5 things to think about when modernizing agency IT
- By Colby Proffitt
- Nov 14, 2017
With the Modernizing Government Technology Act heading to passage as part of the final National Defense Authorization Act and the administration's pending release of its IT Modernization report, it's a matter of when -- not if -- federal agencies will modernize. Given that, it's important that the government and industry understand what IT modernization really means and how it can be achieved. Here are five considerations that federal agencies and CIOs should think about.
1. Assess, plan and invest today to save tomorrow: Modernization may be costly at first, but savings will come with time. Estimates peg potential modernization savings at up to $110 billion across the entire federal government over 10 years. Initial modernization investments shouldn't start with buying new hardware and software or immediately jumping on the cloud bandwagon. Instead, agencies should start with a self-assessment of their missions, critical systems and current states. From there, each agency can craft its ideal future state -- likely a lean, agile, mission-focused organization with maximized efficiencies and minimized service degradation -- and develop a strategic plan to get there. Agencies should realize up front that in order to reap the benefits of modernization they are going to have to spend more initially.
2. Each path may be different: IT modernization can take many forms -- legacy system modernization, application modernization, infrastructure modernization -- but can generally be defined as the upgrade and realignment of an organization's IT with its mission needs and overall strategy. It's very likely that the path to modernization may differ from one agency to the next. For example, let's say three agencies identify cloud as a means to modernization and wish to use "as a service" technologies. The first agency may decide to outsource infrastructure and software, while the second may only outsource security. They would both be implementing a hybrid cloud setup, but with different services moved to the cloud. The third agency might follow a traditional cloud approach and move everything to the cloud. None of those strategies are right or wrong; agencies should choose the approach that's right for them.
3. Security pays for itself: With many federal legacy systems being more than 50 years old -- and consequently considered highly at-risk -- one of the biggest reasons to modernize is enhanced security. Cybercrime costs are projected to reach $2 trillion by 2019 -- including direct damages and post-attack disruption -- and federal cyber spending is estimated to reach $22 billion by 2022, making it critical that agencies modernize to reduce the attack surface and vulnerabilities. For agencies pursuing the cloud, it's important to keep in mind that they will remain responsible for protecting their data and systems; however, they can leverage the expertise of cloud service providers for an additional layer of security.
4. Focus on the people: Agencies must remember that savings and security are important, but only within the context of their customers, end users and overall mission. If a customer-facing application is so secure that it's no longer user friendly, the agency should adjust its approach. Likewise, if anticipated savings result in the loss of critical applications, bandwidth limitations or some other negative impact, those savings will quickly turn into added costs. Modernization isn't just about IT -- it's about the people who use that IT. Because modernization can be complex to manage and difficult to staff, agencies must take user IT needs into account when planning and implementing their modernization strategy to encourage user acceptance and adoption.
5. Leverage existing modernization and cloud adoption guidance and processes: While every organization must decide what approach is the best fit, it's likely that many agencies will choose cloud solutions as a means of modernizing. Those agencies can leverage resources such as the Cloud Acquisition Professional's Cloud Adoption Survival Tips, Lessons, and Experiences Guide, authored in partnership with the General Services Administration's Cloud Center of Excellence. Designed by federal technologists, CIOs and acquisition experts, the CASTLE playbook is intended to provide cloud acquisition-based guidance for government decision makers, offering guidance on how to achieve a smooth and effective acquisition process that increases the adoption of cloud services. Rather than start from scratch, agencies can tailor their own plan after choosing from a number of scenario-based conditions in the guide. Other guides, such as Creating Effective Cloud Computing Contracts for the Federal Government, offer best practices for acquiring IT as a service.
There are many reasons for federal agencies to modernize -- cost savings, improved security, increased usability and the ability to leverage newer technologies. Yet while the benefits may be obvious, that doesn't mean that attaining them is necessarily easy. A successful modernization effort will mean embracing the changes that come with it -- both technical and cultural. Agencies must realize that modernizing isn't a one-time event, but a perpetual process. Technology adopted today won't be modern forever. It's critical, then, that agencies develop a long-term plan to continually update their IT as part of their overall modernization strategy.
Colby Proffitt is a cyber strategist at Tanium.