Agency Legacy Systems are Turning 50: What Does This Mean for Security?

Many government organizations rely on legacy systems to run mission-critical workloads. This infrastructure, although once state-of-the-art, is now aging rapidly. This not only hinders innovation but leaves agencies vulnerable to cyber attacks as support for these systems ends. In a recent poll by the Government Business Council titled The Legacy Liability, it was found that federal employees believe their agency’s legacy IT systems are “stiff, unadaptable, and deserve investment” before they compromise security.

“A successful hack could shut down power, impacting hospitals, banks, gas pumps, military installations and cell phone service. The consequences would be widespread and devastating, and only more so if we are in the midst of a global pandemic,” said Senator R-AK Lisa Murkowski.

According to the report, the Department of Education and the Department of Health and Human Services are using legacy systems that are almost 50 years old – these aged systems were deemed a high security risk in a 2019 Government Accountability Office report. These legacy systems, along with many others being used by agencies today, are a growing security risk. More than two out of five respondents said outdated IT infrastructure is their biggest security hurdle. Forty-one percent attributed outdated infrastructure to remote work security risks. With these threats in mind, agencies are shifting workloads to the cloud to enable agility, remote work, and compliance.

“Most security issues—cloud or otherwise—happen because organizations do not continuously validate that security controls, segmentation, and other functions are operating as they should. With security instrumentation processes, agencies can prove security effectiveness and identify gaps and overlaps,” shared security experts from FireEye.

The report found that 44 percent of respondents described their security infrastructure as static – even in the cloud. Three quarters said that cloud security funding was essential for a modernized workforce, but agencies lack the IT resources and staff to deliver essential security. “Effective cloud security requires all the trappings of traditional solutions, including security for network, endpoint and email. Beyond those elements, comprehensive visibility, continuous compliance and governance are imperative to quickly detect and stop elusive threats,” added Mahmood Khan, cloud security engineer, Public Sector.

The report outlines the need for modernization, cloud migration, and most of all, security as this digital transformation moves forward. Interested in learning more? Read the poll here.