In government, as in life, there are cuts that injure and cuts that heal. As they continue to slog through the wreckage of the Great Recession, state and local leaders have a challenge to be surgeons rather than hacks and make this era of crisis into a season of fresh starts.” — Time magazine, June 17, 2010
With the November 2010 U.S. election still fresh in our minds, and with a host of newly elected officials (and newly appointed CIOs) preparing to make their mark on civic life, now seemed an opportune time to examine the relationship between these two groups more closely. More specifically, in the midst of the Great Recession described in the Time magazine quote above, how does a new CIO articulate and demonstrate IT’s value to his or her administration’s overall political agenda and guide government leaders toward the aforementioned “cuts that heal?”
As Microsoft’s former chief security adviser to state and local governments, the difficulty in selling the seemingly intangible value of IT isn’t lost on me. I was responsible for driving proactive cyber-security policy awareness and investment with government IT leaders and elected officials. In my role, there was often a perception by elected officials that cyber-security was an insurance policy that one paid into endlessly but rarely generated any political value. A tough sell indeed, but if I were at all successful during my tenure, it’s because I focused on leveraging rather than ignoring the difficult times and changing the conversation — which also is applicable to defining broader IT value.
Given that the first order of business for almost any new administration is producing a budget, we’ve all no doubt seen this headline in one form or another during transitions: “New governor takes office and finds revenues lower than expected and expenditures higher than expected. Cuts to be announced shortly in new austerity budget.”
While there historically has been an element of political theater to this type of announcement, it rings truer than ever under the ongoing and well documented budgetary crises occurring nationwide. For the CIO, this inevitable event also poses a serious problem: An incoming executive may have had little exposure to the value of the state’s IT organization, and thus may have no opinion of the CIO’s work. Or worse, the incoming governor sees the CIO as a pure cost center and ripe for potential “cuts that hurt.”
The good news is that as incoming leaders take stock of the historically unprecedented budgetary shortfalls they’re facing, even the most optimistic will realize that the usual rolling 5 percent cuts will never make a dent in the problem, and big ideas and bold action are needed.
Public CIO readers won’t be surprised to know that elected officials are a highly specialized audience whose priorities can at times seem vexing when one has a technology agenda to promote. Let’s face it, everything an elected official does in tenure to make or keep citizens happy is to get re-elected. This isn’t intended as a pejorative observation. In fact, it’s the nature of the beast, and the system is designed for them to be the uber advocate for citizen-focused thinking. Success when dealing with elected officials really lies in getting ahead of and guiding certain key conversations to a place that serves the interests of both the elected official and administration as a whole (innovation, cost-efficiency, risk management, etc.). And when this works, it is easy to identify. At Microsoft, for example, the executive education/envisioning briefings on particular solutions with government customers typically have been attended by the IT leadership. But we increasingly see those IT leaders proactively invite their elected and line-of-business stakeholders to the sessions to ensure that their perspectives inform technology decisions.
Defining Important Conversations
I’ve found that much of the success in my work is due to changing the conversation (and, by extension, the perception) of the people I interact with. For example, when I took over my chief security adviser role, the conversation relating to Microsoft and security was highly adversarial and almost exclusively about patch management. For the first year and beyond, I made it my job to refocus that conversation on building partnerships in service of more effective cyber-security response. I also talked more broadly about risk management — something elected officials understand and care about.
As it relates to this audience as far as selling the value of IT, here are a few “first things first” conversations that will be important for new CIOs to define as early as possible with their elected leaders.
Quantifying the value of citizen-facing technology initiatives to elected officials is straightforward; doing so for internal-facing technologies, however, typically has been more of an uphill battle. A potential way to frame any technology initiative is in the context of collaboration. One way to think of government is essentially as a collection of workflows in service of positive outcomes for citizens/taxpayers. These workflows are moved forward by people who, even in pure financial terms (fully burdened salary, benefits, pension, etc.), are the most valuable asset of any government. And when manual processes, productivity gaps and redundant work exist within these workflows, you get human latency-driven outcomes of government — i.e., missed connections that cost money and more importantly, delay the people. Something as simple as the problem of phone tag is a great example of this. If we accept Gartner’s estimate that by 2015, 80 percent of work outcomes will need explicit input from and the cooperation of two or more people, and the work will seldom be done in person, the importance of seamless collaboration cannot be overstated. Thus, whether a proposed initiative is a new internal portal or improvements to an existing 311 system, it’s always about enabling people to better do their part in getting to citizen-relevant outcomes sooner.
And let’s be clear: Two facets enable CIOs to get their mission to resonate with elected officials (and those around them). First, there’s perception — can they “feel” your organization’s commitment to collaboration (results, customer service, etc.) — and then there are the actual things you deliver, both internally and to constituents. For IT to be perceived as a partner and as delivering value, a change on both counts is required. Here’s another way to think of it: If government is a car, cyber-security is the brakes that allow the car to safely forge ahead with, in this case, its technology agenda. And collaboration can be thought of as the oil that reduces friction in the engine, letting the car run more smoothly and efficiently.
