Achieving Pragmatic, Operational Modernization for the SEC
In 2016 a major cybersecurity breach of the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR®) system revealed the need to modernize the mission-critical resource while addressing data continuous data availability. With 30+ years of trusted service to the agency’s sister regulatory organization, the IRS, Maximus was well positioned to incrementally modernize the indispensable system through a pragmatic approach to new technology adoption, operations, and maintenance.Click to download success story
- Expert deployment of first SAFe for EDGAR
- EDGAR system refactoring for cloud readiness
- Quantitative management of solution delivery
- First migration of SEC.gov to cloud
- Replacement of outdated hardware, software,
- Dedicated maintenance and surge support
for system upkeep
- Retired legacy hardware and software, saving $2M
per year in support costs
- Closed 30 long-standing plans of action
and milestones in year 1
- Reduced production deployment time
from 40 hours to 45 minutes
- Achieved 140 software releases with new
- Reduced disk volumes from 300 to 4
Creating a path for future transformation
Since 1993, EDGAR has managed private sector securities filings and complex documents to help the SEC achieve its mission goals. Processing about 3,000 filings daily, the system makes 3,000 terabytes of data public each year. Though EDGAR used dedicated hardware, the system’s legacy software, and middleware were out of date and lacked modern security and scalability features. The outdated technology was showing its age in availability on peak filing days and surges – and
in vulnerabilities that reached critical urgency with the 2016 security breach.
To immediately address the security issues, the SEC worked with Maximus to determine the cause of the breach (software vulnerabilities) and to implement advanced encryption to protect EDGAR’s data and find a pragmatic approach that would maintain system availability and improve efficiency while prioritizing cybersecurity.
Working with Maximus on the first large-scale modernization project of its kind for EDGAR, the SEC’s incremental approach began with replacing outdated middleware and software components. EDGAR leadership also sought and secured funding for cloud preparation, recognizing that the investment would yield security and operational
benefits. These updates cleared a path for future system transformation.
Optimization and Security
Maximus established a dedicated EDGAR security team to begin the process of making the system cloud-ready and establishing continuous authority to operate (cATO) to automate continuous monitoring of security threats and vulnerabilities. Optimizing the system with modern hardware and software were also a priority, along with
implementing modern database and operating system solutions.
Transformation and Innovation
With modern software and middleware in place, the team established a Scaled Agile Framework (SAFe®) to improve EDGAR’s scalability, containerized its applications, and established a continuous integration/continuous development (CI/CD) pipeline with DevSecOps to create a cloud-ready platform. Working incrementally, the SEC
opted to keep EDGAR on-premises but refactor the system to be ready for cloud migration.
Through these processes, the security team worked in lockstep with SEC business and IT leaders to successfully implement their approach. Keys to success included:
- Executive alignment with SEC leadership to establish governance, communicate the importance of the modernization efforts and maintain active project support.
- Efficient procurement of all software, enabling rapid replacement of outdated technology.
- Strong project management to oversee implementation of a SAFe® and establishment of cATO months in advance, enabling system troubleshooting prior to launch.
- Value-added partnerships to augment systems architecture expertise through Maximus’ vendor partnership with Red Hat.
- Incremental steps to make innovation inroads across the agency, including proof of concept projects to gain buy-in by improving transparency and collaboration across agency divisions.
Completed on time and $300K under budget, EDGAR’s new architecture:
- Increased security, reducing system vulnerabilities from thousands to less than 20.
- Improved system availability, including the smoothest SEC peak filing day on record in 2021.
- Doubled securities filing throughput while reducing complexity and costs.
- Increased scalability by replacing outdated software and hardware.
- Added support for storage provisioning and additional storage with no application downtime.
- Improved time to value by enabling fast, frequent, and secure deployments compared with previous error-prone, infrequent updates.
In 2021, Maximus deployed new beta features, including multi-factor authentication, an interface redesign, and artificial intelligence. The projects completed to date have established a sustainable foundation for innovation and modernization for EDGAR and across the SEC’s IT systems.