IT Risk & Compliance Federal

Transcription

1 Dell UnisysSoftware Modernization Revolution Survey IT Risk & Compliance Federal Summary Report PulsePoll Results September 2017 JULY 10, 2014

2 RESPONDENT CLASSIFICATIONS 2 Current Employer From June 19, 2017 to July 09, 2017, 200 federal government decision makers (100 federal civilian and 100 DoD/military) participated in an online survey that averaged eight minutes in length. Half of respondents work at federal civilian or independent agencies (including federal judicial, legislative and intelligence agencies). The other half work for DoD or military branches. Department of Defense or Military service 52% Federal Civilian or Independent government agency 48% 0% 10% 20% 30% 40% 50% 60% Which of the following best describes your current employer?

3 RESPONDENT CLASSIFICATIONS 3 Organization Role A variety of job roles are represented in the sample, with the highest proportions in executive management/command, and IT/MIS/IRM. Executive Management/Command IT/MIS/IRM Program Management 16% 20% 22% Operations/Administration Engineering Security operations 6% 8% 12% Acquisition Finance and budget Purchasing/Contracting Other 2% 4% 5% 6% 0% 10% 20% 30% Which of the following best describes your role in your organization?

4 RESPONDENT CLASSIFICATIONS 4 Decision Making Involvement More than half of respondents work on a team that makes decisions, or evaluate or recommend contractors offering IT modernization solutions. More than a quarter make the final decision regarding contractors in this area. On a team that makes decisions regarding contractors offering IT modernization management solutions Evaluate or recommend contractors offering IT modernization solutions 55% 54% Develop technical requirements for contractors offering IT modernization solutions Manage or implement contractors IT modernization solutions 42% 45% Make the final decision regarding contractors offering IT modernization solutions 28% Other involvement regarding contractors offering IT modernization solutions 10% 0% 10% 20% 30% 40% 50% 60% Note: Multiple responses allowed How are you involved in your agency s selection and/or management of government contractors that provide IT solutions, services and support to the IT modernization of your agency? (select all that apply)

5 RESOURCE ALLOCATIONS 5 Maintaining Legacy Systems RESOURCE ALLOCATION Opinion is split over the level of manpower and budgetary resources used to maintain their legacy systems. Notably, civilian agencies are significantly more likely than their DoD/military counterparts to believe their agency is understaffed in this area. Half of respondents feel the right amount of staff is devoted to federal network security, but one third believe too few staff are assigned here twice the proportion that think too many staff are involved. In line with this, four in ten think funding for this area is insufficient. As with federal network security, the same proportion of respondents contends not enough staff and not enough budget are being allocated to the security of their agency's critical infrastructure. How much of your agency s resources are being allocated to maintaining legacy systems?

6 CHALLENGES 6 Where in the Lifecycle Do Agencies Face Challenges? Four in ten believe modernization execution and deployment is the stage where they face the greatest difficulty. At the same time, more than a quarter have issues getting started. At the very beginning assessing and developing a high-level roadmap 27% Modernization readiness developing technology and staffing plans 17% Modernization execution & deployment designing, building, testing and implementation 42% Post modernization support after a new system is implemented 11% None of these stages are difficult 2% 0% 10% 20% 30% 40% 50% At what stage of the IT modernization life cycle does your organization face the most difficulty?

7 IT MODERNIZATION EFFORTS 7 IT Modernization Effort Grades PROCESS FACTORS While on average, six in ten graded themselves C or below, no more than one in ten graded their agency an A across eight process-related IT modernization efforts. Thus, there is great room for improvement in this area. F (Poor/not at all achieved) D C B A (Excellent/consistently achieved) Portfolio/asset review and assessment/inventory 6% 14% 40% 30% 10% Leveraging data to drive decisions 6% 16% 37% 32% 9% Proficiency of workforce to attain goals 7% 13% 34% 38% 8% Engagement with industry partners 5% 16% 34% 36% 8% Information sharing and collaboration within the agency 8% 13% 36% 34% 8% Realistic estimate of the scope of work involved Alignment of IT management and governance Quantifying potential impact (ROI) 12% 8% 8% 18% 16% 20% 29% 34% 7% 35% 35% 6% 34% 32% 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% <=C 60% 59% 54% 55% 57% 59% 59% 62% Regardless of official scorecards, how do you personally grade your agency on the following efforts in its IT modernization journey?

