A call for governance and risk abatement, not just system integration

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Rob Davies
 

Connecting state and local government leaders

By Rob Davies

|

So-called "last mile providers" can give enterprise IT buyers greater control, while removing the chaos of decentralized governance.

Let’s say you’re a buyer of enterprise-class systems, and you’ve just assumed an acquisition posture for a multisite deployment. Like many of your contemporaries these days, you are conducting due diligence for an IT service provider that can assemble storage, analytics/cyber, networking and computing. Like any informed consumer, you want to find a system that is future-ready and exceeds specification. What’s more, you’re looking over the horizon at next-generation hyper-converged solutions. There’s no shortage of options, and all appears to be well. Yet, while you’re in acquisition mode, system governance may not be top of mind … and that’s where systems and reputations are won or lost.

At this stage in the search, acquisitions are typically focused on corrective efforts and addressing known system deficits. Looking forward to setting up governance policies and practices is not nearly as prevalent.  It’s common that many IT buyers look to the original equipment manufacturers for designing and implementing system governance, but often OEMs may focus only on the element of the system they deliver (e.g. storage, cyber, computing) and not provide an over-arching governance strategy that ties them all together.  

System governance is not just about who gets admin rights and whether permissions should be centralized or distributed. That’s part of it, but governance is equally about risk -- including  confidentiality, security, data retention, disaster recovery -- compliance and a framework for best practices and system control. In short, the goal is to harmonize the IT strategy and business objectives, in the broadest possible sense.

Guidance for governance

When implementing system governance, there is no shortage of third-party guidance.  The field has its own impressive array of acronyms, including Control Objectives for Information and Related Technologies (COBIT), IT Infrastructure Library (ITIL), Committee of Sponsoring Organizations (COSO), Capability Maturity Model Integration (CIMMI) and Factor Analysis of Information Risk (FAIR).  No matter what standard is ultimately adopted, an atomized view of your new IT network, even when OEMs are doing stellar jobs, will generally not automatically implement the requisite risk-assessment and compliance protocols a good governance system requires.  

In your procurement searches, you may even have engaged in a longitudinal solution search through so-called “marketplace” providers, who increasingly offer only as-a-service solutions -- especially if they serve government clients who are increasingly mandated to select as-a-service solutions.  These providers allow access to multi-vendor solutions, serving as a brand-neutral systems integrator. 

Working as the customer advocate, these third-party providers will wrangle multiple top-performing OEMs, get the prices right and deliver the solution -- storage, computing, networking -- all in one environment.  Because they engage top OEMs, it’s easy to make an assumption that governance is somehow being taken care of.  As implementation wraps up, you, the customer, are probably feeling relieved because the network exceeds your specification, the computational power is exceptional, the active archiving solution performs as promised and the remote access works as proposed.

Eventually, though, reality sinks in.  The practical implications of governing a multisite implementation are many.  Problems are common, particularly when there are multiple vendors, with overlapping service and support teams. If your system design distributes overarching governance to each of the nodes, rather than concentrating it in a central location, where managing the multiples service-level agreements should take place, there may be major gaps.

As a result of this common mistake, a kind of chaos takes hold for the simple and (in hindsight) obvious reasons that too many people have localized governance, yet no one person has been deputized for systemwide governance. Practically speaking, at this point in your implementation, there’s tons of activity: Support tickets are flying, but ticket escalation staff are confused as to which concerns are major systemwide bugs, which are minor site-specific issues and which fixes have implications for larger issues of security and compliance. Paralysis can set in.  And while the enterprise could be at legal or existential peril, the admin teams can easily lose sight of that risk.  The idealized vision you had of a harmonized, multivendor system can buckle under a round robin of who’s responsible for what.

Clearly, this governance issue dilemma is motivating more IT consumers to integrate their platforms with system governance as an aforethought, not an afterthought.  Moreover, marketplace-model, as-a-service providers are especially well-positioned to bridge the gap from technology to implementation to governance, preferably in that order, taking on the hard work on the customer’s behalf and predicting the pitfalls of, say, ill-advised governance distribution/concentration, while offering tools to make that governance easier, across a spectrum of providers.

In fact, the very best as-a-service providers are those that prove their worth through implementation of customized solution governance in a way that takes into consideration all the facets of technology and implementation from leading manufacturers, as well as the needs of multisite organizations.  These providers --sometimes called “last mile providers” -- leverage the marketplace model to give the buyer greater control, while removing the chaos of decentralized governance.  These brand-agnostic aggregators price, manage and integrate the manufacturers' technology, while remaining focused on the client’s desired outcome, advising just as actively on IT integration as on best practices for system governance, compliance and risk abatement.

NEXT STORY: As states lag on cyber training, agencies are fertile phishing grounds

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.