State CIOs struggle with cybersecurity, cloud computing amid rampant workforce changes, report finds
State government CIOs are being buffeted by the "forces of change" in technology, government and the public, a new report by the National Association of State CIOs (NASCIO) finds.
Doug Robinson, NASCIO executive director, pinpointed cybersecurity, evolving service delivery models, workforce renewal, and the prevalence of data as the key challenges facing governments. Robinson also put forth measures to address them.
NASCIO named cybersecurity as its top priority in its annual survey every year since 2013. Because state agencies hold massive amounts of personal information, they are attractive targets for hackers, cyber criminals and foreign entities, and in recent years states have become more vulnerable to attacks because of increasing sophistication and frequency of threats.
Sign up for the Healthcare IT News Privacy & Security Update newsletter.
"It’s evident state governments are at risk," the report said.
State governments face persistent challenges in cybersecurity risk reduction because of four key issues: inadequate strategic direction and organizational structure, constrained security budgets, increasing the sophistication of the threats, and lack of cybersecurity professionals.
Robinson recommended states prioritize their risks and adequately invest in data protection, security tools and training. In addition, states should plan for the consequences of a cyber incident or data breach with a robust response and recovery protocol, including a crisis communications plan.
Amid a wave of evolving service delivery models and mirroring enterprise IT strategies, state CIOs have focused since 2010 on continued consolidation, optimization of technology resources, and increased use of shared services and outsourcing. Inspired by cloud computing models, more than half the states now outsource at least some of their IT infrastructure and operations.
Despite the obvious merits of cloud computing in terms of pooling expensive IT resources and the consumption of services like a utility, the model's adoption raises policy questions related to procurement, data ownership, security and legal concerns that must be addressed, the report said.
While the growth of digital data and the power of analytics represent forces of change in state government, only a small percentage of data collected by states is ever analyzed for actionable insights.
State agencies recognize data management is essential to improved service delivery and program integrity and they are responding to the public demand for open data and presenting more datasets in online portals and dashboards.
"There is power in analyzing data with new tools and capabilities," the report said. "However, states will need to focus on appropriate roles and responsibilities, while being attentive to security and privacy concerns."
State CIOs must address cybersecurity, growing data sets and shifting IT delivery models against the backdrop of pending retirements and the challenge of recruiting new IT talent to state government.
Talent retention is even a crisis in the eyes of some observers. More than 90 percent of states, in fact, said salary rates and pay grade structures hinder attempts to attract IT talent in critical disciplines such as cybersecurity, application development, project management and data analytics.
"It remains to be seen if states can fill the IT pipeline and retain the talent they recruit,” NASCIO said. "What's clear is the transition to a digital government world is highly dependent on a skilled and capable state IT workforce."