How the feds can manage the growing pains of technology modernization

Growing pains are a common, albeit unwelcome, occurrence as youngsters and even organizations mature. When it comes to onboarding new technology to modernize operations and help agencies run more efficiently, the federal government has at times dealt with its own growing pains.

In this case, the federal government isn’t lacking a mature approach to tech modernization. Rather, it’s actually brought itself to the threshold of maturity by setting its own objectives for modernization through strategic planning and early adoption of new technology.

{mosads}This has included commitments to policies that include some risks, which the government has shrewdly managed with frameworks and guidance for agencies seeking to modernize. Some examples are the Federal Risk and Authorization Management Program (FedRAMP) for the secure acquisition of cloud services, and the White House’s “cloud first” directive (2011) and the Modernizing Government Technology Act of 2017 which help drive agency buy-in to new technologies.

Government IT growing pains aren’t due to a lack of effort, but rather by inertia. All organizations, government notwithstanding, must counter legacy methods of operating to get to doing business how it’s done in 2018, and setting themselves up well to do business efficiently in the decades ahead. 

Federal administrators recognize a need to modernize now. Luckily, they’re on the right track. Many of the solutions outlined in The American Technology Council’s report on Federal IT Modernization commissioned by the White House have advanced to the point that they are now readily available for government use.

Achieving growth potential through consolidation

One of the modernization report’s primary recommendations is IT consolidation, i.e., “shrinking” the federal government’s physical technology footprint. Doing so would help reduce the vulnerable scope of government IT.

The report also explores the benefits of shared services, enabling collaboration and improved management for multiple agencies using the same technologies. This can streamline government operations and reduce costs. 

Software-based infrastructure is an ideal solution. It allows agencies to be more agile with their technology. It affords greater flexibility and scalability for onboarding new technology and more stringent security across the entire agency network. It’s also more easily adapted to developing innovations, costing agencies less in the long-term than maintaining and adapting legacy hardware.

The government can look to individual states which have shown leadership on this front. The State of Louisiana moved to a shared-services model, consolidated IT operations across 20 state agencies and, as a result, saved an impressive $70 million in operational costs.

Addressing Trust Issues…by Trusting No One

Agencies with consolidated and virtualized IT architectures are easier to defend than those using legacy systems, because the same security that’s established for the agency as a whole is scaled and distributed throughout the entire organization. Every network, computer, authorized device and application is treated the same way, and security perimeters can be as sweeping or as granular as necessary.

Government leaders need no reminder how delicate infrastructure and information are within a cybersecurity context. The shadow of the 2015 OPM data breach still looms over federal IT administrators, and hackers remain an omnipresent threat.

In an effort to prevent this from happening again, they should consider building least-privilege and zero-trust environments into modernization plans to ensure these sweeping security protocols are as stringent as possible. These protocols allow federal agencies, and their workers, to keep their business to themselves.

Consider how you might secure your own home: it’s locked at the entrances, but you and anyone you welcome in or give a key to will have unfiltered access to everything in your home. Organizations with IT structured in this way are vulnerable if hackers gain access to the external layers of their security.

Now consider a hotel, in which you are a registered guest. Your issued key card will give you access to your room and specific amenities, but you likely won’t be able to access central offices or other structural points of the building that you don’t need or aren’t credentialed for.

Least-privilege and zero-trust security protocols will work in the same way, presuming individuals and networks who don’t need (or aren’t authorized for) access to certain data or work applications won’t be able to access them. They’ll only have access to the things they need to do their jobs for their respective agencies, and they’ll only be granted access after they prove they are who they say they are. And agencies managing a software-based IT infrastructure have greater flexibility for implementing security facets like multi-factor authentication.

Making work easier with government cloud

Least-privilege and zero-trust environments aren’t roadblocks to positive, seamless user experiences for agency personnel. These trust protocols can be extended to a wide variety of authorized devices enabling federal workers to work from the field, on the go, at the office or at home.

IT can also secure a hybrid cloud environment, which gives agencies the best of both worlds.  They can enable the use of their own, proprietary programs, apps and data on virtual public storage and enable the use of virtual, subscription-based programs.

Operating with hybrid cloud provides flexibility and reliability toward achieving the agency mission. It keeps agencies operational, ensures data recovery in the event of a disaster, helps lower operational costs and gets federal workers access to the programs and data they need — and the innovations they want — more quickly, without requiring a total overhaul or retraining of the agency.

While federal agencies have considered cloud first for most of the decade, there is still a need to consolidate and modernize legacy hardware. As of 2017, the federal government still had a massive, expensive and still-growing legacy server footprint, with more than 12,000 federal data centers comprising nearly 150,000 servers.

That’s not the ideal type of growing pain government administrators must deal with, but it’s one that hybrid cloud, consolidation and stringent security can help alleviate. 

Lynn Martin is VP of government, education and healthcare at cloud computing firm VMware.