IT infrastructure modernization—particularly improvements in networks and the hosting of compute and storage through the cloud—has been a major driver of value in private-sector industry. While total IT costs continue to rise, most industries are keeping growth of IT infrastructure costs lower than all other IT expenses, even as services are expanding and becoming more flexible and agile.
The public sector, however, has struggled to modernize its infrastructure and has not realized the same cost savings and improved quality of service. The number of federal data centers in the United States has swelled from 1,100 in 2009
to more than 12,000 in 2017. Efforts to consolidate through the Data Center Optimization Initiative (DCOI) have had only mixed success. The estimated cost saving to date is $1.6 billion—41 percent below the goal of $2.7 billion.
Public-sector organizations face different challenges than private-sector companies do when it comes to modernizing IT infrastructure, but these challenges can be overcome by understanding and communicating the benefits, which can range from simple cost savings to enabling the mission and enhancing security. Government agencies can also boost the chances of success by taking a disciplined approach to execution, understanding when to source talent from within and when to hire outside experts and vendors.
A tale of two models
Infrastructure modernization has been a value lever in the private sector for years, in large part because of clear objectives driven by top-down mandates. Successful remits often come from business operators whose incentives are aligned with the objectives of modernization. For example, the head of a business unit with an IT cost allocation directly benefits from the operating-margin improvements of a streamlined infrastructure. Similarly, a marketing leader can gain leverage from a nimbler infrastructure that allows a team to innovate
faster, perhaps by bringing servers online more quickly. Typically, leaders who own business outcomes have direct authority to drive infrastructure modernization.
In addition, the private sector is generally more agile in trying new approaches. Companies are able to invest quickly in short-term capital projects without having to plan years ahead of time for congressional appropriations or parliamentary approval, processes that often result in slower, waterfall-type project governance. They can deploy small numbers of targeted, technical talent to those projects without going through the hiring or detailee process common in the public sector. If they are lacking talent, companies have more flexibility to pay a premium to fill those needs instead of adhering to rigid pay scales. These advantages enable the private sector to more quickly test and scale successful modernization initiatives.
While these advantages explain why the private sector leads in modernization, they do not fully explain the mixed results in the public sector. Indeed, we find two central challenges that prevent many public-sector organizations from implementing successful infrastructure modernizations:
- Lack of clearly aligned incentives. Public-sector organizations have more nuanced and complicated goals than private-sector organizations. For one thing, not all goals in the public sector can be tied to a set of financial measurements that are constantly articulated and widely understood. Instead, different parts of the public-sector organization value different outcomes, such as flexibility, efficiency, and consistency. Often, IT is made responsible for modernization without the tools and approaches to create a visionary business case that aligns the differing missions of stakeholders.
- Risk aversion in the face of such significant change. Infrastructure modernization is complicated. Application rationalization, adopting software-as-a-service (SaaS) alternatives, and cloud deployment are intricate operations; the options are always changing, and the competing priorities of stakeholders make solutions complex and difficult. Data access is also a concern: the General Data Protection Regulation (GDPR), passed by the European Union, was partially motivated by the desire of European governments to maintain physical access to their data during a crisis. Even if the decision making gets done, execution requires a high level of technical skill and can feel risky to those who lack experience.
This article will explore these challenges and how organizations can overcome them.
The business case for prioritizing public-sector IT infrastructure modernization
We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com
Despite the challenges, we believe infrastructure modernization should be prioritized by agency and ministry CIOs. As we’ve seen in the private sector, these programs can be a source of cost and productivity improvement. A modern infrastructure often serves as both an enabler and prerequisite for other agency priorities. Enabling employees, increasing data accessibility, and improving the customer experience can all be accelerated with more modern systems. CIOs who make infrastructure modernization a priority may also find they are aligned with the political environment. In the United States, several centers of excellence have been launched at major federal agencies through the White House Office of American Innovation. At the same time, states and local governments have taken “cloud first” approaches toward modernizing their IT infrastructure.
In contrast, delaying modernization will only increase pressure on an agency as government oversight (the US Federal Information Technology Acquisition Reform Act) and the risk of cyberattacks increase.
Delays will also make the eventual transition more difficult. As systems become more customized and accumulate tech debt, they become more complex and more expensive to migrate.
The key to spurring agencies to action is to outline a comprehensive business case that is linked to the mission. A strong case can galvanize and align the multiple stakeholders required to make change happen. Based on our experience, there are seven areas organizations must examine to define and ultimately extract value: cost savings, modernization of the application portfolio, productivity improvement, enhanced security, greater IT stability, improved transparency and accountability, and faster speed of innovation.
