'If I Were the Federal CIO': Setting Technology Priorities in the Digital Age

Christopher O’Malley is CEO of Compuware Corp.

As a new business-minded administration takes office—and as Congress considers revamping the Modernizing Government Technology Act—federal agencies have a tremendous opportunity to get it right. Imagine a world where taxpayers’ 1040 form were pre-populated with data, where seniors could handle all their Social Security life events online, and where citizens never have to enter a government office.

It’s a result everyone wants. But there’s lots of disagreement about how to get there.

As a CEO who has spent decades helping large organizations and government agencies achieve their modernization objectives, I believe there’s much that can be learned from the experiences—and the mistakes—of the private sector.

I also believe the culture the new federal CIO brings to the IT landscape will have a major impact on how agencies and departments look at transformation. There is no silver bullet for modernization. So, I’m hoping the Office of Management and Budget and the federal CIO’s office won’t get sucked into hype and buzzwords that benefit technology vendors more than federal agencies and their constituents.

First, there must be a change in mindset. Federal agencies’ IT organizations don’t exist to serve “the government.” They exist to serve the citizenry as individuals and the nation as a whole. The differences are many and profound. Intuitive, fast and reliable self-service has become the norm. It is reasonable for citizens to expect as much from their government.

Proven Best Practices from the Private Sector

That change in mindset alone won’t get the job done. The next question is what best practices enable large organizations to execute on a customer- or citizen-centric game plan.

Based on my experiences, the following action items should top a federal CIO’s list of immediate priorities:

Build on What Works Well

The worst possible way to launch a modernization initiative is with a rebel yell to “rip, rewrite and replace” all legacy systems. The effective and efficient code behind those core systems is invaluable and should generally be viewed as the crown jewels of any agency. They are legacy in the best sense of the word. With proper stewardship, they can be quickly and cost-effectively advanced and extended to appropriately address the needs of customer-citizens. So start with the economic wisdom to build on what works well and avoid the industry pressure to redistribute taxpayer dollars to Silicon Valley.

Use the Right Platform for Each Job

Decisions about platform should be purpose-driven. I’ve seen many organizations (including my own) succeed with a two-platform approach that hosts uniquely, mission-critical systems-of-record workloads on the mainframe while common functions such as email or accounting are consumed as cloud services.

There are three key reasons for keeping systems of record on the mainframe. The first is reliability. As February’s Amazon S3 outage so dramatically demonstrated, even the most reputable cloud providers are vulnerable to outages. No agency can afford to put their systems of record at such unacceptable risk.

Second is the high failure rate for “rip, rewrite and replace” projects. The Commonwealth of Pennsylvania, for example, wasted $160 million in taxpayer dollars on a mainframe re-platforming project that went nowhere. With a fraction of that amount, the state could have dramatically enhanced services to its citizens by simply building on the working system already in place.

Third is the fact that mainframe applications are no longer condemned to slow, out-of-date waterfall development cycles. Recent innovations have given agencies the ability to embrace agile and DevOps best practices to the mainframe. So the rationale for re-platforming based on the supposed inflexibility of mainframe systems is no longer valid.

Ninety-six of the world’s largest 100 banks host their systems of record on the mainframe—even as they innovate new web and mobile customer experiences for their customers. That’s because no other platform can match the mainframe’s reliability, scalability and security. Federal IT leaders seeking to optimally serve their constituents would do well to follow banking’s example.

Embrace Agile and DevOps to Accelerate Throughput of Ideas to Deliverables

Today’s applications are composite applications, leveraging systems of record, systems of engagement and middleware. To deliver game-changing customer/citizen experiences, agencies must therefore embrace and coordinate agile and DevOps best practices across all platforms. Otherwise, IT will remain a house divided against itself.

These best practices require re-tooling development, test/QA and operations across all platforms. But unlike high-risk re-platforming, re-tooling consistently pays off. Re-tooling enables agencies to streamline the conversion of great ideas into great experiences. It drives down the cost of digital, and it reduces the risk of project failures.

Perhaps most important, great tools help create a highly attractive workplace for talented digital artisans. And those artisans are central to the success of any organization, whether public or private.

Find the Real Cybersecurity Gaps

Neglected legacy systems are often made the scapegoat of cybersecurity incidents, wrongfully blamed for breaches because of their supposed “antiquity.” The Office of Personnel Management breach, for example, was not caused by any weakness in the mainframe itself, but in the systems surrounding it. It was those surrounding systems that were penetrated using malware—which is turn led to the theft of logon credentials for the mainframe.

However, all systems—whether cloud, distributed or mainframe, are increasingly vulnerable to insider threats—where a government employee or contractor is the source of the breach, or whose login info has been compromised by an outsider.

Notably, in its 2016 Cyber Security Intelligence Index, IBM found 60 percent of all cyberattacks were carried out by insiders. Agencies therefore need to pay special attention to how they manage and monitor privileged access to legacy systems where the bulk of personally identifiable information typically resides.

One Size Won’t Fix All

There is no single panacea for federal IT. Federal CIOs must resist the temptation to succumb to the hype of the Next Big Thing and adopt the management philosophy that’s been successful for other large organizations: build on what works, focus modernization efforts on what truly creates better customer experiences, and make investment decisions like it was your own money. That philosophy can transform services to citizens in countless high-impact ways—while avoiding the high risks and high costs of needlessly disruptive approaches.