As 2025 unfolds, U.S. federal agencies are navigating significant operational shifts that are impacting their overarching cybersecurity strategies.
Government security leaders have always emphasized stringent cybersecurity practices in the face of dynamic threats. Now, they must also account for rapidly changing policies and mandates on “modernizing federal technology and software to maximize governmental efficiency and productivity,” as outlined in the January 2025 Department of Government Efficiency (DOGE) Executive Order.
Fortunately, IT modernization and enhanced cybersecurity don’t have to be an either-or proposition. When both are considered from the start—and with the right mix of technology, process and people improvements—modern infrastructure can be much more efficient and secure than current legacy systems.
The Federal IT Modernization Imperative
Current government IT modernization initiatives such as DOGE, the 21st Century Integrated Digital Experience Act (IDEA), the Government Service Delivery Improvement Act (GSDIA) and the DHS AI Playbook aim to improve efficiencies through automation and process optimization across U.S. government operations. Key areas of focus include:
- Cloud migration: Moving legacy systems and applications to the cloud to achieve scalability, cost savings and enhanced security.
- AI integration: Integrating AI and machine learning into various government functions to streamline processes and improve data analysis and citizen services.
- Legacy system modernization: Replacing or retiring outdated IT systems and software with modern alternatives to improve efficiency and reduce risk.
- Cybersecurity enhancement: Strengthening cybersecurity measures—from adopting a comprehensive Zero Trust architecture that continuously verifies trust for every access request to mitigating threats and vulnerabilities across the supply chain—to ensure the integrity, confidentiality and availability of government systems and data.
- Data governance and compliance: Establishing clear guidelines for things like AI data usage and ensuring compliance with relevant regulations.
- Agile approach to transformation: Adopting agile methodologies to drive faster, more flexible IT modernization projects.
- IT spending and staffing transparency: Improving transparency in IT spending and staffing to help ensure efficient resource allocation and accountability.
- Reporting and analytical insight enhancements: Developing robust reporting and analytical capabilities to provide insights into IT performance and inform future modernization efforts.
- Citizen-centric digital experience: Improving the user experience on government websites and online services to enhance citizen engagement and access to information.
- Workforce development: Integrating AI, data science and software engineering into workforce development strategies to equip government agencies with the skills needed to support future technological advancements.
This strong, continued focus on government IT modernization shows that, despite ongoing efforts and progress, outdated IT systems continue to create inefficiencies that can ultimately obstruct the provision of essential federal services. A recent Government Accountability Office (GAO) report underscores this point: 463 of its 1,881 IT-related recommendations to the Office of Management and Budget (OMB) and agencies since 2010 haven’t been addressed, while 32 of its 69 priority recommendations for government IT over the same period have also not been enacted.
This is understandable in some ways. For government agency leaders, IT modernization projects are often seen as monumental undertakings marked by complexity and uncertainty, and they feel immense pressure to keep pace.
As a result, there may be a temptation to forge ahead with high-priority modernization initiatives and address security requirements after the fact. CyberArk’s 2025 Identity Security Landscape study found that 75% of security professionals (across public and private sectors) agree that their organizations prioritize efficiencies over robust cybersecurity. This, however, can quickly lead to a buildup of cyber debt—unaddressed security vulnerabilities that accumulate in an IT environment as new systems are added—undermining organizational resilience and hindering efficient operations in the long term.
Balancing Efficiency and Cybersecurity in Federal IT
Every IT modernization project creates a chaotic proliferation of new identities. Any identity—a staff member, a citizen, a third-party vendor, a device, an AI agent or an application—can become privileged, and all identities carry risk. More than ever, government agencies must balance the need for rapid modernization with the equally crucial requirement for robust identity security.
Many government security teams currently juggle a variety of tools that address specific identity issues, leading to numerous vendors and integrations. This complexity is problematic: 70% of security leaders say silos are the root cause of cybersecurity risk. In this era of efficiency, many are gravitating toward a consolidated, structured approach that brings critical identity security protections together. They’re also looking for vendors with proven innovation track records that are extending their technologies to address more use cases and critical pain points.
CyberArk is uniquely positioned to help these federal agencies balance their security concerns with their need for operational efficiency by delivering core capabilities across discovery and context, privilege controls, policy automation, lifecycle management and governance and compliance from a single, unified platform. This enables agencies to consolidate previously siloed efforts to secure all identities and unlock optimal efficiency and effectiveness.
Three Ways Agencies Can Benefit from a Unified Identity Security Approach
Comprehensive identity security enhances Zero Trust architectures by ensuring secure and automated access for identities on any device, anywhere, at the right time. Government agencies that embrace this approach can benefit in three major ways:
1. Drive Efficiencies to Save on Costs
Highly complex government networks require multiple areas of discipline, from visibility and analytics to automation and orchestration. The security leaders responsible for protecting these environments need to be able to apply Zero Trust holistically across many threat areas. A consolidated identity security approach enables these teams to close gaps and save on costs. For instance, a federal transportation agency working with an airport authority has automated and streamlined the way it finds, manages and secures the passwords on thousands of IoT devices at airports with identity security—a previously manual, resource-intensive process.
To put this into a dollars-and-cents perspective, IDC recently calculated that CyberArk identity security customers achieve business benefits worth an average of $3.1 million per year, and a three-year ROI of 309%.
2. Streamline Compliance
By prioritizing an identity security strategy, government agencies can keep pace with and meet stringent compliance and security requirements set by federal mandates, such as NIST CSF 2.0, NIST SP 800-207, NERC CIP and FIPS. With easy-to-manage audit trails and robust analytics, security leaders can make confident decisions and demonstrate adherence to standards. This streamlined compliance translates to measurable productivity gains of 12% on average, according to IDC, or $48,720 in savings annually.
3. Strengthen Resilience
Sophisticated threat actors are continuously innovating to find new ways to infiltrate their targets’ networks. Identity security comprises advanced capabilities, such as automated threat detection and security responses, that help government agencies prevent attacks and minimize operational disruptions at all levels. This is evidenced by an ongoing state-level government modernization project.
By consolidating and securing access across internal teams and external vendors, this municipality built a stronger, more resilient security posture. Specifically, it met cybersecurity insurance guidelines, reduced service disruptions and improved its ability to detect and prevent incidents before they could impact critical citizen services.
Preparing Federal IT for the Future
Of course, navigating government IT modernization projects requires more than just technology—it demands a strategic vision, effective change management and a deep understanding of program objectives. CyberArk’s Blueprint for identity security success offers a best practice framework based on many successful government implementations to help security leaders chart the best course.
As federal modernization mandates continue to evolve, our CyberArk team continues to innovate to support future federal needs with secure, cost-efficient technology that drives mission success. To learn more about how CyberArk can help your agency on its IT modernization journey, tune into this roundtable discussion and explore these resources.
Rahul Dubey is the VP of Global Public Sector Solutions at CyberArk.
