The federal government is trying to modernize its technology infrastructure to meet the demands for greater cybersecurity, boost digital services, improve efficiencies and reduce costs. President Barack Obama proposed an increase in the 2017 federal government’s IT budget, including $3 billion more that would be used to replace legacy systems that are costly to maintain and increasingly becoming a cybersecurity risk. The Government Accountability Office reported that more than 75 percent of an agency’s IT infrastructure is considered a legacy system.
So how do agencies modernize? To gain a better understanding of how government organizations are adapting to a changing technological landscape, GovLoop met with Herb VanHook, Chief Technology Officer and Vice President of Strategy at BMC, a company that provides innovative software solutions to accelerate digital transformation.
“Agencies want to do things faster and at a higher velocity, but with greater efficiency and with reduced risk,” said VanHook. “As a result of these drivers, pursuing investments in next generation technologies is a primary approach.”
However, agencies are not looking to evolve on their own. Both the civilian and defense agencies are seeking more industry partners. “Whether they are technology\ vendors or systems integrators, agencies are looking to the private sector to help them leverage these new digital capabilities and really modernize the delivery of government services,” said VanHook.
This change is evident in many of the new request for proposals (RFPs) that have come out in the last year. One example is the RFP that the Defense Department sent out for its cloud-services portfolio called MilCloud 2. The original MilCloud request was an entity that was owned and operated by the Defense Information Systems Agency (DISA). The second version, however, requested to have more services owned and operated by a vendor.
“The government is very cognizant of what’s going on with emerging technologies in the commercial sector, and wants to step up its capabilities to match,” said VanHook. “In order to do that agencies are seeking solutions, logistics and operations from vendors and integrators.”
With cybersecurity awareness increasing, agencies want to move beyond managing traditional security access methods like standard identification cards or Common Access Cards. They also want to incorporate more biometric-based technologies such as thumbprints or retina scans to increase access and data protection. Trusted vendors can also help them to meet these objectives.
However, adding resources for cybersecurity can be difficult in these constrained budget times. VanHook says agencies need to consider the full scope of information security options and emerging technology options. In addition to next generation access solutions, agencies should also be considering technologies that automate security processes, as well as new data analytics capabilities that tackle threat detection, vulnerability awareness and incident response.
Transform From Old to New While Strengthening Security
To facilitate this transformation from legacy systems to new technologies there needs to be a bridge between the old and new systems. Creating this bridge is where BMC has found the most success for its federal partners. “Even though we talk about the rapid rate of cloud adoption, moving away from legacy systems takes a long time. Our government customers look to BMC to help them manage the existing IT world, as well as the next generation IT world,” said VanHook.
BMC SecOps solutions sit at the intersection between security teams and IT operations teams. “We’ve been delivering tremendous new capabilities around optimizing the workflow that goes on between those two teams while enabling the addition of critical context to vulnerability awareness and remediation. The exposures that security teams find must be mitigated by what the operation teams can do in terms of their remediation practices and technologies,” said VanHook.
BMC SecOps Solutions help customers master that intersection point between identification of the issues and deploying corrections through a higher degree of visibility and powerful automation. These capabilities enable agencies to improve their overall security posture by closing down vulnerabilities and handling exposures in a crisis situation faster, and by enabling prioritization of mitigation options.
In addition, the BMC solution helps agencies define and refine their processes and achieve the appropriate levels of compliance, whether it’s FISMA, NIST or continuous data monitoring. Compliance will continue to be paramount for agencies, especially as they expand into new arenas.
“One of the big changes that will happen over the next few years is leveraging enhanced capabilities for analytics, machine learning, artificial intelligence and cognitive data,” said VanHook. “At BMC we want to be on the leading edge, so we are investing in these emerging technologies and in solutions to help agencies evolve. Whether it is optimization for cost, understanding performance, or managing compliance and security requirements of those environments, we continue to adapt our solutions to meet these needs.”