Legacy IT spends are one of the biggest reasons for lackluster performance in organizations. IT drives business, but when most of the activity around that IT is maintenance and problem resolution, there is little left for innovation and progress. This problem affects enterprises in all sectors, but especially government organizations. On the web site of the Office of the Federal Chief Information Officer, the figures say it all. Of the $82 billion in Federal IT spending for 2017, 78 percent ($63 billion) is legacy IT spending, meaning “spending dedicated to maintaining the existing IT portfolio.”
The IT Legacy System Trap
There is a double sting in the tail of an existing IT portfolio too: the overall security risk and growing difficulty of dealing with many of the systems concerned. A vicious circle develops. The more organizations spend on keeping installations afloat, the more bloated that budget becomes, and the less there is to fund a move to newer solutions. Yet modernization is often the only way for agencies and enterprises to deliver the functionality, security and cost-effectiveness that users and stakeholders demand.
Consequently, the question about IT modernization is not “if,” but “how soon.” Every day spent funding inefficient, ineffective legacy systems is costly. There is little if any real return on such investment. The President’s FY 2017 Budget singles out the upgrading or removal of legacy IT systems as a critical part of improving Federal Government cybersecurity and efficiency. To modernize properly means:
- Priority planning for high-risk IT systems
- Dealing with significant interdependencies (modernizing one system can affect others)
- Developing a current enterprise roadmap with a focus on IT modernization
Choices of technical solutions will depend on needs to protect sensitive data, cut costs and provide given levels of service. It is likely that cloud solutions will feature increasingly. Federal Risk and Authorization Management Program (FedRAMP) certification allows public agencies to use such solutions and offers assurance for private enterprises. Cost advantages include a low- or no-capital spend and pay-as-you-go pricing model.
Criteria for Prioritization for Modernization
Systems that are candidates for modernization can be evaluated using four criteria defined by the Office of the Federal Chief Information Officer. These criteria can also be applied in private enterprises that seek to improve their IT performance and reduce their costs.
- Security Risks. Sensitivity, past incidents, compliance with National Institute of Standards and Technology (NIST) standards, limitations or unavailability of vendor support and documented deficiencies are all in the mix for calculating an overall rating.
- Operational Risks. Mission criticality, operational stability, difficulties in system integration, deficiencies in data integrity and “technical friction” (factors limiting modification) count here. So do costs both in terms of system and staff skillset (human capital) maintenance.
- Modernization Impact. Improvement in functionality, simplification of business processes, standardization or reuse of new technologies and cost reductions.
- Execution Ability. Not only whether system and staff resources are in place to do the modernization, but also agency track records in delivering systems and the existence of suitable management (governance) frameworks.
Execution and Continuous Modernization
While the scale of many public-sector IT installations surpasses those of the private sector, the needs and the principles underlying IT modernization are very similar. For example, an IT service provider able to assist federal agencies in moving to a new and improved IT environment is likely to be effective in helping private enterprises, too. A key point is that IT modernization is a continuing effort. Security requirements change continually. Opportunities for further cost-savings, performance improvements, or both, also appear at frequent intervals. The sooner proper IT modernization starts, the sooner organizations, end-users and stakeholders will see the benefit.