8 IT MODERNIZATION EFFORTS 8 IT Modernization Effort Grades TECHNOLOGY FACTORS As assessed by respondents, the lowest grades are for leveraging cloud and streamlined systems development, where two-thirds respectively give those dimensions a grade of C or below. F (Poor/not at all achieved) D C B A (Excellent/consistently achieved) Data center consolidation efforts 5% 12% 29% 44% 10% <=C 46% Use of automated management and monitoring tools 4% 15% 36% 36% 10% 55% Implementation of shared services 6% 15% 38% 32% 10% 59% Streamlined systems development 10% 23% 32% 26% 10% 65% Leveraging cloud computing 10% 18% 38% 25% 9% 66% Use of agile methods 6% 21% 31% 36% 6% 58% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Regardless of official scorecards, how do you personally grade your agency on the following efforts in its IT modernization journey?

9 IT MODERNIZATION EFFORTS 9 IT Modernization Effort Grades TECHNOLOGY FACTORS (CONTINUED) Across all technology factors, on average, more than half graded themselves a C or below. Across the 13 technology factors, no more than 16 percent gave a grade of A. F (Poor/not at all achieved) D C B A (Excellent/consistently achieved) Improve cyber security 4% 12% 28% 40% 16% <=C 44% FISMA compliance 4% 6% 33% 44% 14% 43% Improve infrastructure security 4% 12% 30% 40% 13% 46% Overall adherence to NIST s Framework for 5% 11% 35% 36% 13% 51% FedRAMP compliance 4% 9% 38% 35% 13% 51% Critical infrastructure management 4% 16% 35% 33% 12% 55% Use of digital technologies 4% 11% 33% 42% 11% 48% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Regardless of official scorecards, how do you personally grade your agency on the following efforts in its IT modernization journey?

10 IT MODERNIZATION EFFORTS 10 IT Modernization Effort Grades Differences In three instances, defense agencies are significantly more likely than their civilian peers to grade their IT modernization efforts an A/B. These include critical infrastructure management, internal information sharing/collaboration, and streamlined systems development. Grades of As/Bs 60% 50% 54% Defense 51% Civilian 43% 40% 30% 35% 34% 29% 20% 10% 0% Critical infrastructure management Information sharing and collaboration within the agency among the stakeholders involved with the process Streamlined systems development = statistically significant difference Regardless of official scorecards, how do you personally grade your agency on the following efforts in its IT modernization journey?

11 PRIORITIES 11 IT Modernization Priorities Agencies top IT modernization priorities over the next 12 months are led by cybersecurity, well ahead of a second tier of mentions including application modernization, cloud computing, and data analytics. Cybersecurity 62% Application modernization Cloud computing 37% 36% Data analytics 32% Digital/mobile solutions Shared services Agile delivery methods Data center consolidation 24% 23% 20% 18% Other 2% 0% 10% 20% 30% 40% 50% 60% 70% Note: Multiple responses allowed What are your agency s top priorities in its journey toward IT modernization in the next 12 months? (select top three)

12 IT MODERNIZATION EFFORTS 12 Other Top Priorities for IT Modernization: Cloud Four in ten believe that embracing cloud is important and significantly higher than those consider cloud adoption not important Amongst all IT Modernization priorities, Cloud services adoption is facing unanticipated difficulties. This is almost twice the proportion indicating Cloud as a priority Agencies with active industry partner engagement have less unanticipated difficulties with cloud adoption by a margin of 2 to 1 Agencies Top Priorities -IT Modernization-Next 12 Months Factor Total Unanticipated difficulties associated with cloud services adoption Yes No Importance of embracing cloud solutions Very/ somewhat Not very/ not at all Cloud Computing 36% 64% 30% 43% 19% = statistically significant difference What are your agency s top priorities in its journey toward IT modernization in the next 12 months? (select top three)

