I recently sat down with MeriTalk to discuss how defense agencies can modernize sprawling, traditional IT into secure, scalable cloud environments that support real-time decision-making and cyber resilience. The conversation reinforced something I have observed throughout my career, which is that implementing technical solutions pushes us to rethink how we approach modernization itself.
Our discussion covered microservices, zero trust, continuous authorization, and the importance of bringing warfighters into the development process early. Here, I will expand those points and how they connect to the broader modernization challenges in defense IT.
Existing systems struggle to meet tomorrow’s mission
Built for on-premises environments decades ago or lifted into the cloud without being re-architected, existing systems are unscalable, non-interoperable tools that cannot keep up with technology and mission changes.
Addressing this challenge means modernizing the application itself before migration. This involves decomposing monolithic systems into containerized microservices, implementing common data models, and funding modernization roadmaps that reflect the warfighter’s needs, not only the existing contracts.
This work calls for structured planning, technical rigor, and an understanding of how systems are used in operational environments. This is the focus of much of our work in federal government IT programs, where modernization efforts have to account for real-world constraints instead of best-scenario conditions.
Compliance is not the bottleneck most think it is
As agencies take on modernization, one assumption is that compliance frameworks create delays. During our MeriTalk discussion, this came up as a persistent myth. In practice, frameworks such as the Federal Risk and Authorization Management Program (FedRAMP) or Impact Levels 5 and 6 (IL5/IL6) are not slowing us down; redundant processes are.
Rather than treating each application as a standalone compliance exercise, agencies are adopting continuous authority to operate (cATO), establishing secure pipelines that promote code across environments with minimal rework. That transition is how we achieve both speed and assurance, two qualities defense IT can no longer afford to treat as competing priorities.
Cloud-native approaches have become necessary
To support joint all-domain operations, agencies should consider mission capabilities that are elastic, fault-tolerant, and responsive. Cloud-native technologies such as containers, microservices, and serverless functions make it possible to scale based on mission demand, push updates without downtime, and avoid paying for idle infrastructure. However, adopting these technologies means rethinking how we secure and govern access across distributed environments. This is where we see agencies adopt Zero Trust Architecture principles.
Zero Trust as a replacement for the “partner enclave” mindset
In the past, services and coalition partners maintained separate networks and environments, creating duplication and slower collaboration.
Zero trust architecture (ZTA) changes the model. Instead of assuming cybersecurity is based on network location, ZTA enables agencies to continuously verify identity, device, and context. The department's ZTA framework provides the foundation agencies need, but the challenging part is applying those capabilities in environments where control is limited, users are distributed, and the mission cannot pause.
Done well, ZTA creates an operational enabler and not just a security framework.
Warfighters belong in the development process
Implementing these technical changes successfully depends on involving the people who will use the systems. Warfighters adapt. When they do not have the tool they need, they figure out how to use what they have. If we are not talking to them early in the development or migration process, we risk building solutions that miss the mark or disrupt operations.
The most effective modernization efforts I have seen start with the user by understanding what decisions they are making, what data they need, and what workarounds they have already created. That user-centered approach makes the difference between a technical migration and a mission enabler.
Emerging technologies support future missions
Beyond the technical and cultural changes we discussed, I am watching how emerging capabilities will shape the next phase of defense IT modernization:
- Cloud mesh architectures for disconnected or contested networks
- Artificial Intelligence (AI) and machine learning (AI/ML) for anomaly detection and self-healing infrastructure
- Sensor integration for turning battlefield data into mission intelligence in near real time
In addition to technology, cultural change is also a challenge. At Maximus, we often see that the real blockers to modernization are not technical at all. Requirements documents prescribe the solution instead of articulating the problem, which limits how agencies and industry can respond.
We see better outcomes with open-ended engagement, where agencies ask: “Here’s the challenge. How would you solve it?” That is where innovation starts, and where we see the most meaningful progress happen.
Read the full interview on MeriTalk: Beyond Lift and Shift: A Vision for Secure, Scalable DOD Cloud.