IT Moderization Challenges
Federal Agency View
Role of the CIO
Role of the CIO Council
Role of FITARA
The federal tech industry is actively assessing how digital transformation can support budget cuts to remain at the forefront and relevant to the sweeping changes occurring in government. IT modernization and tech efficiency have long been priorities in the federal space, but evolving policies are driving the need for unprecedented adaptation.
We’ve discussed the seismic shift in the US Federal Government related to budget cuts and fiscal responsibility across agencies. We’ve also touched on the role of FedRAMP and its function within digital disruption. To stay ahead, federal tech providers must navigate this fast-changing and shifting landscape.
Let’s explore the federal technology history on managing digital transformation with possible outcomes with the existing government guardrails we have in place.
IT Modernization Challenges
While the existing cloud year-over-year spend is healthy (Deltek market intelligence reports, “Federal agency cloud demand will grow from $21.8B in FY 2024 to $30.3B in FY 2028”), however 80-85% of the 100 billion spent in Federal IT is spent on traditional IT and legacy systems.
HINT– IT Modernization and Legacy Applications is where the biggest addressable cloud markets exist for CSP’s!!
If it were only that easy. Here are some of the key reasons why IT modernization efforts have failed in the past within the U.S. federal government:
Complexity of Legacy Systems – Outdated systems, often built decades ago, are deeply embedded in agency operations with an expensive support workforce, making migration difficult, costly, less secure and likely to fail.
- Insourcing IT systems and programs – a significant amount of IT systems were built and managed internally rather than leveraging service based IT/cloud which are can be more secure and reduce CapEx spend.
- Insufficient Funding & Budgeting Issues – Short-term, annual funding cycles and competing priorities often prevent long-term investment in modernization, leading to continued reliance on aging infrastructure.
- Slow Procurement & Rigid Contracts – Bureaucratic procurement processes, complex regulations, and rigid contracting structures hinder flexibility, causing delays and escalating costs.
- Security & Compliance Barriers – Strict federal security requirements and concerns over data sensitivity create challenges for cloud adoption and modernization, slowing progress.
- Lack of Skilled Workforce & Leadership Support – A shortage of qualified IT professionals, resistance to change, and lack of consistent leadership hinder successful transformation and modernization efforts.
While federal cloud specific spending has been rising over the past few years, much of the cloud opportunity hasn’t been unlocked due to the government’s inability to modernize its infrastructure and legacy IT systems at a faster, secure pace. Let’s take a step back to understand how the federal government is structured for ownership of IT transformation and what guardrails are already in place.
Federal Agency View
The Office of Management and Budget (OMB) and Congress shape policy and funding, ensuring alignment with broader government-wide priorities. This leadership structure ensures agencies operate effectively while maintaining accountability and transparency.
The federal agency has an appointed leadership head that sets the strategic vision, while Chief Operating Officers (COOs), Chief Information Officers (CIOs), Chief Financial Officers (CFOs), and other C-suite, typically Senior Executive Service (SES) executives drive execution. This general framework applies to most of the Federal Government’s leadership structure. It’s important to note that historically the SES has operated independent of political appointment cycles in an effort to maintain continuity of leadership in government. The current administration would like to change the narrative and allow the placement of more political appointees to drive change at multiple levels within agencies and change the power dynamic within SES programs.
Further, every federal agency is required to have a strategic plan that outlines its long-term goals, priorities, and strategies for fulfilling its mission. The strategic plan is an attempt to create long-term initiatives that extend beyond political appointee cycles. In reality, these plans are constantly being updated when an administration changes. For example, typically every four years, Health and Human Services (HHS) updates its Strategic Plan (most cases aligned with presidential terms), which describes its work to address complex, multifaceted, and evolving health and human services issues.
Within this construct, each Federal Agency must also create an Information Technology Strategic Plan in which the CIO will look to align technology’s role in achieving the agency’s mission. Extending this example, HHS also delivers the HHS – Information Technology Strategic Plan which outlines how HHS will use information technology (IT) to support its mission, improve efficiency, enhance security, and comply with federal mandates.
HINT– CSP’s should be laser focused on how their cloud offering aligns with the agency’s mission & business goals and strategic plan
Role of the CIO
The CIO role requires bold leadership and vision while balancing speed and capability. By definition, “The Chief Information Officer (CIO) challenges executive leadership to think strategically about digital disruptions that are forcing business models to change and technology’s role in mission delivery.” The agency CIO’s role by law is to enable the organization’s mission through the effective use of the following areas below.
IT modernization in the federal government can be complicated, but agency stakeholders need to remember one important step: consolidate capabilities by shedding applications and other IT waste. Consolidation has proved difficult for agencies to accomplish for a multitude of complex issues. With emerging budget cuts, it will become critical for agencies to prioritize limited and competing resources.
As a technology leader, the CIO enables and rapidly scales the agency’s digital business ecosystem while concurrently ensuring digital security. The CIO drives transformation, manages innovation, develops talent, enables the use of data, and takes advantage of evolving technologies.”
The role of the CIO expanded further under the Federal IT Acquisition Reform Act (FITARA), which established the agency CIO as a key strategic partner to the agency head and enabler of agency modernization goals.
IT Modernization will require a CIO’s bold leadership and vision while balancing speed and capability.
