Nearly two-thirds of government IT leaders say legacy systems are still holding back modernization. This reality helps explain why many public sector organizations find themselves caught between ambition and caution. Agencies recognize the need to modernize applications and prepare for AI, but aging infrastructure, growing security risk, and strict compliance requirements make the path forward complex.
That said, public sector organizations are not short on momentum. Many are actively migrating to the cloud, modernizing applications, and evaluating how AI could improve service delivery, employee productivity, and citizen engagement. The challenge is doing so in a way that preserves availability, protects sensitive data, and maintains public trust.
“By combining AWS cloud infrastructure with F5 ADSP, public sector organizations gain a practical, scalable path to modernization. ”
Enabling this safe and responsible modernization requires both a strong cloud foundation and consistent application-layer controls. To make it possible, AWS and F5 provide a scalable, compliant foundation for public sector modernization, combining cloud infrastructure with application delivery, security, and visibility as services evolve across legacy, cloud, and AI-driven environments.
Legacy systems and security risk remain the primary blockers
Legacy infrastructure continues to shape what public sector agencies can safely modernize. These systems were not designed for distributed architectures, API-driven services, or AI-enabled workflows, yet they still support essential government functions.
Aging platforms frequently create operational inefficiencies and security challenges for public sector IT teams. Systems that are difficult to update or integrate increase operational burden and expand the attack surface. At the same time, agencies must protect continuity of service and public trust, making wholesale replacement approaches unrealistic.
F5 helps agencies to reduce this risk by bringing security and control closer to the application layer, regardless of where systems are hosted. Through the F5 Application Delivery and Security Platform (ADSP), agencies can apply consistent application security, traffic management, and visibility across environments, while AWS provides the scalable, compliant cloud foundation that supports gradual modernization.
Together, this approach enables agencies to modernize incrementally by:
- Maintaining consistent security policies across on-premises and cloud environments
- Reducing application-layer exposure as new interfaces and services are introduced
- Preserving availability and performance for mission-critical services
Cloud adoption is widespread, but mission-critical apps still lag
Most public sector organizations now have a defined cloud strategy, and many commodity services have already moved to cloud platforms. Yet mission-critical applications often remain on premises due to cost concerns, architectural complexity, and regulatory sensitivity.
This creates a familiar gap: agencies may be cloud-enabled, but not fully cloud-modernized. Critical workloads still require high availability, predictable performance, and strong security controls regardless of where they run. Without consistency across environments, cloud adoption can introduce fragmentation rather than simplification.
F5 addresses this challenge by extending familiar application delivery and security capabilities into AWS environments, allowing agencies to modernize at their own pace. AWS provides multiple modernization paths—including Kubernetes, serverless, and modern DevOps—while F5 ADSP ensures security is integrated across those approaches.
This model supports secure app modernization by enabling agencies to shift security left into CI/CD pipelines, reduce complexity across clouds and data centers, and maintain usability with minimal friction for citizens and employees.
AI raises the stakes for security, compliance, and resilience
Today, agencies are exploring use cases such as multilingual citizen services, fraud detection, and productivity automation. But simultaneously, only one-sixth of government leaders report high or very high generative AI expertise, highlighting a significant readiness gap.
AI introduces new risks alongside new capabilities. AI-powered fraud schemes are now widespread, with nearly all government fraud fighters reporting exposure and 70% seeing an increase over the past five years. Bots increasingly target login flows, password resets, and application layers, while AI systems introduce risks such as prompt injection, data leakage, and policy violations.
F5 helps agencies address these risks by securing AI models, agents, and interactions at runtime. Through F5 ADSP and technologies such as F5 AI Guardrails (https://www.f5.com/products/ai-guardrails), agencies can protect AI systems from adversarial attacks, including prompt injection and jailbreaks. They can also secure AI data and prevent leakage or compliance failures, govern responsible AI usage with enforced model and agent privileges, and maintain continuous visibility and traceability across AI interactions.
Meeting compliance without slowing modernization
Compliance remains a defining constraint for public sector modernization. AWS GovCloud (US) supports U.S. federal, state, and local agencies with cloud services operated on U.S. soil by U.S. citizens, and complies with key frameworks such as FedRAMP High, CJIS, ITAR, EAR, and DoD SRG.
F5 complements these controls by aligning application and data security with government requirements, including FISMA, FIPS 140-2/140-3, Common Criteria, CSfC, and DoDIN APL.
This alignment allows agencies to modernize applications and adopt AI without introducing compliance gaps as architectures and use cases evolve.
Modernizing with confidence
Public sector modernization is about moving forward without increasing risk. Legacy constraints, cloud adoption gaps, and AI security concerns are deeply interconnected, and addressing them in isolation rarely works.
By combining AWS cloud infrastructure with F5 ADSP, public sector organizations gain a practical, scalable path to modernization. This approach supports secure application modernization, protects APIs and sensitive data, ensures performance and availability at scale, and enables responsible AI adoption.
The result is modernization that strengthens public services while preserving security, compliance, and public trust.
To learn more, see our F5 on AWS webpage.
About the Author
Related Blog Posts
F5 joins the Dell AI Ecosystem Program to help enterprises operationalize AI
F5 joins the Dell AI Ecosystem Program to help enterprises deploy production AI with greater performance, security, and control.
Why sub-optimal application delivery architecture costs more than you think
Discover the hidden performance, security, and operational costs of sub‑optimal application delivery—and how modern architectures address them.
Keyfactor + F5: Integrating digital trust in the F5 platform
By integrating digital trust solutions into F5 ADSP, Keyfactor and F5 redefine how organizations protect and deliver digital services at enterprise scale.
Architecting for AI: Secure, scalable, multicloud
Operationalize AI-era multicloud with F5 and Equinix. Explore scalable solutions for secure data flows, uniform policies, and governance across dynamic cloud environments.
AppViewX + F5: Automating and orchestrating app delivery
As an F5 ADSP Select partner, AppViewX works with F5 to deliver a centralized orchestration solution to manage app services across distributed environments.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.