Jan 18 2023
Security

4 Federal Government IT Trends to Watch in 2023

Key areas of focus this year include cultural shifts needed for zero trust, the automation of hybrid data centers, the evolution of client virtualization, and device lifecycle compliance.
Tech Trends 2023

Last year’s federal cybersecurity strategy on zero trust — evolved from an executive order in 2021 — has focused the IT industry’s efforts to adopt the architecture. But there is still much work to be done before the fall 2024 deadline.

IT leaders needing to support an increasing hybrid workforce continue to bolster hybrid infrastructures, including plans for data and devices. As a result, they are grappling with the task of securing information in an increasingly wide range of hybrid, decentralized and remote working environments.

In some cases, success depends on an agency’s ability to re-evaluate the way things have always been done and embrace new and different paths forward.

As we look at what lies ahead in 2023, FedTech asked government IT experts for their thoughts on the year’s key technology trends: the cultural aspects of zero-trust cybersecurity, the automation of hybrid data centers, the evolution of client virtualization and Desktop as a Service, and device lifecycle management as it relates to compliance.

Here is an overview of each of these topics, followed by links to articles with more in-depth insights.

TT Sidebar 2023

 

1. Success of Zero Trust Will Depend on a Cultural Shift at the Agency

Much has been written about the technological aspects of the journey to zero trust. One foundational step, however, has little to do with tech. To be successful with zero trust, agency IT leaders must change the organizational culture.

“Zero trust is a completely different way of thinking about cybersecurity. It’s not the perimeter moat,” says Samir Hans, a principal at Deloitte. “Zero trust requires collaboration and the sharing of information, which is a cultural change for a lot of agencies. It’s not inherent.”

Hans and others recommend breaking down traditional IT silos and facilitating interdisciplinary conversations about data and access. These silos usually align with the Cybersecurity and Infrastructure Security Agency’s pillars of identity, devices, network/environment, workload and data.

Agencies also need to establish proper leadership for their zero-trust efforts — someone with a centralized, contextual view who is not necessarily the CISO.

Collaboration should extend outside the agency to include contracted vendors. “There has to be a little bit more flexibility in some of the ways things are procured,” Hans suggests. “Have clauses in the contract that require companies to collaborate and share data with each other.”

LEARN ABOUT: How agencies can establish zero trust in a hybrid environment.

2. Agencies Will Scale Up Automation of Hybrid Data Centers

Hybrid infrastructure has long appealed to federal agencies because it allows them to keep sensitive data on legacy systems while providing flexibility to scale up with cloud services as needed. These different environments all have various workflows and regulations, and this complexity presents challenges for IT leaders.

Gone are the days when legacy data centers were simply re-created in the cloud and infrastructure updates were made manually. “There is a lot that can be done in the cloud to take advantage of all of the investments in automation, if you’re already there,” says Scott Buchholz, CTO for Deloitte’s government and public services practice. “Those who are in the data centers — particularly those who have the hyperconverged infrastructure — can start taking advantage of that relatively easily, because all of the control planes are there already. For those who haven’t gotten quite that far, there are other ways of doing it as well.”

When looking to automate their hybrid data centers, agencies should consider their data’s security needs, evaluate their legacy systems and how they can integrate with the cloud, and maintain data visibility as the various environments converge.

Click the banner below to get access to exclusive articles about federal IT trends.

3. Agencies Will Re-Evaluate Their Needs for Client Virtualization

Desktop as a Service — one of the main types of client virtualization — is poised for growth in 2023. Research from Gartner shows that spending on DaaS will continue to climb, driven by ongoing cloud migration. DaaS came to prominence during the pandemic because it enabled agencies to scale up quickly and relatively inexpensively to support employees who were working remotely.

Although most government employees are making their way back to the office, IT leaders need to maintain flexibility to support them wherever they are working in 2023.

It would be wise for agencies to evaluate their needs before going all in on DaaS. Like most IT solutions, client virtualization is not one-size-fits-all.

For example, agencies that need to scale up or down quickly should consider DaaS. Suppliers can equip agency employees with hardware and applications, manage those assets and dispose of them. Agencies also benefit from flexible cloud space on demand. Subscription costs for DaaS also scale up or down with the agency’s need for services.

Organizations with skilled IT teams and the resources to continually manage software and hardware, as well as those with higher security needs, might pass up DaaS for a different type of client virtualization, such as virtual desktop infrastructure.

DISCOVER: How green computing is helping agencies cut emissions.

4. Device Lifecycle Management Will Help with Compliance

Federal agency IT leaders must equip employees for success as they work from virtually anywhere. Add a dizzying rate of change for devices, and IT teams have their hands full managing and securing the organization’s data while staying compliant.

“There are so many things you have to comply with, and they keep coming all the time,” says Sean Frazier, federal chief security officer at Okta. “First, take a step back, realize all these are kind of related and focus on the fundamentals.”

With device lifecycle management — with any kind of lifecycle management, really — it’s best to start at the beginning. “We have to be thinking for everything we build, from the time that we have it as a thought in our brain, we should be planning what the security is for that architecture,” Frazier says. “We have to be thinking about the security implications.”

For some agencies, working with a trusted partner can help IT leaders manage their devices, keep them up to date and shore up compliance. CDW can provide such support throughout the four pillars of the device lifecycle: discover and design, deploy, manage, and refresh and recover.

SeventyFour, da-kuk, cokada/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.