Remember the opening scene in Raiders of the Lost Ark, where Indiana Jones has to outrun metal spikes, a giant rolling rock, and a tribe of ticked-off natives to steal the precious idol? That’s a lot of potential danger to navigate through to get to the ultimate prize, but Indy successfully achieved his goal (at least until Belloq stole it from him, the fiend).
Federal IT professionals may not wear dusty fedoras and carry leather whips, but they’re running their own kind of gauntlet. Most are in the midst of significant network modernization initiatives that are fraught with perils —not of the poison dart variety, but of the cybersecurity hue. For them, the idol is modernizing for the cloud and achieving greater agility; the traps are the security vulnerabilities that can all too easily spring up during the modernization phase.
A path paved with danger, but ending in riches
A few months ago, my company, SolarWinds, released the results of a Federal Cybersecurity Survey showing that the road to modernization is marked with risk. Forty-eight percent of respondents reported that IT consolidation and modernization efforts have led to an increase in IT security issues. These primarily stem from incomplete transitions (according to 48 percent of respondents), overly complex management tools (46 percent), and a lack of training (44 percent).
But just like Indy was able to steal the idol, find the Ark, and kiss the girl, the road toward modernization can also result in great reward. Twenty-two percent of respondents actually felt that modernization can ultimately decrease security challenges. Among those, 55 percent cited benefits in replacing old, legacy software, while another 52 percent felt that updated equipment offered a security advantage. Still more (42 percent) felt that newer software was easier to use and manage.
The challenge is getting there. As respondents indicated, the transitional period between going out with the old and in with the new is when issues are more likely to occur. During this precarious time, federal administrators need to take special care of the dangers lurking just around the corner.
Indy never had a protégé —sorry, but the kid in the second movie and Shia LeBeouf in the last one do not count —but if he did, you can be sure that person would have been trained really well. There’s no way the respected archaeologist would ever entrust his legacy to someone who didn’t know what they were doing —and federal IT professionals should not trust their legacy (systems) or modern IT tools to someone without the proper skillsets or knowledge.
Workers who do not understand how to use, manage and implement new systems can be security threats in themselves. Their inexperience can put networks and data at risk. Agencies must invest in training programs to ensure that their administrators, both new and seasoned, are familiar with the deployment and management of modern solutions.
Maximize the budget
We all know federal IT budgets are tight, but the purse strings got a bit looser earlier this year. Recently, the Obama administration announced a $19 billion proposal for cybersecurity that included $3.1 billion for an “IT Modernization Fund.” It’s meant to help agencies accelerate the replacement and updating of legacy IT systems that could pose security risks.
If the money is there, it’s up to federal CIOs to spend it wisely. Some funds may go to the aforementioned training, while others may go to onboarding new staff. Yet another portion could go to investing in new technologies that can help ease the transition from legacy to modernized systems.
Avoid doing too much at once
That transition should be gradual, as a successful modernization strategy is built a win at a time.
Administrators should start with a smaller set of applications or systems to upgrade, rather than an entire infrastructure. As upgrades are completed, retrospective analyses should be performed to ensure that any security vulnerabilities that were opened during the transition are now closed. Connected systems should be upgraded simultaneously. Further analyses should focus on length of time for the transition, number of staff required, and impact on operations, followed by moving on to the next incremental upgrade.
Indiana Jones went on some pretty big adventures in his day, and no matter the perils, he always managed to come out ahead. Federal IT professionals embarking on modernization efforts can certainly do the same.
Mav Turner is the director of product strategy for SolarWinds.