Cost savings. Data-center consolidation should be a major source of cost savings, but identifying those savings can be difficult. Agencies typically struggle with defining the cost structure of their assets and with valuing assets that are spread out (for example, among many smaller server closets). We find the most robust accounting practices are based on asset inventories and per-unit costs. Using this method, we see five broad cost categories for public-sector data centers: labor, hardware, facilities, software, and infrastructure (Exhibit 1).
These costs can be reduced by consolidating to a few large enterprise data centers or migrating to the cloud. Delays often carry long-term cost implications (for example, consolidating after a tech refresh would result in losing years worth of hardware spend). Overall, while total cost savings and avoidances of up to 50 percent are achievable by consolidating data centers to enterprise locations or migrating to the cloud, achieving these savings is not guaranteed and will require the identification of opportunities, coupled with strict execution to capture full value.
Modernized application portfolio. The greater the number of data centers in the public sector, the more they serve as a breeding ground for undocumented applications and other rogue IT. Single-use, custom-built applications are both a drain on resources and a potential security threat. Data-center consolidation provides an opportunity to inventory and evaluate the portfolio through application rationalization. In general, we find 20–30 percent of applications can be phased out or consolidated to a SaaS solution. Many organizations spend countless hours conducting bottom-up analyses to determine where current applications should land in the future (that is, a consolidated data center, an SaaS alternative, or the cloud). Some do not even have a set definition of an “application.” We find that applications can rapidly be categorized into four archetypes with different configurations, maintenance requirements, and infrastructure (Exhibit 2).
This categorization helps managers to quickly segment the portfolio and decide whether to transition the applications from one infrastructure model to another. While IT may lead this process, agency leaders must be engaged for the rationalization to succeed. Unsurprisingly, we find rationalization is essential to capturing the potential cost savings and to modernizing the application portfolio. In our experience, a robust approach to defining applications, tying them to stakeholders, and understanding their true operating cost is critical to modernizing the underlying infrastructure.
- Productivity improvement. Following the lead of the private sector, public-sector organizations should aspire to realize productivity improvements by adopting agile at scale, which is significantly easier after data-center consolidation. Efforts should be made to automate core IT activities (for example, server provisioning and security updates) once the servers and storage are “under the same roof.” More complex activities should be more iterative and involve cross-functional business teams. Companies in the private sector have been able to improve their productivity twofold by automating up to 80 percent of their work and adopting an agile operating model. Economies of scale can also be leveraged by optimizing staff distribution (for example, matching help-desk resources to demand) to improve response times and customer satisfaction. Capturing these performance improvements means baselining the current state; setting definitive, measurable targets (such as time to provision a new server and average time to resolve an incident); and committing to agile principles.
- Enhanced security. While the exact monetary benefits of increased security are hard to quantify, they are typically significant: a recent study estimated the total global impact of cybersecurity threats at 0.6–0.8 percent of GDP ($600 billion).
Closing server closets and smaller facilities enhances security—both cyber and physical—by reducing the number of access points. For example, an ongoing consolidation effort at one US federal agency is on track to reduce the number of access points by over 90 percent, which can then enable stricter adherence to activities such as regular patching and system updates. These security enhancements can be tangibly measured by counting the number of servers hosted in data centers with a high facility security level (level three or four) or tracking the percentage of systems that are fully up to date. Transitioning to the cloud can yield similar benefits if best practices are followed. Infrastructure modernization is often the perfect time to evaluate security needs, balancing risk with cost, and taking explicit actions to create a footprint that fits the organization’s security needs.
- Greater IT stability. IT stability—often a pain point in public-sector organizations—is dependent on rigorously maintaining the existing infrastructure while quickly reacting to outages and other incidents. Server closets and smaller data centers are often overseen by IT staffers who must fit the work in among their other duties. They typically do not have the scale and process to rapidly update these small pockets of infrastructure and respond to incidents. Furthermore, the smaller centers often lack the redundancies in power and cooling that larger installations employ. These issues are mitigated in enterprise data centers and in the cloud: migrating the servers from a tier-one data center to a tier-four data center can reduce the average downtime from 29 hours to 26 minutes per year.
