Member Insight

July 2021

Greg Gershman
Chris Roberts
Federal CTO
Quest Software Public Sector

Maximizing Modernization of the IT Environment

The Covid-19 pandemic forced organizations around the world to rapidly enable their teams to work remotely. U.S. government agencies were no exception — they had to scramble mightily to adapt their processes and implement new technologies in order to continue providing vital services to their constituencies. Although those efforts were largely successful, they were certainly not without challenges. In particular, 63 percent of federal agencies reported more cybersecurity incidents in 2020, and 65 percent said the severity also increased, according to Dr. Larry Ponemon, the founder of the Ponemon Institute.

Now, federal agencies are facing a new inflection point: A June 2021 memorandum from the Biden administration lays out a permanent work-from-home expansion in which agencies will be allowed to offer employees flexible schedules and remote work, depending on their needs. As a result, government agencies are grappling with how to make the correct choices for IT modernization and digital transformation to empower and support their hybrid workforce while maintaining strong cybersecurity.

Comprehensive strategy, not hot technology, is the path to success.

Clearly, emerging technologies provide opportunities for meeting the challenges involved, and many innovative technologies have matured to the point where they can be effectively leveraged. Indeed, putting out RFPs for new systems is typically the easiest path forward for government agencies. However, rushing to invest in the latest and greatest products on the market is a recipe for disappointment, if not disaster. IT modernization simply is not a one-step effort, especially when an organization has the abundance of legacy infrastructure and complex processes that most federal agencies are saddled with.

Instead, IT modernization requires gaining a robust understanding of current systems, policies, procedures and requirements, and then developing a comprehensive strategy for not only migrating to a new IT ecosystem, but ensuring proper management and governance of that new environment for the long term. Moreover, modernization means being prepared for future changes, which will assuredly be necessitated by the ongoing retirement of older systems, development and maturation of new technologies, evolution of the threat landscape, and modification of agency needs and priorities.

The path to modernization is rife with pitfalls.

Of course, that’s easier said than done. The majority of IT modernization efforts run into budget, time and security issues. In fact, IT projects in the public sector are six times as likely to experience cost overruns compared to projects in the private sector, according to joint research by McKinsey and Oxford University. Causes include scope creep, changing specifications, IT staff turnover, multistage decision-making with multiple stakeholders, bureaucratic procurement processes, and lack of internal and interagency collaboration.

Agencies can modernize more quickly and less expensively by pairing new technologies with a thorough understanding of agency infrastructure, platform, services and applications; improved training; and a comprehensive modernization plan.

Case in point: Cybersecurity

For example, to effectively address the growing number and sophistication of cybersecurity threats, agencies need automated capabilities for detecting, analyzing and responding to potential incidents. But they should not simply leap to technologies like artificial intelligence (AI) and machine learning (ML) and expect their security issues to disappear — most lapses are actually inherited problems. Instead, agencies need to understand that for these technologies to be effective, they must implement more fundamental cybersecurity best practices, such as:

  • Strengthening identity and access management, including limiting and understanding who can do what, where, when, and for how long across their network
  • Implementing protections against lateral movement and privilege escalation by bad actors
  • Ensuring robust and reliable backup and recovery, as well as full-on disaster recovery
  • Enabling fast, secure and seamless migration to supported versions of software and to platforms that better meet the agency’s evolving needs
  • Building a network of trusted partners with a visible, secure supply chain

Conclusion

Acquiring a product — or even a suite of products — will not by itself deliver modernization or provide security; the journey to modernization is inherently complex and never-ending. Implementing new technologies is a cornerstone of IT modernization, but agencies must understand and build from their legacy systems and policies. Mastering this process now provides a stepping stone to seamless, secure transitions in the future, as agency needs change, technologies continue to develop and the threat landscape continues to evolve.

For additional insights into these and related issues from a panel of seasoned professionals, please plan to attend our executive roundtable, “IT Modernization and Digital Transformation In a Post-Covid World,” at EDGE2021 (formerly CES Government).

EDGE2021