IT Modernization and Security for Federal and State Governments
This article originally appeared in Volume 2, Issue 2 of <theScript> Quarterly digital magazine.
If we’re talking about government, technology and the future, for anyone (like this writer) who grew up on a solid diet of “Star Wars” and “Star Trek,” there’s no better place to start than with NASA.
Sadly, NASA is not creating a real-life transporter (yet!). But, like all of our federal agencies, it does need to modernize its IT infrastructure if it’s ever going to beam me up, or even accomplish its decidedly more achievable goals.
Challenges to federal IT modernization
In her speech at the 4th Annual Government IT Modernization conference, NASA Chief Information Officer (CIO) Renee Wynn underscored the importance of getting NASA’s infrastructure ready for future challenges.
“We’re embarking on what we call the ‘data-centric model,’ where it’s all about the data. Protect but make the data available is the new mantra. … We need to make changes to networks due to … lots more data coming from satellites and probes. … We’ve got to plan now for this tremendous increase in data hitting our network,” she stated.
Workforce enablement is also a compelling reason for digital transformation, she adds. “As more employees work from home, we’ve got to plan tools that work in every environment — cloud-based, easy to get to, scalable and cost-efficient.”
But the biggest challenge in achieving big data analysis, security and mobility for many agencies is their heavy investment in legacy architecture. According to the Office of the Federal Chief Information Officer, about 78% of federal IT spending planned for fiscal year 2017 is classified as legacy IT spending. That’s a cool $63 billion spent just this year to maintain outdated infrastructure — and not benefiting citizens or innovating agencies.
Figure 1: Government Business Council, "Inside Federal IT Modernization," March 2016
Figure 1 shows that IT professionals surveyed by the Government Business Council in March 2016 estimated 60% of their agency’s IT budget was spent on maintaining legacy systems, and 40% was spent on modernization. However, they felt a more appropriate percentage to spend on modernization efforts would be 64% of the budget, with just 36% used for legacy maintenance.
And there are other concerns with older systems. Not only do they often require software that is unsupported or no longer updated, but they also pose serious security risks because they don’t comply with current security best practices. In addition to the security vulnerabilities and steep upfront cost of new infrastructure, changes to one federal system may cause ripple effects throughout the government because of system interdependency.
Agencies are further hampered by a lack of technology and security expertise. Staff requires training, both to keep legacy networks running and to manage new IT solutions coming in. Agencies take a hit on both ends without a strategic plan in place.
With arguably more concerns to deal with than a typical enterprise (or an (USS) Enterprise full of Tribbles), how can government agencies even get started?
What IT modernization looks like
Modernization is a genuine cause for concern when you consider that some federal systems, such as the Individual Master File of the Treasure Department/Internal Revenue Service (IRS), are more than 50 years old. This IRS program, the application that receives taxpayer data and issues refunds, still operates on an IBM mainframe. The Defense Department’s system that coordinates U.S. nuclear forces, the Strategic Automated Command and Control System, is 54 years old and uses eight-inch floppy disks. Modernization isn’t just a buzzword; it’s a critical need across federal agencies.
IT solutions for federal agencies require a reimagining of the data center’s purpose and end goals. As Shaun Donovan, former director of the U.S. Office of Management and Budget (OMB), stated in his January exit memo, “A modern, digitally empowered end state [needs to] view IT not as a series of automation projects that must be developed and then maintained, but rather as an enabler of digitalized customer-oriented services that are continuously refreshed and incrementally improved.”
By analyzing data and reviewing what may be ever-changing business strategies and processes, agencies can start creating infrastructure that is specific to enabling their desired outcomes. NASA’s Wynn agrees. “Most important is aligning [technology] with mission and business strategies,” she says.
In turn, this helps streamline agency processes and eliminate redundancies — and it helps agencies come into compliance with the Federal Information Technology Acquisition Reform Act (FITARA). The Office of the Federal Chief Information Officer spells out on its website that agencies are required to create an updated enterprise road map that focuses on IT modernization and prioritizes high-risk IT systems.
According to the site, “Moving the federal government to modern infrastructure and cloud-based solutions is a fundamental necessity to building a digital government that is responsive to citizen needs and secure by design. Doing so will enhance agencies’ ability to protect sensitive data, reduce costs and deliver world-class services to the public.”
In an October 2016 blog post on the Obama White House website, then-Federal Chief Information Officer Tony Scott detailed four phases of IT modernization:
- Development of updated enterprise road maps that include where new investments can be made and legacy IT spending reduced
- Identification and prioritization of systems using criteria based on security and operational risks, business suitability and modernization impact according to the OMB/General Services Administration
- Development of modernization profiles for high-priority systems that have been prioritized for modernization, retirement or replacement
- Execution of budget planning processes and possible supplemental funding from Congress
“Modernization would improve the ability of these systems to deliver the necessary levels of functionality, security and efficiency to satisfy and secure the needs of agency users, stakeholders and the American public,” Scott said in his post.
Federal IT solutions
The legacy infrastructure most agencies struggle with still handles critical data and has staff trained to operate it. Systems that provide essential services — and that have already come with significant financial investment — can’t just be thrown out without wreaking havoc on staff and constituents alike.
The practical way to begin the IT modernization process is with a hybrid infrastructure strategy. Well before designing customer websites or even employee interfaces, agencies need to have their architecture secured and prepared to scale with increased volumes of data. A hybrid approach allows the existing system to continue operations while a next-generation technology solution is implemented and can expand the agency’s mission.
Prioritization of applications is key to success at this stage. The CIO or a designated professional should understand the full extent of the agency’s current IT portfolio. This will help you identify redundancies, eliminate outdated or unnecessary applications, and understand where the gaps are between what the agency needs to accomplish and how it can achieve its goals. Once appropriate assets are transitioned to the cloud, your agency can take advantage of the increased efficiency and cost savings to invest in other areas of the modernization process.
Many agencies are either already mobile-first or planning to be. This in itself can generate enormous cost savings and improve employee productivity. But with mobility comes security concerns. The newest security platforms are moving toward identity-based access rather than device-based endpoint protection. Identity-based access helps prevent major breaches by allowing users to access only the data they need — in effect, segmenting the network and preventing unauthorized persons from crawling through all mission-critical records and private data.
Once an agency is capable of managing increased volumes of information, it must be able to mine the data for actionable insights. Taking that a step further, predictive analysis will help agencies execute their goals. Many corporations employ predictive analytics as part of their marketing and online sales efforts, and this approach can certainly be co-opted by government. Predictive analytics can also be used for forecasting results and creating external-facing websites. For self-service online portals or user-centered websites, predictive analytics can draw from previous online behavior to provide the best user experience.
In his January 2017 exit memo, the OMB’s Donovan outlined key IT priorities the new administration should focus on. He suggests recruiting and hiring "a critical mass of high 'tech IQ' … senior executives for government agencies" as one way to start modernization. NASA’s Wynn agrees and adds, “Proactively identifying and addressing the gaps between current workforce capabilities and future workforce needs will better prepare the agency to … realign [its] employees to respond to NASA’s changing mission priorities and to the dynamic IT domain."