The application portfolio at the Defense Health Agency expanded over the years to resemble an overstuffed trunk. Users were forced to work with a jumble of apps that were sometimes decades old.
“Complexity and redundancy built up — mostly by people making the right decision for the time — and the result is increased cost, increased overhead and increased security risk,” says Army Col. Richard Wilson, the agency’s solution delivery division chief. “It takes a lot of hard work to undo.”
However, in the six years since the Office of Management and Budget began pushing agencies to get rid of duplicative or unnecessary IT investments, the DHA has been clearing out excess technology, and has saved more than $430 million, he says.
The task is challenging. Application rationalization takes time, scrupulous methodology and a little help from technology. But it’s necessary for agencies to trim down overly complex app portfolios, which translate into multiplying interfaces and redundant data stores — not to mention a daunting number of passwords and workflows for users.
Agencies such as DHA and the Agriculture Department are going through the painstaking task of inventorying their numerous applications, identifying necessary resources and rationalizing their portfolios, often by utilizing cloud services and newer software. Many are receiving help from the Department of Homeland Security, which provides guidance and services as agencies rationalize their apps and improve the security of their portfolios.
The federal government is about 20 percent of the way to fully rationalizing its application portfolios, says Shawn McCarthy, research director at IDC. Progress varies from agency to agency. After eliminating obvious redundancies and obsolete apps, agencies still face difficult decisions in an evolving application landscape.
“As technology progresses, new redundancies always occur,” says McCarthy. “It’s likely that the more challenging efforts come later, and that tends to slow things down.”
DHA Gets a Handle on Apps, Moves More to the Cloud
Humans must do the time-consuming task of assessing performance and usage data for each application, sorting through governance and technical requirements and making decisions about the disposition of the application, says Wilson.
To help the IT staff clear the thicket of applications, DHA uses the Program Accountability Management Tool from CA Technologies and several open-source technologies for tasks such as mapping application usage, cataloging requirements, tracking software licenses and identifying critical applications whose continuity and security require extra attention.
Key elements of the DHA’s application modernization strategy include increasing migration to the cloud and the potential use of more commercial applications, he says.
“We are exploring opportunities to leverage both the public cloud and the DOD cloud, but we want to take a deliberate approach,” he says. “I’d also like to explore commercial technologies, which could create value. Our directive is to get leaner, sharper and faster without compromising services, especially medical services, and we’ll look at all ways to accomplish that.”
As part of its app rationalization program, the DHA has launched initiatives such as MHS GENESIS, a new electronic health record system currently in use at a handful of DOD care sites.
When the application is finally rolled out to all care sites — which is expected by 2022 — it will replace 96 existing systems, Wilson says.
How Agencies Should Determine Which Apps to Keep
The rationalization process should begin with the adoption of a formal portfolio management framework supported by asset management technology, McCarthy says. As a result of the Data Center Optimization Initiative, all federal IT assets should support automated monitoring, inventory and management tools that provide data for the rationalization process by the end of 2018, he says.
An application that stops working or reaches the end of support will require urgent action separate from the rationalization process, but most agencies should put together the application portfolio that provides the greatest return on investment or the biggest boost to citizen services, he says.
At the Agriculture Department, application rationalization focuses on saving money and putting those funds toward enhanced services, says former Chief Enterprise Architect Jonathan Benett.
“The point is to use resources to move the mission forward and serve citizens,” he says. “Without rationalizing our apps, it’s as though we live in a house with 20 toasters. It would be better to invest in something else.”
USDA is focusing the early efforts of its rationalization program on customer relationship management applications, particularly those that are public-facing.
“We’re trying to assess all of our CRM applications through three lenses: business value, technical vitality and cost,” says Benett.
Massive amounts of information must be assessed to rationalize the application portfolio, much of it automated, hard-data reports produced by the apps and related technologies, says Benett. Equally important, though, are the observations of users and customers.
“Data might lead you to one judgment of an app, but you might get a very different answer from people who use it every day,” he says. “We try to get everyone who has a stake in the application to agree on a five-year plan for it. You can’t just turn an application off.”
Remember to Protect the Agency's Crown Jewels
As part of the app rationalization process, more than 100 agencies have sought the advice of the Department of Homeland Security, which helps agencies designate and protect their high-value assets, says Mark Kneidinger, director of DHS’ federal network resilience division.
“We want to identify each agency’s crown jewel applications and see that they are secure,” he says. “When an agency has redundant or outdated apps, it increases operational and workforce costs, but it also increases security risks. There are more, and more vulnerable, targets for intruders.”
To safeguard application portfolios during the rationalization effort, DHS uses a program known as Einstein, an intrusion protection capability based on commercially available technologies such as HPE LeftHand networking software; it employs classified signatures to protect systems, says Kneidinger.
DHS experts also advise agencies as they choose among the commercial security technologies available through the Continuous Diagnostics and Mitigation program. Its advisers also help agency staff set cybersecurity expectations for their cloud providers, should the agency decide that an application is delivered more effectively via the cloud.
While rationalization progress is evident throughout government, Kneidinger says, it still moves slowly because the process covers more than just technology issues.
“It’s a big job to evaluate the data, but the redundancies occurred because of human and cultural issues, and overcoming them takes time,” he says. “The perspective of individual ownership of an application exists in every agency. And different projects have different funding sources. These are issues that take time to sort out.”