Sustained Commitment to IT Modernization Will Realize Security Benefits, Savings

CERT-LatestNews ThreatsActivists
LPTA reform

Virtually everyone can agree that moving is a huge pain. In the first decade after I graduated from college and entered the workforce, we moved four times.  I shudder at the memory of the weeks spent planning, packing, and then hauling boxes and heavy furniture, only to reverse the entire process when we arrived at our new home. In addition, moving also costs money. Moving companies aren’t cheap, and even if you are younger than I am and can move yourself, there are still significant costs.

We moved for various reasons, such as proximity to work, and then a bigger living space for a growing family. Others move for different reasons, like to be closer to family, or to seek a smaller residence once the children are grown.  But invariably, once it’s done, it feels well worth the time, effort and cost.

Why am I talking about moving?  Well, the federal government is on the precipice of a huge move, as they strive to cut the cord to outdated legacy IT systems and embrace the cloud. Unfortunately, the effort to embrace cloud computing has often advanced haltingly because there has been too much focus on the move itself and not the potential benefits that await.

The Need to Fund Modernization and Cloud Migration

It has been nearly a year since the bipartisan Modernizing Government Technology (MGT) Act of 2016 was first approved by the House of Representatives, only to stall in the Senate and die at the end of that session. If you aren’t familiar with it, the MGT Act would establish a government-wide fund as well as authorize agency-based funds from IT modernization savings, both to be used to support replacing outdated legacy IT systems. With this, agencies could more readily shift operations to the cloud.

This year, in a new Congress, a revised version of the MGT Act resurfaced and again sailed through the House. The Senate subsequently added a similar measure as an amendment to that chamber’s version of the FY 2018 National Defense Authorization Act (NDAA), which is currently in conference with the House and is regarded as a “must-pass” bill.

The White House’s stated emphasis on reducing government spending, as well as their numerous expressions of support for IT modernization, certainly provides optimism that the MGT Act will be enacted and that agencies will push forward to swiftly implement it. But sustained funding and a commitment within agencies to modernization, including acceptance of the benefits of the cloud, will be key to its success.

The federal government’s spending on legacy IT has become an unbearable burden on agency budgets.  As an example, the GAO shared that the IRS alone spends about “$2.7 billion annually on IT, with about 70 percent of that going toward operational or legacy systems.” This 70 percent figure is in line with the level of spending throughout the government to maintain legacy IT systems.  But by shifting away from harder to defend legacy systems and making greater use of cloud computing, these percentages can be drastically reduced.

The Time to Move is Now

The historical hesitancy by some government agencies to embrace cloud is interesting, given how most public sector personnel – their own experts – seem to clearly understand the benefits. During the AWS Public Sector Summit in June, speaker after speaker from the federal government took the stage and described how their journey to the cloud had significantly improved their IT operations. For some, it was about improving efficiency. Others cited the cybersecurity benefits of cloud computing. But a common theme throughout their remarks was the reduction of costs.

As part of a survey Telos conducted, attendees at the AWS Public Sector Summit were asked to share their biggest challenge with cloud, and the answers revealed a common concern about funding.  “Lack of funding to move,” wrote one respondent. “Cost,” was the simple one word response from another.

These answers point out that the status quo is not acceptable. The government’s IT transformation away from legacy systems is far too important to be delayed any longer due to inadequate funding.  The MGT Act needs to be finalized and signed into law, agencies need to aggressively commit to using the funds it provides to replace legacy systems and pursue IT modernization, and in the future Congress and the Administration must be prepared to continue to back this effort up with sufficient funding and strong direction.

To read the full 2017 Cyber Risk Management Report, please visit:

Robert DuPree

Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree See full bio…

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.