Leaving the ’90s behind: How governments are handling the never-ending upgrade battle

As decades-old infrastructure and a generation of retiring workers threaten the security and services of state and local agencies, tech leaders must decide which dying system to upgrade first.

Aging digital infrastructure is more than a problem in state and local government — it verges on an epidemic as CIOs decide which systems need updating most and how to get the necessary funding.

From California to New York, state auditors are raising warning flags to replace these outdated systems, technology that has left sensitive data open to cyberattacks and that struggles to find support even from the original vendors. Further complicating matters, these databases and applications often rely on a retiring generation of baby boomers just to keep them running. The result is a widespread government IT infrastructure often ill equipped to efficiently or effectively handle the missions its agencies have been tasked with.

Salesforce reports that based on its public-sector relationships and analysis, “the backbone of government IT is still largely supported by on-premise technology from the 90s.” The limited and often cumbersome functionality that comes with these aging systems leaves many states and cities torn between a dubious battle to maintain systems or the millions of dollars in upfront costs required to modernize.

Earlier this year, the National Association of Chief Information Officers (NASCIO) ranked legacy modernization at No. 5 on its list of top 10 priorities, and on an accompanying list of top 10 tools, modernization ranked first. NASCIO’s annual surveys show that a majority of CIOs report that more than 40 percent of their systems are outdated and need replacing or refurbishing.


“Legacy modernization has always been a priority for our CIOs and it’s evident year after year through the our Top 10 Priorities survey,” said Yejin Cooke NASCIO’s director of government affairs. “As far as what gets modernized, that depends on a lot of factors like governors’ agendas, state processes and the budget that’s available.”

Oregon’s recently publicized cybersecurity troubles provide a perfect example of how damaging to a state these outdated systems can be.

Refusing to cooperate

In September, Oregon Gov. Kate Brown issued an executive order to compel state agencies — that in most cases operated independently — to fortify their systems with upgraded digital security. According to state leaders who testified before the state legislature, agencies had “refused” to provide the state’s technology office with copies of vulnerability assessments as required by state law. The order eventually signed by the governor gave authority to CIO Alex Pettit to invest in and implement a modern digital security plan across agencies.

Travis Miller, Oregon’s senior policy and communications strategist, said the state agencies were seeing data breaches, and many of them were driven by hackers who could launch attacks using the same penetration methods on different agencies. 


There was also a lack of support from agencies that, according a report from the CIO’s office, would sometimes result in agency heads not just withholding known vulnerabilities, but “actively concealing” them. The consequences of this disjointed organizational structure and outdated systems resulted in a multiple attacks, with the worst compromising more than a million records at the Oregon Planning Department.

“So now we’ve fundamentally shifted the security posture of the state, essentially making it a priority, and are moving towards a centralized IT security model,” Miller said. 

The governor’s executive order will expire and would be replaced by Senate Bill 90, legislation now before the legislature that would permanently move security oversight of many state agencies to Pettit’s office.

Further, the bill would create a Cybersecurity Center of Excellence for collaboration on cyberthreats between state and federal agencies, and create a set of best practices for the state to fund and mechanism for the state to fund cybersecurity enhancements via federal grants and allocations.

Oregon’s story is just one of many in state and local government. While some modernize to escape disaster, others seek technology upgrades with an eye on new capabilities.


Lay of the land

Perhaps no one is better equipped to explain the extent and character of the consolidation problem than the vendors being tasked with the upgrades.

Dave Rey, Salesforce’s executive vice president of public sector sales in North America, said the greatest demand he sees comes from cities and states looking to the cloud. 

Within the category of cloud IT migration — a common solution for upgrading fusty technology — NASCIO reports public sector leaders pointed to critical tools like disaster recovery, office productivity apps, and email and collaboration tools as top areas for ongoing and future investment.

“Primarily, what we’re finding is that providing our service cloud, for case management, and our communities cloud, for the connection between the citizen and the government, have probably been the two biggest areas where we’ve seen demand,” Rey said. “This is because they cover a wide range of different types of services.”


Indeed, on April 4, the city-county of Denver launched a new 311 system on the company’s service cloud, a platform that uses complex algorithms to automate and manage tasks. Grappling with an outdated service request center, Denver turned to the cloud company to put a stop to its dropped call rates, long wait times and backlogs of resident requests for issues like pothole repairs and graffiti clean up. The city followed the efforts of Philadelphia, a city that was among the first to partner with Salesforce on a citywide 311 system.

“This is solving a real big problem they had with efficiency in the past,” Rey said. “A lot of the automated routing wasn’t happening, so even if you called in, they lacked the knowledge management to be able to get their hands on quick answers to questions or respond by routing work requests to the various service divisions.”

An increase in apps

Applications management is the third-most-common demand from governments, Rey said. Colorado, for instance, has more 70 different apps hosted by Salesforce for agencies to handle issues like human services, wildlife management to adult protective services.

Michael Donlan, vice president of Microsoft’s U.S. State and Local Government division, said his company has seen a burst of activity from governments leveraging its cloud for cybersecurity, to make systems comply with regulations and to scale services. Like Salesforce, the company’s cloud platform has acted as a foundation for states and cities to build new apps and pursue an enterprise service model.


“We’re also seeing a large increase in customers selecting the Microsoft cloud platform as the foundation for new applications or to augment or replace existing on-premise systems to deliver improved citizen experience and outcomes,” Donlan said. 

Instances of this activity at Microsoft include apps for the California Department of Social Services that provide new tools to assist nearly 3 million children, adults, and seniors receiving out-of-home care. Police departments in Chicago, Memphis, Tennessee, and Miami-Dade County, Florida, are also using Microsoft’s cloud for data analytics and other services.

Fueling modernization there are a combination of ingredients needed for funding and to deliver successful projects. Buy-in from legislators, governors and mayors, who understand the urgency, is one factor. Willingness to collaborate on the part of departments and agency leadership is a must-have. To a certain degree, bravery is another requisite to redirect funding to new technology. Donlan and Rey highlighted all of these factors as core components for change.

“I think strong leadership, a vision and to have disruptors at the leadership level, needs to happen for change within government.” Rey said. “I do believe they need to shift the dollars to innovation and away from legacy systems.”

This story was featured in StateScoop Special Report: Legacy Modernization (2017)

Latest Podcasts