Connecting state and local government leaders
COMMENTARY | Future trends in state IT were highlighted during the 2020 NASCIO Annual Conference.
Like the rest of 2020, the National Association of State Chief Information Officers (NASCIO) Annual Conference looked a bit different this year. Despite moving to a virtual conference, we still had the opportunity to share ideas, have meaningful discussions and present new data. Chief among those discussions was how the world of state IT has and will change post Covid-19.
The rapid shift to remote work and the exponential increase in the need of citizens to apply for government assistance benefits thrust state chief information officers (CIOs) into a leading role of ensuring the IT infrastructure had the capability and capacity to perform. As a result of these experiences, state IT operations since the beginning of the pandemic have undergone a transformation that will usher in a new era of state government operations. State CIOs identified the trends (see Figure 1) that they foresee in the coming years will make up this new era:
As the post pandemic world begins to take shape, states will need to consider how IT systems accommodate new ways of working. Primarily, that will mean ensuring adequate broadband access, cybersecurity and resiliency. Relatedly, these changes will have implications for the role of state CIOs and intergovernmental collaboration in the coming weeks and months ahead.
Much attention has been placed on broadband access this year, particularly areas that are unserved and underserved. As a result of this challenge, 81% of CIOs said that their states will now accelerate the implementation of their broadband strategies. As one CIO told us, “There is a challenge to help kids in rural areas connect to their classrooms. I imagine we will become more involved in helping to solve that issue.”
A key to all of this work is ensuring that state IT operations function efficiently and securely. The pandemic not only reinforced the need for security safeguards but also helped to establish stronger ones. State chief information security officers (CISOs) are essential to this effort. Although they historically have been under resourced, CISOs are working closely with IT departments to ensure the security of the virtual work environment, technology infrastructure and supply chain. The main security measures that were important to both pandemic-related operations and in the future are highlighted in the 2020 Deloitte-NASCIO Cybersecurity Study. The measures include:
- Safeguarding teleconferencing and video solutions and updating policy and procedures
- Establishing secure work connections with multi-factor authentication
- Providing guidance on phishing and disinformation campaigns
- Ensuring continuity of operations plans/business continuity plans are updated
- Providing continuous guidance on Covid-19 related scams and precautions
Another security component that will be a staple in the future is the centralized cybersecurity model. In the 2020 Deloitte-NASCIO Cybersecurity Study, nearly 75% of state CISOs believe that a centralized cybersecurity governance model—where a CISO is responsible for cybersecurity of all state agencies— can most effectively improve the cybersecurity function. (By moving to a centralized model, states may be able to consolidate resources and break down the silos of efforts across enterprise-level and agency-specific programs. A centralized structure will also help with the adoption of critical services, such as risk assessments, threat monitoring and identity and access management, as well as lead to increased cybersecurity budgets and improved workforce competencies.
Ensuring the continuity of government was of the utmost importance at the start of the pandemic, testing the resiliency of state IT systems. While most CIOs had disaster recovery/business continuity (DR/BC) plans in place prior to Covid-19, almost all said that they wished they had reviewed and updated them more regularly. We also specifically asked which states had a pandemic annex as part of their plan prior to Covid-19 and only 32% did. We certainly expect that more, if not all, states will include a pandemic annex as part of their DR/BC plans in the future.
Role of the CIO
While we know that a greater emphasis on digital government, broadband, remote work and legacy systems is coming post pandemic, we don’t know when “post pandemic” will actually be. But, if I look into my crystal ball, I predict that, regardless of where we are in our response and recovery, the role of the CIO will continue to move beyond a direct service provider to a broker model where they act as an intermediary to deliver IT solutions and services. In the State CIO Survey, when asked what business models and sourcing strategies their organizations currently use, only 20% of respondents (see Figure 2) indicated that they own and operate all state IT assets and operations (down 11 percentage points from when we asked the question in the 2016 State CIO Survey). Additionally, when asked about their three-year plan to deliver or obtain IT services, CIOs continue to report (see Figure 3) they will be focused on expanding outsourcing, managed services and as-a-service models, as well as downsizing state-owned and operated data centers.
Increased Cross-Governmental Collaboration
In both the CIO and cyber surveys, we saw an increase in state and local collaboration. As we reported in the Deloitte-NASCIO Cybersecurity Study, collaboration with local governments and public higher education is critical to managing increasingly complex cyber risk within state borders. Additionally, 76% of state CIOs reported increased collaboration and communication with local governments in the last year and I predict this number will be even higher in the future. As one CIO told us, “we will continue to do what we can to work with local governments.”
Meredith Ward is the director of policy and research at the National Association of State Chief Information Officers.