Agencies can bolster cyber posture in 3 easy steps [Commentary] Photo Credit: Jim Watson/AFP As many agencies within the federal government have been the victims of cyberattacks over the past decade, the frequency and magnitude of these threats is only growing by the day. When the valuable data of agencies and citizens is at risk, the federal government must go to greater lengths to mitigate any and all cyber vulnerabilities. So much focus is put on the vulnerability of networks, and yet the vulnerabilities of legacy, outdated applications are a major issue. Antiquated applications means antiquated security architecture, and no amount of fingers in the dam will plug the cyber leaks. Plenty of focus has been given to cyber sprints, cyber policy and cyber tools. However, we should strive to reduce investments in cyber by resolving the legacy, foundational problems within our applications. Step #1: Address the Legacy Problem Spanning from OPM to the DNC and RNC hacks, federal agencies have become wary of the many cyber threats existing in the digital enterprise today. However, it is increasingly difficult for agencies to mitigate these threats because of one key reason: legacy technology. For decades, federal agencies have used brittle applications, deteriorating IT infrastructure (both virtual and on-site), as well as other error-prone legacy systems, which feature a myriad of version and patch permutations. It is nearly impossible to translate the countless technology layers within the federal enterprise – the complexity of these antiquated IT platforms is too vast, error-prone and expensive. As a result, the federal government is left to work with crumbling digital architecture and applications, which have left gaping holes in its security posture. Additionally, legacy systems can have a serious impact on network visibility, often times causing “blind spots,” which enable both inside hackers and foreign adversaries easy access to enter and compromise an agency’s IT network within minutes. If we keep patching these legacy systems just to keep the lights on, we are collectively shooting ourselves in the foot. The time to transform and migrate these vast unsecure systems must be now, before even bigger breaches occur. Agencies should move swiftly to catalog all of their systems and weight systems based on their cyber risks. Systems that hold sensitive data and are supported by antiquated technologies should be moved to the top of the modernization list. Agencies will not be able to solve all problems at once, but every agency should be expected to begin re-building systems now, and working diligently towards a more secure target state using modern technologies. Step #2: Begin the Shift to Modern Platforms It’s undeniable that legacy technology is a money pit for agencies – these systems continue to deplete budgets and create numerous silos, whether it’s stunting workforce productivity or exposing agencies to potentially detrimental security risks. As a result, there’s never been a more crucial time for agencies to replace these outdated models with state-of-the-art IT solutions. While there are many technologies that can help agencies overcome IT challenges, Platform-as-a-Service (PaaS) software is one of the most cost-effective, user-friendly solutions that enables agencies to efficiently rebuild their existing systems at an enterprise level. By leveraging FedRAMP-approved, cloud-based PaaS solutions, agencies can accelerate the pace of IT change while simultaneously improving their cybersecurity posture. Due to its low O&M cost, PaaS solutions can also help the federal government stretch its IT budget, allowing agencies to make greater investments in modernization with each and every legacy system that is shut down. The holy grail of cost savings paying for the next modernizations can actually happen. And unlike legacy technology, which unsuccessfully operates its many outdated versions and patches, PaaS solutions offer a sound security infrastructure from firewalls to encryption. These commercially-vetted security features are world-class, and regularly tested in order to meet the federal government’s high security standards. As the likelihood of cyberattacks is higher than ever before, it’s imperative that federal agencies make the steadfast and informed decision to do away with their antiquated systems and adopt sophisticated, modern solutions. Step #3: Align with President Trump’s IT Objectives Recognizing these large cybersecurity risks, President Trump has made it clear that bolstering the government’s cybersecurity posture will be a top priority for his administration. Agency CISOs and CIOs need to proactively align their IT efforts with the cyber goals and priorities of the new administration. Rather than simply investing in cyber tools, CISOs should be supporting more wide-spread legacy IT modernization initiatives within their agencies. The most successful CISOs will be the ones with the most modern mission systems. Each agency needs its own IT transformation initiative, designed to re-build the most dire of their legacy IT solutions. Roadmaps should be built to clearly illustrate cost savings from reductions in O&M, and how those savings will pay for the next sets of modernization projects. Cyberattacks don’t have to be an inevitable occurrence for the public sector – by implementing these strategies, federal leaders and employees can achieve the Trump administration’s cyber vision and ultimately bolster their cybersecurity posture for years to come. As the president of Phase One, Thomas Charuhas is responsible for the firm’s strategic direction, including growth strategies, investment strategies, and the overall health of the firm. Phase One is a federal sector-focused IT transformation firm with Platinum level partnership designation from Salesforce.com.