Combine Modernization and Security Efforts to Unlock Cost Savings
Federal IT officials know the story when it comes to funding: “Flat is the new up,” says David Larrimore, CTO for U.S. Immigration and Customs Enforcement.
The Trump administration’s fiscal 2019 budget proposal calls for about $80 billion for IT and cybersecurity spending, reflecting a top concern within the White House. Its National Security Strategy, released in December, demands improved capabilities to combat electronic warfare and other intrusions into the nation’s cyber infrastructure.
The document even contains a short to-do list with examples of what’s needed: improved bandwidth, better broadband connectivity and more protection against attacks.
When you look at the budget proposal agency by agency, this year’s funding increases can be small. The Labor Department, for example, gets the same amount in the fiscal 2019 budget that it did in 2018; so does the Office of Personnel Management, site of a major data breach in 2015. This is a common challenge for federal IT professionals: Security improvements must happen within financial limits. But as they address this challenge, federal IT officials may be bolstered by the fact that the government’s equally strong demand for upgraded IT dovetails neatly with the need for added security.
SIGN UP: Get more news from the FedTech newsletter in your inbox every two weeks!
A New Mindset on Federal IT Modernization
Agencies deploy laptops, tablets and smartphones to create a more flexible workforce, but adding new devices can make networks less secure. Similarly, consolidating old-school data centers and storing information in the cloud — to both save money and increase efficiency — becomes complex when an agency maintains classified or personally identifiable information.
To protect increasingly diverse networks, IT professionals must harden endpoints, implement secure IP protocols, improve identity management and more, making it easier to integrate new apps and new technology into the system.
“Our program managers are raised to focus on three things: cost, schedule and performance. Security is built in at the end,” says Essye Miller, acting CIO of the Defense Department, who wants to change that mindset.
The White House IT Modernization Report directs agencies toward that goal, as do programs created by the administration to provide funding and guidance along the way.
>>Download CDW's Cybersecurity Insight Report to learn more about how agencies are managing risk in more effective ways.
The Agriculture Department, the first agency chosen for the new Centers of Excellence program, is already applying for funds created by the Modernizing Government Technology Act passed last December. The Department of Homeland Security’s 2019 budget includes $238 million for its Continuous Diagnostics and Mitigation program, which is designed to provide agencies with cybersecurity tools and systems monitoring.
Agencies and commercial cloud service providers alike are seeking certification from the Federal Risk and Authorization Management Program, which provides a standardized approach to security assessment, authorization and monitoring that saves money, time and work hours once an agency or cloud provider is authorized for the program.
This is how security and modernization come together. Automation of routine security-related tasks gives IT professionals more opportunity to keep an eye on the big picture. Optimizing a network to get rid of duplicative or outdated apps that may pose a security risk also makes it more efficient and easier to manage.
Focusing on modernization frees up time and personnel to focus on security. The agencies that are best situated for today’s high-threat environment are those that have upgraded in areas beyond security.