State CIOs List Security as Top Priority for 2015

CIOs at federal departments and agencies may have their hands full as they grapple with a bevy of mandates and government-wide initiatives to modernize their IT deployments, but state CIOs are carrying a heavy load, as well.

The National Association of State CIOs (NASCIO) recently surveyed its members to identify their goals for the coming year and their priorities for purchasing services and applications.

As a group, they have an ambitious agenda.

Priority 1: Cybersecurity

State CIOs name cybersecurity as their top priority for 2015, setting their sights on areas like risk assessment, governance and the appropriate levels of funding to shore up digital government systems. Additionally, CIOs say that they are aiming to guard against insider threats and tighten up their monitoring of the third parties that are handling more and more vital processes at a time of increased outsourcing.

It’s a concern that NASCIO is working to address on an institutional level. On Wednesday, the organization announced that it received a $100,000 grant from the Department of Justice to develop and promote repeatable practices for responding to a cyber incident and deploying cyber analytics across state governments.

“Cybersecurity remains a top priority for state CIOs and CISOs as well as governors,” Ohio CIO and NASCIO President Stu Davis said in a statement.

NASCIO’s recent survey echoes the findings of an earlier study the group conducted in partnership with the consultancy Deloitte, in which state CISOs noted that the troves of citizen data housed in their systems make them attractive targets for hackers.

That study also highlighted challenges that state IT officials face in funding their security operations, running the gamut from winning the support of executive leadership to the same hard budget constraints that, though mildly improving, nonetheless affect most government activities.

“The improving economy and states’ growing commitment to cybersecurity have led to an increase — albeit small — in budgets,” the report notes. “Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs — it continues to be the top barrier for CISOs.”

The Deloitte study also found that most state governments are operating without a set plan for responding to a cyber attack and conducting the digital forensics needed to identify the source of the breach. With the DoJ grant, NASCIO hopes to advance more formal processes across state governments.

“Our goal is to bring all the states up to some level of parity related to these capabilities as well as cyber threat analytics,” says NASCIO Executive Director Doug Robinson.

Priority 2: Adopting Cloud Services

State CIOs named the adoption of cloud services their second priority for 2015, with survey respondents identifying strategy, provider selection and governance models, among others, as key areas of focus. Unsurprisingly, CIOs said that security is also a top concern as they consider moving services and applications to the cloud.

Priority 3: Optimize and Consolidate Resources and Services

Checking in at No. 3 on state CIOs’ list are efforts to optimize and consolidate resources and services, including physical infrastructure such as data centers, much as the feds have been doing in an efforts to reduce their IT footprint and move to a streamlined, multi-tenant cloud architecture.

These are not new priorities, NASCIO’s Davis notes.

“Security, cloud services and consolidation remain at the top of the list for the third consecutive year,” he says.

Other Priorities on NASCIO’s List

Farther down the list of state CIO priorities are efforts to enhance broadband and wireless connectivity, managing IT costs in a frigid budget environment, and recruiting and developing top talent — a challenge facing government technology officials at all levels.

Rounding out the state CIO agenda are initiatives to block out a strategic IT roadmap, advance mobile technologies and polices in the workplace, develop and test a cohesive disaster recovery and business continuity plan, and improve the tech shop’s CRM operation.