- Improved transparency and accountability to achieve the modernization vision: In many government agencies, IT is a separate entity within the mission centers. This federated model makes it harder to develop and execute a modernization vision. The lack of direct accountability drives shadow IT, which is often further propagated by budget constraints and organizational structures. As a result, pieces of infrastructure are developed and managed separately, with dispersed accountability, creating a complex web of oversight. While policies and standards exist, no one has a line of sight or ultimate responsibility for overall safety and effectiveness. In a typical infrastructure-modernization journey, the centralized oversight of a few data centers and the interface with cloud providers help focus accountability on a small number of senior leaders. This not only improves oversight of today’s infrastructure but also allows the leadership to chart a vision for the future, which can include a new footprint (one of balance between cloud and on-premise data centers) as well as new ways of working (such as DevOps).
- Faster speed of innovation. Having a large number of data centers can be a hindrance to driving modernization initiatives, because of differing environments. In contrast, driving innovation at a single enterprise data center, where there is a single point of contact and a single set of core processes to change, is much simpler. In the private sector, consolidation has resulted in shorter lead times from code commit to code in production (from days to less than an hour), faster server-provisioning times (from days to minutes), and more frequent deployments (from every few weeks to multiple deployments per day).
Building the business case is a necessary step for infrastructure modernization, but without proper execution, a modernization effort in a government agency can stall or be counterproductive. There are significant risks because of the complexity of the process and the number of stakeholders who must be involved. As a result, IT projects in the public sector are six times as likely to experience cost overruns as comparable projects in the private sector. In our experience, the key to execution is to build alignment around a robust, rigorous plan that touches upon all the key elements:
- Select an agency with the right sponsors. Ideally, the initiative should be supported by the head of the department or ministry. There should be broad alignment on the business value of the program. Congressional, parliamentary, or executive support may also be essential for spurring action and pushing past bureaucratic obstacles.
- Align with the broader objectives of the organization. For example, the business value is greatly increased when the agenda for infrastructure modernization aligns with ongoing initiatives like cloud migration and cybersecurity enhancements in an agency.
- Build relationships with the key agency stakeholders. This should be done early in the consolidation process. The support of these stakeholders is essential to ensuring accurate reporting and buy-in on key activities (for example, application rationalization), and to overcoming major risks and challenges.
- Assemble the right team. The modernization effort will require a combination of individuals with the right technical expertise (for example, data-center design and layout, mainframe, and storage) and soft skills (for example, the ability to form coalitions and strong networks within the organization). Sourcing is key to building the right team. Certain skills are important to have in house, such as an integrative architect, but others are better sourced from industry to obtain the necessary combination of skills and experience. Few public organizations will have experts who have managed infrastructure modernization multiple times in the last few years, because organizations so rarely go through such change. For these types of roles, leveraging external experts is valuable.
- Practice disciplined supplier/vendor management. Agencies should consider both in-house and external options when selecting hosting solutions. For public-cloud solutions, early alignment between agencies can improve synergies and better leverage migration processes. Governments should not hesitate to leverage their scale; Microsoft is constructing two new data centers in Germany to adhere to policies.
Deep consideration should be given to the question of whether to adopt unique services (for example, AWS Glue) or to go with more portable solutions. Finally, best practices should be followed by the agency and its procurement organization; the contracting officer should ensure that the requirements are not overly specific or overbearing. Contracts should be centered around defined outcomes rather than time and material.
- Develop a communication plan. Employees, customers, and political influencers should be informed. The agency should be willing to embrace a variety of communication methods, such as town halls, newsletters, and individual conversations.
- Build a mechanism to ensure value capture. Too often, the fiscal benefits are unaccounted for or slip into another part of the department. At a recent transformation in the United Kingdom, a ministry maintained two versions of the systems for an extended period of time, as a result of a prolonged migration, which added to costs. CIOs should engineer budget clawbacks or staff reallocation to track savings and ensure they are realized.
The journey of infrastructure modernization can appear daunting to public-sector organizations, but taking the right steps at the start can help to overcome obstacles. First, the change team should consider the organization’s overall aspirations and what it values. Next, they can use this to create a set of objectives they hope to achieve through modernization. These can be financial or nonfinancial, such as increasing the pace of innovation. Then they can build a business case, keeping in mind the stakeholders they will ultimately need to convince to come along for the ride. Finally, they can start collecting data by cataloging an inventory of applications, servers, data centers, and such. IT inventory is often neglected, and therefore it may require significant time to ensure that the data are up to date. These tactical first steps will build momentum for the journey ahead.