The Case for Federal IT Modernization
The cloud and mobility are pushing federal agencies to upgrade outdated systems in favor of more modern approaches. Hence the origin of the term “IT modernization.”
But embracing modern approaches is sort of an about-face for the federal government, which has long been saddled with tight budgets, long buying cycles and long-term investments in legacy gear they can’t shake. Still, widespread adoption of the cloud and mobile technologies, both in the private sector and among some federal workforces, is tipping their hand, acting as a forcing function for change.
With the addition of cloud and mobility comes the question of access, and more importantly, the question of how to secure access. For decades, the solution has been Common Access Card (CAC) and Personal Identity Verification (PIV) – access cards used for everything from physical access to buildings to authenticating into applications.
Again, mobility and cloud have plunged this old method into a sort of obsolescence, where trusted access can happen anywhere, at any time, from any device. It’s a marked improvement on the old way, but not without its challenges.
There are a host of reasons federal agencies should modernize:
Achieve Compliance: From NIST guidelines to DFARS and beyond, there are a host of stringent compliance regulations to which agencies must adhere to ensure only trusted users and trusted devices are accessing their systems. And failure to comply could result in a breach or fines – two things no agency wants nor can afford.
Embrace BYOD: Federal agencies struggle with the concept of bring your own device (BYOD). Why? Because they lack visibility into devices that are not government issued. Modern IT solutions can give agencies insight into the security posture of devices and empower admins to enforce strict policies governing how and when devices can access applications.
Augment PIV/CAC: Supporting PIV/CAC requires a heavy lift in supporting a full-blown PKI (public key infrastructure), a FIPS-compliant cryptographic infrastructure, which can be incredibly difficult to set up and maintain. Not to mention, each workstation requires a card reader, which pushes the cost and maintenance headaches even higher. Most government agencies would consider an additional technology to complement card deployments as an alternative for logical access and authentication. Replacing PIV/CAC altogether would be too complex, too costly and wasteful of previous investments, but replacing the authentication and application access function of PIV/CAC cards is an attractive compromise for agencies and a step toward IT modernization.
Reduce TCO: Running and maintaining legacy systems is expensive, but so is replacing all of that gear. It’s a costly catch 22. But embracing cloud and mobility and starting down the path to IT modernization through strategic integrations and upgrades helps reduce the total cost of ownership of IT and security infrastructure while also satisfying IT modernization efforts. Leveraging modern authentication methods specifically can also dramatically reduce TCO (some Duo customers report a 10x reduction in TCO) by streamlining various workflows with different authentication processes into a single process for cloud and on-premises applications.
Adopt Zero Trust: While it may seem like a buzzword, zero-trust security is the real deal, and it’s changing the way access is granted. Zero trust is a model in which application access is granted based on trust in the identity and the device. It verifies trust at the time of access and assumes no one person or device is inherently more trustworthy than another, as opposed to the old perimeter-based mantra of trust anything that’s inside the corporate walls. Zero-trust security is the result of effective IT modernization.
Improve Security: Overall, IT modernization is about improving security. Modernization initiatives help agencies adopt and deploy new security technologies and integrate them into existing systems. Strong, modern authentication methods set the foundation for zero-trust security, so that’s a great starting point. From there, fortifying security further with device insight and strong access policies gives federal IT admins tighter control and helps ensure only trusted users and devices are accessing applications and data.
IT modernization is a marathon, not a sprint, so it’s important to understand that these changes won’t happen with a flip of a switch. But enacting an IT modernization plan can lay the foundation to embrace cloud, mobility and new security models and will ultimately result in reduced costs, flexibility and fewer management hassles. It will also future-proof federal IT infrastructures so when the next tectonic technology shift occurs, you’ll be ready.