As the U.S. government increases its movement to the cloud, it requires new ways of managing this transformation and understanding the results. As it turns out, though, government IT modernization faces many of the same obstacles that have hindered private-sector enterprise organizations, including poor insights into their systems, limited adaptability to change, and bad team alignment.
So how can government IT departments do more with less budget, personnel, and time? Just as with enterprise IT, the most promising solutions call for government IT leaders to pivot their departments into agile teams that follow a DevOps approach and leverage cloud computing and new software.
Let’s take a look at some of the key challenges and opportunities facing government IT:
Agile government IT using DevOps culture
It all starts with a culture shift from outsourcing IT requirements to owning and developing new software supported by modern DevOps processes and tooling. We’ve already seen leading government organizations transform the way they operate using cloud computing and DevOps. These teams shifted their departments to run scalable technology stacks leveraging major cloud platforms like Amazon Web Services (AWS) and Microsoft Azure, freeing up limited team resources to make a larger impact by addressing bigger and more strategic problems.
In contrast, organizations that have maintained the status quo have endured some very public failures. Anyone launching a major government IT project without regard for instrumentation and monitoring is risking an appearance in the latest news headlines or even at a Congressional hearing.
The rocky launch of HealthCare.gov, for example, shows what can happen when a heavily outsourced IT project is siloed into many limited-scope contracts without observability. It turns out there wasn’t one big thing that caused the failure, but rather a combination of many system, process, and culture failures along the way—and New Relic was essential to untangling the mess. (This great FutureStack presentation video explains how the team that fixed HealthCare.gov got things back on track using New Relic.)
Pressure to modernize quickly
Today’s government IT teams are under incredible pressure to modernize their IT systems. Many government systems are built with old programming languages or are operating on antiquated computing mainframes. Knowledgeable resources with experience working with these legacy platforms are growing scarce. Just as problematic, many of these systems were developed over long periods with interconnections retrofitted later.
The cost and difficulty of operating and maintaining these systems has increased over time, while efforts to develop, modernize, and enhance these systems continue to be cut from budgets. These obsolete systems now pose huge risks and liabilities for government CIOs and CISOs.
Protecting data in the cloud
Unmonitored government IT infrastructure can often host old applications that contain sensitive information. Systems may go many years without receiving security patches—in fact, they may have been compromised for some time before IT administrators realize they have an issue.
As an established cloud service provider, New Relic has a full-time professional security team that works relentlessly to defend customer data. For good measure, our security team members have CISSP and CIPP certifications and also regularly speak at the Cloud Security Alliance, OWASP, RSA, and IAPP.
We implement third-party security audits designed to identify and fix security holes on a monthly basis. New Relic is committed to protecting customer data to the highest security standards such as FedRAMP (pending), SOC2, NIST SP 800-53, and CSA Star. Although application and infrastructure performance data is considered non-sensitive, people and processes are in place to ensure that data privacy standards exceed customer expectations.
Meeting FISMA compliance
Government organizations following the Federal Information Security Management Act (FISMA) have to undergo tough annual security audits. Though FISMA compliance itself is intended for government organizations and agencies, the security requirements within FISMA leverage FedRAMP controls for private organizations doing business with government agencies. (New Relic’s FedRAMP authorization and GSA listing helps cut the red tape of being able to purchase and use New Relic to identify and troubleshoot urgent issues for government websites and systems.)
If a government organization has scored poorly on a FISMA report card, it is required to use only FedRAMP-approved solutions because of the liability, cost, and extra time required for special approvals. Today there are just 90 FedRAMP-authorized products available and even fewer providers willing to bear the cost, time, and complexity of obtaining FedRAMP authorization. (New Relic has spent nearly two years working towards FedRAMP authorization, implementing the requirements for people, processes, and technology. We expect to get this authorization soon.)
Reducing cost while delivering more value
Advancements in the private sector demonstrate that shifting from siloed outsourced IT projects to building and deploying well-instrumented new software can lower operational risk, improve iteration speed, and help teams to deliver new features and value to users at lower cost.
At the same time, forward-looking government IT organizations (Medicare, Veterans Affairs, Immigration Services, GSA, etc.) that have made the leap to DevOps and the cloud have thrived in spite of their constrained budgets and limited resources. They have been able to deliver better user experiences at a reduced cost. It has also enabled government CIOs and CISOs to gain deeper visibility into the software and systems they are responsible for, and to be more accountable around risk, compliance, and budgets.
Modern tools for a modern government
The next generation of government IT needs to leverage better tools to be successful at deploying and operating scalable software and services at scale in the cloud. New Relic has been adopted in both the public and private sectors because our customers are able to find and fix problems faster, especially in highly complex operating environments. DevOps teams can move faster with confidence because they have better visibility into the dependencies of interconnected software and systems. This visibility enables better intelligence and insight into mission success, allowing teams to focus on innovation instead of wasting time troubleshooting.
In just a few hours—without being an expert in the architecture of a software system—IT administrators can deploy application and infrastructure instrumentation via agents that deliver opinionated, near-real-time insights and intelligence about the dependencies, health, and performance of a software system. Instead of constant finger pointing, problem areas can be quickly identified, packaged into a ticket, and sent to the right developer or operations team to solve. The Centers for Medicare & Medicaid Services (CMS), for example, leveraged New Relic as part of moving to a more scalable and agile technology stack built around advanced automation tools and public and hybrid clouds. The result was the ability to do more with less because the team could use data to make better decisions.
As New Relic nears FedRAMP Authorization to Operate (ATO), we are excited about the expanded opportunity to help government IT teams modernize. We’re confident that the improved visibility, reduced costs, and speed of innovation promised by cloud computing and DevOps will enable government agencies to match the efficiencies and performance demanded by today’s citizens.
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.