The $1.9 trillion American Rescue Plan will likely have a significant and positive impact on application modernization initiatives for agencies. The plan includes $1 billion into the Technology Modernization Act funding vehicle.
The Modernizing Government Technology Act (MGT Act) was signed into law in 2017 to provide agencies with funds they can apply to their IT modernization efforts, including those around cybersecurity. Agencies could apply for funding from the Technology Modernization Fund, which was designed to help them move on from legacy systems and invest in agile, transformative technologies.
Agencies have a tremendous opportunity to accelerate their application modernization initiatives, like the Department of Labor, which already received $9.6 million from the Technology Modernization Fund to update its enterprise data platform, less than a day after lawmakers put this historic plan in place.
With current legacy and monolithic applications impeding mission success for many agencies, including challenges with dated and complex federal network architecture and app development processes, poor digital experiences for citizens and government employees, and evolving security vulnerabilities, agencies have a whole host of challenges to solve. The following are my suggestions on where to focus app modernization efforts to best maximize impact on mission success.
Where to Start
While funding is typically the difficult part, deciding where to focus efforts is usually the next hurdle to overcome. The NIST Cybersecurity Framework guides agencies in the establishment of better risk management practices by taking a holistic lifecycle approach to risk management. Using the guidelines set forth by NIST, agencies continually assess and mitigate risk through five core functions: identify, protect, detect, respond, and recover. This framework is a useful tool as it affords organizations a standardized structure through which they can create highly adaptive security programs. It does this while providing flexibility so organizations can customize it to meet their unique needs while providing a common blueprint for managing risk and addressing vulnerabilities.
If the last year has shown us anything around cybersecurity, it's that it should be front-of-mind when we think about where to prioritize efforts. Both new and legacy systems were shown to be underserved in the last round of cybersecurity incidents. It’s telling that CISA itself will receive $650M for cybersecurity risk mitigation to safeguard the '.gov' networks alone. That does not, however translate to securing EVERY network and every application under the government’s umbrella.
Digital transformation has ushered in “new” and somewhat invisible technologies like API based transactions. While these APIs are invisible to our users and applications for the most part, they still fall prey to attack and misuse. Many agencies lack a way to manage APIs across their environments in a secure and scalable fashion. Investing in solutions to ensure APIs are deployed and managed securely should be a top priority.
Application vulnerabilities continue to be a common attack vector for attackers. As we know, software is made by humans and humans are not perfect. While vendors strive to produce flawless code, mistakes happen. The ability to react, defend, and secure is key, now more than ever. During this time of transformation, it can be difficult to maintain a foot in each pond to ensure legacy apps as well as next generation apps are protected. This can lead to tool sprawl and multiple points of reconciliation. Adopting tools which can not only automate application delivery, but also protect those applications no matter where they live, is incredibly important. The more places we need to check, the more likely we’ll miss something. Let’s focus on tools that allow us to automate and operate in any environment, any cloud, any ecosystem, and do it securely.
Finally, we’re reminded or maybe just re-acquainted with the fact that supply chain is critical. SUNBURST has shown that even organizations who are known for their ability to detect, secure, and defend are not impenetrable themselves—and that there are industry-wide opportunities to do a better job at securing infrastructures.
Now Is the Time to Improve Your IT Services
The American Rescue Plan provides agencies with a once-in-a-generation opportunity to leverage government support to improve IT services that will last for years. F5 can help you identify areas in need and prioritize your funds so you get the most value out of your allocation.
To learn more, visit our government solutions page, request a free trial, or contact us.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...