Cybersecurity is front and center on the minds of nearly all federal IT professionals.
Huge budgets and myriad laws, policies, directives, best practices, products and services are dedicated to protecting federal IT applications and data. In fact, one could argue that we deploy more money and people to cybersecurity than any other organization in the world. Hack after hack leads us to only one question: Why are we failing?
Let’s take a step back and try to reimagine this as a physical scenario. Say we have a dam that constantly leaks. To solve this, we spend hundreds of millions of dollars on tools and people to make the leaks stop — for years. However, despite our best efforts, the leaks continue. We hire a new Chief of Dam Operations who states the obvious: The leaks need to stop. The Chief of Dam Operations has a plan: Spend even more on people and tools to stop the leaks.
The federal IT landscape has the same type of problem, solution and, unfortunately, the same lack of result as the leaking dam. Instead of overhauling the entire IT infrastructure, federal leaders are draining their assets on temporary fixes.
The truth about the state of federal IT is that our legacy applications are largely unprotectable. I don’t care how much money you throw at the problem; we will continue to spring leaks left and right. This method to solving IT challenges has proven to be ineffective and unsustainable for federal IT leaders across agencies.
In fact, most applications consist of 10 layers of technologies required just to make the application work. Each of those 10 layers of technologies has its own versions and patches. For a common configuration, we calculate the total possible permutations of versions and patches to be 6 nonillion combinations — that’s 6×10^30. I’ll save you the Googling, it is a real number.
Couple this complexity with a contracting environment that drives cyber-related rates, as well as talent, down to lowest acceptable levels, and we have a recipe for continuing and persistent leaks in our IT dam. If only there was an alternative!
Of course, there is an alternative. The strongest cyberdefenses in the world are deployed by cloud-based application development companies, like Salesforce. In the private sector, when banks like Morgan Stanley use Salesforce as their application development platform, they are, in fact, building their applications within a secure stack of technologies delivered by Salesforce within the Salesforce cloud. It isn’t just faster and cheaper. Rebuilding applications using these cloud-based, application development environments means we inherit world-class cyberdefenses. As a government, we are just beginning to realize that these cloud environments are more secure than our highly fragmented, lowest-cost legacy environments and technologies.
PEOTUS Trump talks about a physical wall to defend the physical assets of this country, while the more pressing and accomplishable achievement might in fact be to protect federal IT assets by leveraging the digital wall that already exists. Companies like Salesforce have deployed a digital wall that can protect this nation’s IT assets. The digital wall exists, and yet as a government, we have not yet begun adopting its use as a matter of national security.
The fact that this approach results in more secure applications should be enough to codify the redevelopment of applications as a matter of governmentwide policy, nevermind that rebuilding legacy applications in cloud-based platforms results in a lower total cost of ownership.
As a government, we don’t need huge initiatives to build digital walls to protect this country. We already have a digital wall ready to go, but we need to start using it.
The Trump administration will govern during a period when more agencies are choosing to use this digital wall than ever before. Major mission applications are being rebuilt in the cloud to not only save money, but to protect the applications and data behind this digital wall. The Trump administration can accelerate this pace of change through bold and meaningful policy.
Agencies lingering in fragmented, vulnerable on-premise environments should be spurred along into the modern era of application development. Major rebuild efforts should be started as a “new deal” for federal IT.
An era of lower IT costs and increased cybersecurity is within our reach. As one senior official asked me recently, “what do we need to do to get this done?” My response: “Lead.”
Phase One CEO Jerad Speigel is responsible for the firm’s strategic direction, including growth strategies, investment strategies, and overall health. Phase One is a Federal sector focused IT transformation firm with private equity investment from RLJ Equity, Enlightenment Capital, and Salesforce Ventures.