13 CHALLENGES & IMPACT ON IT SECURITY CHALLENGES 13 IT Modernization Efforts Impact on IT Security Challenges Nearly six in ten respondents think their agency's IT modernization efforts have resulted in an increase in the IT security challenges they face this is more than twice the proportion anticipating a decrease. Notably, however, defense agencies are significantly more likely than civilian agencies to cite a decrease in IT security challenges. 59% Defense Civilian 32% 18% 25% 16% Decrease Increase Has had no effect nor change = statistically significant difference In your opinion, do you think your agency s IT modernization efforts have resulted in an increase or decrease in the IT security challenges your agency faces?

14 CHALLENGES & IMPACT ON IT SECURITY CHALLENGES 14 Reasons IT Security Challenges Have Decreased First, more than half of those citing a decrease in their agency's IT security challenges point to the replacement of both legacy equipment and software. They also cite the simplicity to be gained through standardization, a reason far more commonly mentioned by civilian agencies. Reasons Challenges Have Decreased Legacy software replaced with new software 56% Legacy equipment replaced with new Standardization simplifies administration Cloud services adoption 40% 56% 56% Defense Civilian 44% 78% Fewer configurations to manage and support 36% Reduced number of devices to support Reduced need and time for training 22% 26% Other 4% 0% 10% 20% 30% 40% 50% 60% Note: Multiple responses allowed = statistically significant difference [IF DECREASE IS SELECTED] What are the reasons you believe IT security challenges have decreased as a result of your agency s IT modernization efforts? (select all that apply)

15 BENEFITS & IMPACT ON IT SECURITY CHALLENGES 15 Reasons IT Security Challenges Have Increased More than half of those citing an increase in their agency's IT security challenges feel it difficult for their IT staff to support and complete all transitions. Issues related to increased compliance reporting, complex management tools, and learning new systems, are other top factors. Reasons Challenges Have Increased Difficult for IT staff to support and complete all transitions Increased compliance reporting Complex management tools Lack of familiarity with new systems Organizational changes have disrupted IT processes Unanticipated difficulties associated with cloud services Too much consolidation has occurred Other 5% 16% 42% 41% 41% 37% 33% 53% 0% 10% 20% 30% 40% 50% 60% Note: Multiple responses allowed [IF INCREASE IS SELECTED] What are the reasons you believe IT security challenges have increased as a result of your agency s IT modernization efforts? (select all that apply)

16 BENEFITS, IMPORTANT FACTORS, AND CONCERNS 16 Greatest Benefits of IT Modernization Respondents most commonly cited benefit of IT modernization for their agency is enhanced security, followed by operational efficiency, and helping to meet mission goals. Boosts operational efficiency Complies with mandates/regulations Eliminates duplicative processes Makes operations more agile Improves citizen/customer experience 26% 26% 24% 22% 20% 18% 18% 38% 35% 33% 0% 10% 20% 30% 40% Note: Multiple responses allowed Overall, what do you see as the greatest benefits of IT modernization for your agency? (select top three)

17 BENEFITS, IMPORTANT FACTORS, AND CONCERNS 17 Benefits of IT Modernization Differences Defense respondents are significantly more likely to feel IT modernization enhances the security of their agency, while their civilian peers are twice as likely to indicate it promotes innovation. By Agency Type 50% 46% Defense Civilian 40% 30% 30% 25% 20% 12% 10% 0% Enhances security Promotes innovation where otherwise there would be little = statistically significant difference Overall, what do you see as the greatest benefits of IT modernization for your agency? (select top three)

