SBA adapts IT systems to alleviate COVID-19 amid program changes
The Small Business Administration continues to adapt its computer systems handling COVID-19 relief requests to meet changing program requirements.
The Biden administration announced a two-week window from Wednesday where only small businesses with fewer than 20 employees can apply Paycheque Protection Program (PPP) remittance loans to keep their workforce employed during the pandemic.
As new legislation and executive warrants attempt to provide relief where it has not yet been granted, the SBA scrambles to make changes to its E-Tran loan system and program portals.
“We obviously faced a huge scaling challenge… in terms of the volume of transactions we process,” said Sanjay Gupta, CTO at SBA, at a ATARC event Thursday. “But also, more importantly, the speed at which we process that higher volume.”
The companies went bankrupt because the initial PPP loans dragged on through the summer as SBA struggled to process requests for $ 400 billion in relief funds and adapt E-Tran to changing eligibility rules, financial institutions, terms and conditions and the transfer of loans to grants.
The SBA is also responding to disasters, and President Biden declared the Texas snowstorm a major disaster earlier this week. The declaration will mean an increase in workload for the SBA in addition to dealing with PPPs and economic disaster loans for the pandemic, Gupta said.
Fortunately, SBA’s cloud migration began in 2017, which allowed it to scale better with more employees than it would otherwise. But in March, the agency accelerated the implementation of a cloud-based secure connector, instead of its traditional VPN, to improve security and visibility of traffic and performance.
Conditional access – which limits users’ access if they don’t meet certain conditions related to things like where they connect to the network – proved useful during the pandemic. The same goes for geofencing, which took six hours to implement in March and has taken over traffic from foreign countries trying to access lending portals in the event of a pandemic, Gupta said.
SBA relies more on native capabilities when it comes to cybersecurity tools, anomaly detection, and machine learning.
“We automate these things,” Gupta said. “So in a year you will see a higher resilience posture.”
Uniquely identifying virtual machines on SBA’s network remains a challenge, however, Gupta said. He led the 90 days of the SBA Ongoing diagnostics and mitigation modernization effort in coordination with the Cybersecurity and Infrastructure Security Agency, and together they developed an identification model.
Virtual machines are instantiated as needed and may need to be created and destroyed in microseconds. SBA’s model attempts to track and manage these machines in a cloud environment and has been published in a report, but the CDM team has yet to release any guidelines.
“I’m sure it’s going,” Gupta said.