Role of the CIO Council
Considering policy changes, it is expected that IT consolidation and legacy IT deprecations will be reviewed closely, and existing government guard rails will be leveraged to impact change. Given the critical nature of the CIO role and its responsibility and impact to digital disruption, the CIO Council was formed in 2002 to improve IT practices across U.S. Government agencies. The CIO Council is a forum of Federal CIOs. CIO.gov is where they share priorities, key technology policies, news, and the programs and events sponsored by the Council.
The Federal CIO Council released an Application Rationalization Playbookdesigned to help agency portfolio managers facilitate application rationalization under the Cloud Smart program in support of their IT modernization efforts. This playbook is designed to uncover issues such as application duplication, siloed business units, and unnecessary IT costs, so agencies can address them head-on.
When evaluating existing applications, this playbook provides a great guide in helping agency CIOs through application discovery and, ultimately, application placement.
Another planning element of the Application Rationalization Playbook, Technology Business Management (TBM), helps address some of the issues in accounting for IT costs. TBM is a great place to start when trying to understand all the costs associated with hosting, securing, and providing service to existing applications.
The key to the TBM framework, for the government, was to ensure IT spending aligned with agency business objectives rather than IT strategic objectives.
Hint – REPEAT AGAIN, IT spending should align with agency business objectives rather than just IT strategic objectives.
Your IT modernization plan must have synchrony between the IT strategic objectives and the agency business objectives to successfully role out at scale.
So how does this work out in practicality? The playbook outlined a use case with the Department of Justice (DOJ) which has 26 components. They selected the Antitrust Division (ATR) to conduct a pilot using this playbook and share lessons learned with the rest of the Department.
One of the key outcomes from the ATR pilot was a recommendation that DOJ should have a single system of record for application inventory. ATR used a single Microsoft Excel Workbook that was sent to various ATR sub-organizations that subsequently engaged several application owners to manage the data.
Instead of every DOJ component running separate tools with separate tracking mechanisms, the recommendation was to eliminate redundant touchpoints to vastly simplify the application rationalization process for ATR and, possibly, the Department.
Role of FITARA
FITARA was designed to strengthen the role of CIOs in federal agencies, giving them greater authority over IT budgeting, acquisition, and modernization efforts. FITARA aims to reduce wasteful spending, enhance cybersecurity, and promote cloud adoption and data center consolidation. The FITARA Scorecard is used to assess agency progress in meeting these goals.
One other area that has been mentioned frequently is the impact of the Technology Modernization Fund (TMF), established in December 2017 as a funding mechanism to improve, retire, or replace existing systems. While many have called the TMF grossly underfunded, many also attest to the government being too bureaucratic and resistant to change.
Hint – Keep a close eye on the TMF (or equivalent funding vehicle) as a technology modernization push could drive this funding vehicle up significantly.
Summary
As we navigate the direction of new policy shifts, one thing is certain, change is inevitable. These transitions present complex challenges, and we recognize and empathize with those working through them. Significant scrutiny will be placed on agencies and how government funds are spent, to identify any overlap of missions, roles and how technology can enable delivery of government mission, functions, and services.
We’ve long held the opinion that adopting commercial best practices for technology government procurement, with the right security governance, can yield impactful results. In most cases (mission dependent), IT systems should be service-based and the federal government should get out of the business of owning IT and operating data centers. Comprehensive vetting of cloud service offerings will be required, through programs such as the FedRAMP/DoD/CMMC authorization process, but changes are needed to each of the authorization programs to streamline processes, improve efficiency and ensure secure cloud offerings.
Once policy changes have landed, we expect to see the role of the CIO council and agency CIOs leveraged more with leading the charge against digital disruption, both from an emerging technology perspective (like Artificial Intelligence), traditional IT, and legacy application modernization. As noted above, FITARA aims to reduce wasteful spending, enhance cybersecurity, and promote cloud adoption and data center consolidation. FITARA could be an effective lever (with adjustments) to drive change within the federal agencies. In addition, TMF could be the funding mechanism to drive more modernization efforts within the agencies.
Digital disruption for the government is coming from many different angles. Delivering more cost effective, secure technology solutions will be the future for federal technology providers to stay on the government forefront.
Sources:
- The Application Rationalization Playbook – An Agency Guide to Portfolio Management – CIO Council
- GAO – Report to Congressional Committees – Technology Modernization Fund (December 2023)
- GAO – Report to the Ranking Member Subcommittee on Cybersecurity (September 2024) – https://www.gao.gov/assets/gao-24-106137.pdf
- Deltek – Cloud Spend Forecasting 2025
- CIO Handbook – CIO Role at a Glance https://www.cio.gov/handbook/cio-role-at-glance/
+++++
Fortreum is an independent firm specializing in audit, advisory, and technical testing services, delivering cybersecurity expertise in highly regulated industries. Our mission is to simplify cloud and cybersecurity challenges for our clients. With nearly 25 years of combined experience in both the public and private sectors, Fortreum is dedicated to addressing our customers’ complex cloud and cybersecurity needs.
For more information, visit the Fortreum website or follow the company on LinkedIn at LinkedIn.com/company/fortreum.
Should you have questions about your FedRAMP, XRAMP, cloud and cybersecurity readiness, please reach out to us at Info@fortreum.com or Contact Us at https://fortreum.com/contact/
