COVID-19 has been an unexpected stress test for government systems and will bring more clarity to IT modernization efforts.
NOTE: This article first appeared on FCW.com.
With the huge changes forced on government IT systems by the pandemic, agencies have a unique, if stressful, opportunity to think about how they can modernize and better secure those systems in the future.
“I’m anxious to learn the ‘lessons learned,’ or how the curve has accelerated” for agencies shifting to modernized platforms, such as cloud, said Norman Speicher, a Department of Homeland Security program manager and computer scientist, during a May 14 ATARC webinar on compliance and security during a crisis.
Speicher works in DHS’ Science and Technology Directorate’s first responders group, where he helps leverage existing and new technologies for local and state public safety agencies. He said the pandemic’s crucible could help melt some long-standing resistance to cloud services and other technologies.
Speicher said some smaller public safety agencies have historically resisted adopting cloud platforms, as they own their own IT infrastructures. That ownership gave them a sense of security that dispersed commercial cloud architectures don’t. “COVID has forced risk management,” he said.
The pandemic has put a glaring spotlight on the fact that some risk is inevitable, he added, which makes cloud’s more diffuse operations more palatable.
As COVID-19 risks have forced agencies to modernize IT functions and platforms to stay functioning, it’s also forced IT managers to think differently, according to Speicher and others on the May 14 panel.
“The answer can’t be ‘no’” to new ideas, said Speicher. “You can’t function with ‘no.’”
The forced modernization that federal agencies have scrambled to do to extend their IT operations to support 100% telework, said Lon Gowen, chief technologist and special adviser at the U.S. Agency for International Development, hasn’t been easy. The huge shift, however, has also forced agencies to think in more detail about priorities.
“Don’t forget the old saying that ‘haste makes waste,” Gowen said. Shifting systems to cloud or other fundamental platform change in the middle of a crisis “boils down to the system.”
If the system is simple and scalable, it’s an obvious immediate candidate to move. If a move entails big, detailed operations, such as setting up enclaves with cloud providers such as Amazon Web Services or IBM, he said, it’s best to wait.
A rushed set-up of those kinds of operations could also leave “gaping holes” in security, Gowen said. “Some bad guys could get in at the start and own you for years. You have to be deliberate in how you do it.”