Government IT Modernization is Both Driven and Hindered by Security Concerns

According to "Government Index for IT Modernization," a new study of current and former U.S. government IT decision makers, commissioned by IBM, nearly 70% of those surveyed view security risks as the top barrier when migrating to modern cloud platforms.

Of those surveyed, security also now outweighs reducing costs by almost double as the reason to modernize IT infrastructures. The study, conducted by Morning Consult on behalf of IBM, surveyed over 500 current and former IT government decision makers based in the U.S.

Recent cybersecurity threats have put a spotlight on current cyber threats and existing vulnerabilities. In an urgent response, President Biden issued an executive order, urging federal agencies to modernize and protect their data from existing and future threats.

"With the President's executive orders, the U.S. Federal market is facing a massive transformation to its cybersecurity strategy which requires a great deal of technological modernization. While this is a priority for government IT decisions makers, our survey found that they view security as both a driver and barrier to modernization," said Howard Boville, Head of IBM Cloud Platform. "Enterprise technology providers are stewards of massive volumes of personal data, and we need to do our utmost to protect this data. A public and private sector partnership that adopts an open and secured hybrid cloud architecture with sophisticated security capabilities can help agencies ensure that data truly remains theirs, even in a multi-cloud environment."

The study found that:

  • Modernization Drives Security: With cybersecurity attacks on the rise, so too are budgets to protect data. Responding government IT decision makers for all levels of government anticipate agencies will spend the most on cybersecurity in planning for FY22. According to the study, more than 75% of respondents cited migrating and managing data from legacy systems to the cloud as a challenge for their current or former agency, with security was cited as the top barrier but also as a main driver.
  • Contradictions Over Security Readiness: The study found that between 64% and 82% of respondents believe their current or former agency is very prepared or somewhat prepared for a wide range of current and future threats - from ransomware to post-quantum attacks. Yet more than 40% believe it will take three or more years to comply with the Biden Administration Cybersecurity Executive Order to implement zero trust and encrypt all data, an eternity in a world where security breaches occur with increasing regularity. This contradiction is further reinforced when looking at the current use of baseline security protocols?more than half of IT decisions makers surveyed say their cloud administrators does not always require complex passwords (50%) and two-factor/multi-factor authentication (51%).
  • Visibility Gets Cloudy: 50% of the respondents report their agency is using a mix of security tools for on-premise and cloud threats, creating a gap in visibility. At the same time security is the top concern holding 46% of responding government IT decision makers back from working with third party vendors. With the average federal agency using 10 or more cloud providers and working with hundreds of third parties, managing risk across this growing attack surface is expected to further complicate security.

For more information about IBM's work in the U.S. Federal market, visit