Though efforts to consolidate government IT services have failed in the past, experts indicated at a summit on the topic Monday that those lessons will contribute to the ultimate success of the more recent and updated approach known as shared services.

Nearly 200 industry and government executives gathered to learn about the business case for shared IT services and governing the process toward the effort at the Government Information Technology Executive Council (GITEC) Summit in Baltimore, Maryland.

While the federal model for sharing services across government has so far gleaned attention for the cost savings it promises, it will also mean more resources for agency missions and better services in the future, said Department of Homeland Security CIO Richard Spires. And though not without challenges, he added, the current model makes more sense than past efforts to achieve similar results.

“I think there was a bit of a mistake made in the last administration,” Spires said, referring to the Line of Business initiatives in 2004, which aimed to identify ways in which services commonly found in numerous agencies can be provided in a more efficient manner.

“E-travel makes sense and grants management makes sense,” he said. “The problem is, we all have these unique business processes. To just drop in and force you to move to one of these application systems is just flat out difficult. We’re actually trying to change the model.”

Spires said the federal shared services strategy makes more sense than the previous initiatives because it allows agencies to “start with the easy stuff” such as commodity IT, in order to save money and reassign workers to further agency missions rather than email administration, for example.

John Kost, who served Michigan as the first state CIO and is now a vice president at Gartner, Inc., agreed.

“It’s not just a big bang approach anymore which has failed everywhere,” he said, noting efforts here as well as in Canada and the UK during an expert panel after Spires’ speech. “It’s a bottom up approach and it has tremendous potential. One of the reasons things break down is because these things haven’t been done and they’re scary. We’re moving toward a time when more managers are willing to do it.”

That engagement, he and other panelists said, is key to a framework for success.

“With VanRoekel’s plan you can see how it incorporates all levels of departments in the process, broken down to granular level and based on business functions,” Kost said.

It was apparent from Federal CIO Steven VanRoekel’s address the night before, as well as Spires and the panelists, that the shared IT strategy has gained momentum in leadership ranks. All acknowledged managing the change can be difficult. But they said communication, transparency, collaboration among all agency ranks and partners and a focus on goals and results made a huge difference at their agencies. Being “easy to do business with” helps, too.

“I don’t know any CIOs …who have the organizational clout to make these things happen,” Kost said. “You have to have the right people on board. And I’m not just talking about a mandate. The governor of Colorado did that and it still didn’t happen. You’ve got to have leadership engagement.”

He added: “As far as being easy to do business with, simply not being monopolistic and arrogant is the first thing to get over,” Kost said. “It’s still way too widespread in public service organizations.”

It was also clear, however, that some still aren’t completely convinced the shared services model can work.

Attendees voiced familiar concerns and echoed questions posed in other arenas, particularly surrounding security. Spires said FedRAMP will help with some of the issues and that some federal agencies are on a path toward continuous monitoring.

“Security has been a barrier to shared services, but let’s not kid ourselves about all of these legacy systems. Don’t think that they’re highly secure,” Spires said. “We have significant issues with security because of our legacy systems. … We can’t fix the vulnerability because of the architecture.”

He added: “Marry a good continuous monitoring system and trusted internet connection and there’s no reason you wouldn’t be just as secure using a public cloud-based service as you are with using one in your own data center.”