18 BENEFITS, IMPORTANT FACTORS, AND CONCERNS 18 Important Factors to IT Modernization Efforts The factors deemed very/somewhat important to agencies IT modernization efforts are led by having sufficient funds, aligning the project with the mission, having skilled technical staff, and leadership commitment. Other factors here and on the following slide are also widely important. Not at all important Not very important Somewhat important Very important Very/ Somewhat Important Leadership commitment 4% 6% 27% 64% 90% Sufficient funds/budget 4% 4% 30% 62% 92% Skilled technical staff 4% 4% 32% 60% 91% Aligning project with agency mission 3% 6% 36% 55% 91% Setting realistic goals and timelines 5% 6% 34% 54% 88% Strong project management 5% 8% 37% 50% 86% Stakeholder communication 4% 12% 42% 42% 84% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Overall, how important are the following factors to your agency s IT modernization efforts?

19 BENEFITS, IMPORTANT FACTORS, AND CONCERNS 19 Important Factors to IT Modernization Efforts (Cont.) Though less important relative to the other factors, three quarters of respondents nevertheless consider embracing cloud solutions to be very/somewhat important. Not at all important Not very important Somewhat important Very important Shared accountability across IT and non-it executives 7% 14% 38% 40% Very/ Somewhat Important 79% Agile implementation 5% 16% 48% 32% 79% Governance approach 4% 16% 52% 28% 80% Mandated deadlines 4% 20% 48% 28% 76% Embracing cloud solutions 6% 20% 47% 27% 74% Effective engagement with partners in industry 6% 16% 52% 26% 78% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Overall, how important are the following factors to your agency s IT modernization efforts?

20 IT MODERNIZATION SENTIMENT STATEMENTS 20 IT Modernization Journey: Coded Top Comments Six in ten of those agreeing IT modernization is a unique journey believe that the agencies themselves are unique. Those that disagree are more likely to feel that even if unique in some ways, agencies have some similarities and/or must collaborate IT Modernization Is a Unique Journey for Each Agency and Should Be Approached That Way Agree Agencies are unique/different 61% Unique, but also similarities Disagree 21% Unique but with common needs Depends on training, mission, etc. Stakeholder buy-in important Culture can drive requirements 8% 6% 6% 5% Agencies should collaborate Agencies unique/distinct Agencies should standardize 17% 17% 12% Consequences to not modernizing 3% Know agency culture 5% What are the reasons behind your answer? (open end) 0% 20% 40% 60% 80% N= [Agree N = 109, Disagree N = 42] Note: Multiple responses allowed. Includes all mentions 3% or higher. 0% 20% 40% 60% 80%

21 IT MODERNIZATION SENTIMENT STATEMENTS 21 IT Modernization Journey Selected Quotes AGREE: IT Modernization Is a Unique Journey for Each Agency and Should Be Approached That Way Every Each agency is different. Nothing is cookie cutter. Our agency has specific challenges and goals that are not the same in all agencies. We need a custom tailored solution and not an off the peg solution. While the bureaucracy is similar, each agency has to deal with its unique culture and resistance to change. Each is starting its journey from a unique place in terms of measured risk and risk appetite. agency's mission, stakeholders, customers, and data requirements are unique. Their IT modernization should use the most efficient and effective hardware/software that allows for scalability and usability, while being tailored to the specific needs/mission of the agency. What are the reasons behind your answer? (open end)

22 22 Top Key Takeaways from Research Survey Results 1. Agencies see greater security, operational efficiency and mission fulfilment as top benefits of IT modernization and it seems abundantly clear that there is buy-in to the idea of IT modernization. 2. Agencies are facing increased Cyber challenges and unanticipated difficulties with Cloud adoption 3. There is evidently a shortage both of personnel and funding to increase the security of federal networks and critical infrastructure; and especially among federal civilian agencies, the manpower to maintain legacy systems. Only 10-16% grade their agency an A! 4. An IT Modernization revolution is underway, and the president s budget, new IT Modernization Report and MGT act will empower agency leaders to take quick action to focus on modernization efforts, especially with High-Risk High Value Assets (HVAs)

23 23 Join the Modernization Revolution and learn more at UNISYS MODERNIZATION REVOLUTION SURVEY SUMMARY REPORT MARKET CONNECTIONS, INC