ICIT CERTIFIED: This white paper by ICIT Cabinet Level Fellow Program Member Micro Focus Government solutions offers valuable insights on the Modernizing Government Technology Act (MGTA). It has been reviewed by ICIT researchers and is a valuable educational document for both public and private sector cybersecurity practitioners seeking to understand how to get the most out of MGTA and offers meaningful recommendations, examples, charts, and a glossary of terms to educate the reader on MGTA. ICIT encourages its community to study its contents and share it among their networks.
Over the past few years, FITARA, DCIO, CDM, FedRAMP, and several other initiatives and scorecards tell IT what they need to do and grade them on it, but never how to go about improving or how making changes in culture or behavior will lead to better results for subsequent endeavors. Part of the problem is that virtually all new initiatives are targeting use of the small sliver of budget available to support innovation. With the passage of Modernizing Government Technology (MGT) Act at the beginning of the year and the American Council on Technology’s (ATC) report to the President, the focus is squarely on IT modernization and Cyber Security.
MGT will focus on cost savings and improved outcomes (including cyber)—and rightfully so. The problem is that most agencies do not understand their baseline costs, and so their approach to IT modernization focuses on time to value and cost avoidance. But this does not always translate to cost savings, and worse, often bears little correlation to desired outcomes. Studies show that many Federal Agencies don’t have situational awareness of the inventory of assets and applications on their networks, nor are they able to breakdown cost by IT capability within their own departments and agencies. It’s no wonder there are countless examples of redundancy, shadow IT systems, and legacy systems. The problem is further exacerbated by contractual obligations, reprogramming limitations, annual artificial budget boundaries, and a lack of tools to support accurate and granular measurement of capabilities and their use, and therefore proper management. For instance, there are over a thousand vacation request systems scattered across the Federal Government, if even ten percent of these could be identified for consolidation in an MGT phase one program, significant headway could be achieved.
MGT takes an approach that focuses on pairing loans with an oversight board to entertain novel proof of concepts (PoCs) backed by best practices in program, contract, and technical management that can be reproduced at scale across multiple departments and agencies. As with any legislation, it must be translated into policy, and that policy into guidance—in the case of IT, with some from OMB—on the “what” needs to be done and proposal evaluation criteria. What is missing—yet again—is the “how” to successfully achieve the results desired on the other end.
The cost savings are the “what.” The “how” is made up of best practices that should be developed as part of the PoCs. Shared Services are an obvious way to address cost savings, and consolidation is a core methodology for shared services delivery. How IT teams working on MGT projects approach existing programs, platforms, and contracts, and how they implement repeatable step-by-step processes to deliver value from shared services, is just as critical as the results they achieve. For example, information security and IT Operations should be addressed in an integrated fashion, leveraging standards and automation. World class organizations who’ve undertaken digital transformation employ a standard IT value chain applied to ensure reproducibility at each stage (plan, build, deploy, run).Proper cost accounting, project portfolio management, application delivery management, information security and IT management require the proper tools and enterprise-wide governance. Risk and compliance capabilities are required for this next generation IT Operating model.
This paper addresses the “how,” rooted in a fundamental philosophy that IT should run like a business and align to open industry standards. In reading this paper we believe CIOs and IT program managers will realize they can achieve improved outcomes by changing their culture, contracting methodologies, consolidation priorities, and strategies for migration and cloud adoption. We describe the “how” in a prescriptive fashion, with careful attention on assessment of current IT capabilities and program portfolios, and how to correlate cost with outcomes to better understand the TCO for various options with a focus on consolidating common business processes to deliver digital transformation. It’s the position of this paper’s authors and Micro Focus® Government Solutions that MGT PoCs should be approached as a series of pragmatic and incrementally higher risk but higher yield projects, starting with “low hanging fruit” projects that deliver quick results with quantifiable and reproducible cost savings.