White House Releases Final IT Modernization Report

The White House unveiled the final draft of a report detailing its recommendations for federal IT modernization, complementing recent action by Congress to spur upgrades in government technology.

The report, issued Dec. 13 by the White House’s American Technology Council (ATC), focuses primarily on two areas: the modernization and consolidation of networks and the use of shared services to enable future network architectures. Shared services, in the report’s parlance, means “the provision of consolidated capabilities or functions (services and/or IT systems) that are common across multiple agencies.”

The report builds on a draft the White House released at the end of August, and took into account feedback from more than 100 companies and individuals, according to a blog post from Chris Liddell, the director of the ATC, and Jack Wilmer, senior policy adviser with the Office of Science and Technology Policy.

“The report is a key piece of our efforts to modernize federal IT, with a particular focus on cybersecurity and shared services,” Liddell told reporters on a conference call on Dec. 13, FedScoop reports.

Notably, the report was issued a day after President Donald Trump signed into law the Modernizing Government Technology Act, which is designed to spark federal IT modernization through the creation of working capital funds within agencies and a centralized fund that agencies can tap to upgrade their technology.

Taken together, the actions by Congress and the White House state unambiguously that agencies have the green light — and need to — push ahead on IT modernization efforts. The White House report contains 50 action items, FedScoop notes, and, as FCW details, it contains 31 deadlines between now and January 2019 for various agencies to take action to implement its recommendations.

A Changing Mindset on Government IT

The ATC’s final draft concludes that difficulties in agency prioritization of resources in support of IT modernization, the ability to procure services quickly and various technical issues “have resulted in an unwieldy and out-of-date Federal IT infrastructure incapable of operating with the agility and security that is required of a multibillion-dollar federal IT enterprise.”

To effectively modernize its IT systems, the government needs to “maximize use of shared services and commercial capabilities,” the report says. Existing policies and programs must be “rapidly and iteratively updated to eliminate barriers to cloud adoption, and agencies will rapidly migrate applicable capabilities to commercial cloud services,” the report reads.

And those capabilities which will not be hosted in the commercial cloud “will be modernized to leverage modern security protections, and agencies will assess risk of existing capabilities to prioritize resources on protecting the most important systems and information,” the report says.

The government must also “accelerate the adoption of cloud email and collaboration tools, improve and strengthen existing shared services and provide additional security shared services for agencies,” according to the report.

Doing all of this, the report says, “will require an active shift in the mindset of agency leadership, mission owners, IT practitioners and oversight bodies.” Agencies “must consolidate their IT investments and place more trust in services and infrastructure operated by others.” That will “allow for greater utilization of shared services, consolidated infrastructure and cloud-based collaboration tools that can deliver improved functionality and drive cost efficiencies to improve government operations and citizen services,” the report reads.

Moving to Cloud and Shared Services

The ATC’s report addresses the existing impediments or obstacles agencies face in adopting modern cloud technologies. The report indicates that pilot programs will take new approaches to cloud implementations, and that these tests will be used to then spur rapid changes to how the government approaches cloud. For example, the General Services Administration will work with volunteer agencies to pilot new initiatives to improve the speed, reliability, reusability, and risk acceptance transparency for cloud-based Software as a Service and shared services authorizations to operate.

The report also focuses on consolidating and improving the acquisition of network services so that agencies’ management of security services are consolidated where possible and managed to high standards.

Specifically, the report focuses on the need to prioritize the modernization of high-risk, high-value assets — IT assets that are essential for agencies to serve the American people and whose security posture is most vulnerable.

The report also highlights the need to modernize the Trusted Internet Connections initiative and National Cybersecurity Protection System to enable cloud migration. The report recommends that real-world implementation test cases be used “to identify solutions to current barriers regarding agency cloud adoption,” and for agencies “to update relevant network security policies and architectures” so that they can “focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.”

The report also recommends that agencies “consolidate and standardize network and security service acquisition to take full advantage of economies of scale, while minimizing duplicative investments in existing security capabilities.”

In terms of shared services, the report recommends the continued use of category management practices pushed by the Obama administration as well as a shift toward a consolidated IT model “by adopting centralized offerings for commodity IT” purchases.

“The recommendations detail steps to address current impediments in policy, resource allocation and agency prioritization to enabling the use of cloud, collaboration tools and other security shared services,” the report notes.

Shared services can boost efficiency by reducing duplication and costs through consistent delivery of standardized capabilities or functions in ways that “make the most of innovative processes and commercial solutions,” the report notes.

Specifically, the report recommends that the contract vehicle be improved so that agencies can acquire commercial cloud products that meet government standards. It suggests the accelerated adoption of cloud email and collaboration tools. The report recommends providing support for cloud email migration and collaboration suites that leverage the government’s buying power. At least one unnamed cloud-based email service provider has signed up to negotiate a memorandum of understanding within 90 days, which would allow the government to begin fiscal year 2018 spending on cloud email migrations.

The report also recommends the use of shared services that can replace or augment existing agency-specific technology to improve both visibility and security.

To do all of this, it acknowledges, agencies will need to “realign their IT resources appropriately using business-focused, data-driven analysis and technical evaluation.”

The Office of Management and Budget will direct agency CIOs, CFOs and senior agency officials for privacy to work with OMB “to determine which of their systems will be prioritized for modernization, identifying strategies to reallocate resources appropriately.”

“In accordance with the terms of agency contracts and consistent with law, agencies should consider evaluating ongoing and planned acquisitions that further develop or enhance legacy IT systems identified that need modernization to ensure consistency with broader IT strategies outlined in this report,” the report notes.

“Agencies should also emphasize reprioritizing funds and should consider ‘cut and invest’ strategies that reallocate funding from obsolete legacy IT systems to modern technologies, cloud solutions and shared services, using agile development practices and the best practices within GSA’s Unified Shared Services’ Modernization and Migration Management Framework, 5 where appropriate,” the report says.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.