Study pegs security benefits of new IT spending
A deep dive into federal IT data tries to nail down the empirical advantages of new IT spending relative to security breaches.
WHAT: "Security Breaches in the U.S. Federal Government" by Min-Seok Pang, associate professor, Fox School of Business at Temple University, and Huseyin Tanriverdi, associate professor, McCombs School of Business at the University of Texas, Austin.
WHY: The federal IT community has long recognized the importance of moving from legacy support spending to investment in new IT to get more value for the taxpayer and to improve performance and security. But just what kind of improvement does a shift from spending on operations and maintenance (O&M) to development modernization and enhancement (DME) yield for agencies making the move?
A study from two business school professors offers some early insight. The direction of the findings won't be a major surprise, but numbers always make a good talking point. Based on five years' worth of data on security incidents from Federal Information Security Management Act reports, spending data from the IT Dashboard, federal human capital data and other sources, it appears that agencies can expect a 5 percent decrease in the number of security breaches for every 1 percent in funding that moves from O&M to DME or to managed services.
The data also suggests that agencies with geographically far-flung operations experience fewer breaches than those with a large primary footprint.
This isn't Pang's first foray into the weeds of federal IT spending data. His research has also led him to posit a link between united government, when both houses of Congress and the presidency are held by a single party, and spending on new IT initiatives.
In an interview with FCW, Pang said that he's interested in federal IT spending in part because there isn't a lot of empirical research available on the topic, despite the $80 billion-plus in annual spending, and the availability of data on performance. He also noted that he's working independently and is not sponsored by any vendors in the IT space.
VERBATIM: "We find that agencies that invest more in new IT development and modernization experience fewer security breaches than ones that invest more in maintenance of legacy systems. Outsourcing legacy systems to the cloud also reduces the frequency of security breaches. Our results also find that effective IT governance, risk, and control mechanisms also mitigate security risks of the legacy systems. Finally, federal agencies that are geographically or functionally dispersed experience security breaches less frequently than centralized agencies."
Click here to read the full study.