Survey: IT management challenges persist for years
- By William Jackson
- Mar 09, 2009
As the government moves into a new administration with new priorities, challenges faced by federal chief information officers remain largely the same as in years past, according to a study
commissioned by the information technology industry group TechAmerica.
Key challenges expressed by CIOs, in order of priority, are:
- IT security.
- IT infrastructure.
- IT management.
- IT workforce.
- Application systems.
According to the survey, CIOs are well aware of the challenges they face but have yet to put effective strategies in place to address them. For none of those challenges has an effective strategy been implemented and provided results.
“Challenges that remain on this list are complex and difficult to fully resolve,” the survey report states. “That is in large part why they have been identified as priority challenges over a period of years.”
However, there is hope for progress, the report concludes.
“The good news is that for most of the challenges, there is a clear awareness of the problem and an impetus to change; for many, a workable strategy or significant components of a workable strategy have been developed and are in various stages of being implemented.”
The survey is the 19th annual study of federal CIOs conducted by the IT industry. It was compiled from interviews with 53 CIOs or information resource management officials at 46 agencies. Thirty-eight agencies were in the civilian executive branch, 10 were in the Defense Department, and five were from the legislative and judicial branches. TechAmerica commissioned the survey. The organization was formed by the recent merger of the American Electronics Association, the Cyber Security Industry Alliance, the IT Association of America, and the Government Electronics and IT Association.
Much of the survey’s focus was on the transition to the new presidential administration, but it was conducted from August through December 2008, before Barack Obama took office.
IT security was CIOs’ No. 1 concern throughout the Bush administration, according to previous surveys.
“It should come as no surprise that this issue was considered the consensus top priority by CIOs over the past eight years,” the report states. Considerable resources have been focused on that area. “Progress was made on many initiatives (Federal Information Security Management Act, certification and accreditation of systems, encryption of data, etc.), but we heard from many CIOs that the relative vulnerability of federal systems and data had not appreciably improved or had (in some cases) declined somewhat. One reason cited was that while improvements were being implemented, the threats were becoming more complex. Another contention was that much of the IT security program was focused on compliance versus implementing operational improvements that improved security.”
Lessons learned about IT security in the past eight years include:
- IT security is a complex challenge whose solution interrelates with many other challenges, and strategies to address it need to be broad and inclusive.
- Delivering a more secure IT environment requires operational excellence.
- A compliance-based model is not sufficient to deliver adequate security.
- IT security requires continuous improvement because the threats are dynamic and evolving.
- IT security requires enterprise-level thinking.
Closely related to IT security is the issue of information sharing. Lessons learned in that area in the past eight years include:
- Trust is a prerequisite for information sharing, especially with classified or privileged information.
- Developing relationships based on trust takes time.
- Understanding and interpreting information across organizations require a consistent frame of reference in a well-developed data management environment.
- New technologies such as Web 2.0 are providing a foundation for improved collaboration and sharing. Innovation should be encouraged so that multiple ways of sharing are developed and refined.
William Jackson is freelance writer and the author of the CyberEye blog.