate or government-wide multiple award contracts with task orders for critical skills by best of breed contractors with key domain experience for Agile software development.
  • Agile IT PM teams should have a standard or tailored software development lifecycle including a prototype phase for proof of concept with field ops for network stress on the architecture and security testing using incremental releases for production.
  • IT PM teams should have leveraged key stakeholder sign-offs, domain tailored best practices, customers/users/advocacy testing groups, or other testing offerings to validate a new product.

Using a Web-based portal solution for a healthcare gateway to existing federal agencies' databases and insurance interfaces for data sets with unpredictable scalability requirements are common IT challenges in today's market that newer technologies, in particular, Cloud Computing, can address. On Healthcare.gov, the key executive strategy teams lacked the technical skills and the proper executive governance framework for oversight on the program's execution effort. A delivery mandate, regardless of the end state of the product and "deliver as is" wording, puts the citizens or other users in a dysfunctional IT service environment, which creates lack of trust and confidence in the healthcare portal going forward.

If we compared this project rollout with any large private sector organization rollout, it would have been shut down immediately to mitigate the unknown costs and risks, the damage to the brand and reputation of the organization, and the leaders who are accountable would have taken appropriate management actions. In fact, it should not have led to a rollout date using a "big bang" deployment in the first place.

The ZapThink Take
The Administration's 2012 OMB policy dictates the use of Agile software modular development using incremental releases to avoid the long delays for customer phase-in for smaller deployments (30 to 180 days), and early use of features and benefits to reduce risk from poor requirements, untested technology, software failures, and cost overruns. However, by all accounts, Healthcare.gov was executed as a waterfall project, an approach that almost always leads to failure - either by insufficiently delivering on requirements or by providing inadequate focus on quality. And sure enough, these are just the problems that Healthcare.gov faced.

Why, then, did the government and its contractors not follow a best practice Agile approach? Fundamentally, Agile requires a rethink of the organizational aspects of planning, delivering, testing, and managing any IT project. The entire effort must be tackled iteratively. Stakeholders should be involved at every step. Testing must take place in every iteration, in order to lessen the testing burden as the initiative approaches delivery.

For larger initiatives like Healthcare.gov, the architecture must be Agile as well - both the software architecture as well as the broader Enterprise Architecture. However, the principles for Agile Architecture are only now being fleshed out, as ZapThink explains in Jason Bloomberg's book, The Agile Architecture Revolution. As the word revolution would indicate, no band-aid fix will magically turn big-bang software fiascos into lightweight, Agile, customer-focused initiatives. Instead, we must entirely rethink how we go about software delivery to meet the IT challenges of the 21st century. There is simply no excuse for high risk waterfall initiatives any more, at the federal government or anywhere else.

Guest Author: Steve Hawald, Executive Partner/Analyst

Prior to founding HAWALD ADVISORY, LLC in 2013, Mr. Hawald was a former Gartner global IT research analyst, US Department of Education / SFA CIO, and United HealthCare HMO Divisional CIO. He was named to Hitachi's Federal Data Systems advisory board in early 2010, and was appointed to Georgetown University's CCPE adjunct faculty for graduate IT certificate programs in 2009. He teaches part-time on weekends at the DC campus with his advisory engagements. He currently attends Virginia Tech University for STS PhD studies in risk challenges and management.

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@CloudExpo Stories
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
First generation hyperconverged solutions have taken the data center by storm, rapidly proliferating in pockets everywhere to provide further consolidation of floor space and workloads. These first generation solutions are not without challenges, however. In his session at 21st Cloud Expo, Wes Talbert, a Principal Architect and results-driven enterprise sales leader at NetApp, will discuss how the HCI solution of tomorrow will integrate with the public cloud to deliver a quality hybrid cloud e...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
The session is centered around the tracing of systems on cloud using technologies like ebpf. The goal is to talk about what this technology is all about and what purpose it serves. In his session at 21st Cloud Expo, Shashank Jain, Development Architect at SAP, will touch upon concepts of observability in the cloud and also some of the challenges we have. Generally most cloud-based monitoring tools capture details at a very granular level. To troubleshoot problems this might not be good enough.
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
In the fast-paced advances and popularity in cloud technology, one of the most critical factors revolves around concerns for security of your critical data. How to assure both your company and your customers they can confidently trust and utilize your cloud environment is most often top on the list. There is a method to evaluating and providing security that exceeds conventional modes of protecting data both within the cloud as well externally on mobile and other devices. With the public failure...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...