Assessing SLED Security: Technology risks in state and local government and education

by | September 28, 2023

SLED (State/Local Government and Education) organizations often stand at the crossroads of technology evolution. Change is a difficult balancing act– the act of adopting new technologies carries prerequisite risk, but refusing that risk and the change it allows keeps constituents, employees, and students at a standstill with poor experiences and limited productivity.

As technology ages in sectors where updates and migrations are rare, the impact on the organization and constituents is felt tenfold. Legacy technologies quickly become deficient at best, and obsolete at worst. Governmental and educational business continuity strategies can be fraught with weak points, as constantly changing leadership makes driving change very difficult. That means, despite the ticking clock, many are reluctant to make necessary changes to their technology architecture.

So, how would a SLED organization slip out from between a rock and a hard place? How would one properly weigh the risks and make a choice that is safe, sustainable, and effective for those involved? Below we explore some of the top risks associated with legacy technology in SLED, along with thoughts and insights for moving forward.

Risk #1. Legacy technology is incompatible with modern best practices

Improve Customer Experience (CX)

Legacy technology is a leftover from a bygone era, and its lack of adaptability in times of increasing CX demands can cause damage to the reputation of entities, leaders, and elected officials that insist on keeping it around. Equipment, platforms, and coding languages are aging rapidly. Constituents become increasingly agitated by the poor experiences this brings about—think slow websites, error messages, failing account portals, long waits and response times—and feel that their needs are not prioritized by the organization or official. This directly affects their attitude and satisfaction with elected officials—and thus, affects their votes.

Legacy technology is not built for or adaptable to the era of digitalization, where most important forms, communications, information sharing, recordkeeping, and other foundational actions are performed online. The traffic can be overwhelming at times, the maintenance difficult, and most organizations don’t have the budget or skilled staff to accommodate. While nearly every private sector business has embraced the cloud and funded or outsourced specialists to manage their technology, SLED organizations tend to not leap, but crawl, much to the frustration of constituents, users, and employees.

Modernizing the technology stack can put SLEDs in a better position to provide great CX.

Reduce Security Risks

While poor CX is a risk to political reputation, poor security is an overwhelming risk to national security and constituent safety. Legacy technology lacks the provisions to fight against the advanced cyberattacks we see today. Hackers are not thwarted by simple firewalls, especially those not properly maintained, or password locks. Plus, as the use of IoT devices for both critical and confidential uses (environmental monitoring, security, manufacturing) and everyday uses (smart watches, AC systems, coffee machines) alike, old networks simply don’t provide the necessary segmentation needed to keep these devices out of the wrong hands.

A breach could be catastrophic for both the security of public infrastructure (and thus National security) and the citizens utilizing SLED systems. Access to medical and educational records, passwords, SSNs, bank information, and other critical private information is far easier to access without modern measures– and the risk of keeping this technology around greatly outweighs the minimizable risks inherent in migration.

A holistic approach to modernizing technology can work to benefit SLED organizations, helping to mitigate risks better than legacy technology will allow.

Empower Innovation

Legacy technology doesn’t give the rest of the organization the agility to innovate. SLED organizations are tasked with solving problems for their constituents and stakeholders, yet their hands are often tied by the cumbersome technology they have available to them. While many make the best of their situation, imagine the possibilities if there was a modern platform in place that could empower and enable users, developers, and IT staff to be nimble and creative in their approach.

Risk #2. Owning technology doesn’t make it more secure or effective

The Cloud is Actually Safer

In our experience, most SLED organizations continue to utilize centralized, on-prem IT. It is a critical point of failure and stands in stark contrast to private sector organizations who are far more likely to embrace cloud, multi-cloud, or hybrid solutions.

Government and education agencies continue to believe that owning technology is more secure than investing in cloud services, but it requires a lot of time and specialized resources to manage such on-prem solutions, such as performing the regular, necessary updates for larger functioning. Without dedicated resources and leading talent, it’s much less secure.

Additionally, on-prem equipment tends to be legacy equipment that is near, at, or past end-of-life. Legacy phone systems, servers, and other equipment can be too out of date to be able to withstand today’s security risks and could, in fact, create giant backdoor entrances through which bad actors can enter the IT network. There could even be compliance and governance concerns with such legacy equipment that can be greatly reduced by moving to cloud applications and solutions.

The opportunity for improvement for SLEDs that continue to manage their own on-prem solutions is to work with a secure Cloud Service Provider(CSP) that can help them migrate services to the cloud where they have dedicated security talent and robust security measures that can reduce risk and ensure their networks get the careful attention they need.

Outsourcing Is The Way

Outdated technology ownership leads to an overall fragile system. But there’s a chicken-and-egg scenario with talent. As the IT resources familiar with legacy equipment move on or age out of the labor market, it becomes more difficult to support effectively. But that legacy equipment also makes it less appealing for new, up-and-coming talent to work there.

No fresh-faced college grad is excited to join an IT organization and learn outdated equipment and programming languages. They want to work where an organization embraces new technology so they can learn and grow in areas where there will be increasing opportunity, not decreasing opportunity.

This lack of talent represents another risk factor and point of failure in an already fragile IT ecosystem. There is a common problem in these scenarios where the one employee that understands the system leaves, disrupting the entire ecosystem.

It’s ultimately safer and more beneficial to hire a Managed Service Provider(MSP), Managed Security Service Provider (MSSP), or specialized provider to keep your technology up-to-date, perform regular maintenance and monitoring, stay on-call to fix mission-critical issues, and play proactive defense against security risks. A team of outsourced experts can more safely operate technology than an owner without the knowledge or labor force to keep up.

Risk #3. Outdated technology is too static to ensure continuity in times of crisis

Improve Resiliency

Many SLED agencies tend to still use on-site data centers and other on-prem technology that’s locally situated. So, what happens in the event of a terrorism event, a natural disaster, or another factor that affects the area? The whole system fails. Unfortunately, they often learn this in the wake of a crisis.

A lack of staff, difficulties with procurement, accounting issues, and a conservative philosophy to change often impede modernization for many SLEDs and keep them from embracing more efficient technology.

While technology continues evolving and the private sector continues to quickly adopt it, SLED organizations often fail to take advantage of the benefits of innovation in IT.

Take, for example, COVID-19. At the beginning of the pandemic, many SLED organizations couldn’t support work-from-home measures due to a lack of supporting technology. Large legacy phone systems in particular caused issues, creating serious constraints due to their limited geography. Organizations quickly became overburdened, putting crucial initiatives on pause and opening the public up to danger when crucial services became greatly reduced or unavailable indefinitely. The public sector is still not at technological parity with the private sector in this area.

The clear path is for SLEDs to embrace more rapid cloud adoption, as it is inherently more dynamic and capable of supporting scale and urgent workflow changes in times of crisis, ensuring business continuity.

Solutions like UCaaS and CCaaS can give them the ability to turn on a dime and support work-from-home operations instantaneously. Collaboration tools and shared resources can keep teams working and connected to each other and the outside world.

How UPSTACK can help

At UPSTACK, we understand the challenges associated with ever-changing technology. We specialize in creating holistic solutions that far surpass the success of piecemeal technology, creating lasting efficiencies and problem-solving that stand the test of time. We are uniquely qualified to support SLED organizations, as our technologists and advisory partners are knowledgeable in the necessary compliance requirements, security concerns, and business continuity challenges faced by these organizations, as we have many clients who are SLED organizations.

Learn how UPSTACK can be your partner through unprecedented technology changes. Talk to our experts today.