Quick Wins, Broad and Visible Impact
There’s a shift afoot in how governments perceive and act on technology initiatives. Elected officials today are leery of massive 18- to 36-month “Hoover Dam” IT projects that have so often delivered questionable outcomes — or outcomes that are not measurable. They want quick wins that ultimately impact many users/citizens and that are deliverable in a short time span — wins that may only involve one agency or constituent group at the outset, but ultimately prove out a larger concept without the 36 months of hand wringing and perceived risk. Once proven, the focus becomes the next agency, next electronic form, next constituent group, etc. But for the elected official, the perception of risk has been reduced and trust gained. The projects must be strategically visible and deliver incremental value. A former public CIO colleague of mine said, “I could spend all day keeping the public safety system from collapsing in a storm, and no one would notice. But if I drove awareness about the upgrade or addition of a new tower to improve public safety communication, they would throw me a thank you lunch.”
In my chief security adviser role, I witnessed firsthand how state and local government IT agencies continue to labor under the burden of highly fragmented, redundant and difficult to manage technology infrastructures. While the reasons for this situation are understandable (and far more involved than we can address here), the fact remains that the “islands of information” problem is arguably the single largest inhibitor to modernization of government systems — and we can no longer afford to keep kicking the can down the road on this problem.
The idea of government agencies consolidating and/or sharing resources to reduce cost and improve efficiency is nothing new — and the math for it has long been sound. Technological innovations like cloud computing are helping reboot the idea of consolidation. But beyond that, driving a definitional and tactical shift in the conversation also is required. Put simply, consolidation is not just about where the bits and bolts reside. There is low-hanging fruit in a broadly conceived consolidation process that can drive immediate benefits — those quick wins referenced earlier such as standardization of desktop images or procurement consolidation. A recent example of this is New York City Mayor Michael Bloomberg’s October 2010 IT modernization announcement. While the city’s planned move to the cloud for more than 30,000 employees was groundbreaking, just as interesting was Bloomberg’s announcement that simply by consolidating core IT procurement for all city agencies, he expects the city to save more than $50 million. If we look more broadly, we find that the governments typically lauded as being the most “digital” — like Utah and Michigan — are ones that have tackled consolidation in one form or another, understanding that it’s a stepping stone to many other outcomes they’re seeking.
The Cloud Thing
Cloud computing is top of mind these days, yet the definition of “cloud” and its value to state and local governments often has been highly problematic. Most elected officials don’t know what cloud computing is — they’ve never heard the term — yet they likely have unknowingly used cloud services for a long time (webmail, etc.). So one must ask: How useful can a term be if it distances people from things they’re already benefiting from? And for those who have heard the term, it’s often misunderstood or reduced to a buzzword. In a recent meeting with a governor, we spoke about cloud computing, to which the official said, “I don’t know what this cloud thing is, but I gotta get me one.” While it would be easy to dismiss this as just a humorous remark, it is distressing when an important industry term becomes almost a fashion statement. It’s indicative of a level of hype and misconception that, in the hands of budget-wielding, elected officials can become hugely problematic and distracting to the CIO’s strategic aims. This is the reason it’s important to reinforce with political leaders that the cloud is not a destination, but a potentially powerful tool for solving business problems. However, it doesn’t come before the business problems. Also important will be distinguishing for political leaders the difference between what they see of the cloud in ads or at home and the more exacting requirements of an enterprise cloud strategy.
Consumerization Without Compromise
The Institute for the Future estimated in 2009 that 47 percent of employees work beyond regular business hours, while 32 percent also do personal activities at work. And this trend will become more important as Millennials continue to grow in the work force, replacing many of the mass of civil servants retiring in the next several years. Given that Millennials lead far more digital lives than previous generations — having grown up with the Internet — they’re expecting to bring the tools of their current digital lives into their new workplace, and will choose workplaces in large part based on such considerations.
Elected officials are also keenly aware of the shifting demographic in their constituent base and are seeking new ways to leverage technologies that will show their face to new demographic groups in new mediums — such as blogs, Twitter and smartphone apps. The rub here is that they will often do this outside the scope of IT’s control, which can introduce risk to the administration. For example, in a recent meeting with a city council member, we talked about an iPhone app that one of his interns helped him create to more easily interact with his constituents. He couldn’t have been prouder of how easily constituents could install the app and e-mail him, and he would immediately see it. The problem with this otherwise wonderful tool, as it turns out, was that it had been built completely without the knowledge and support of the city’s IT department — it completely bypassed city mail systems and associated records management processes, thereby creating potential compliance and security risks.
It’s important for CIOs to accept that this trend is inevitable. So rather than shutting down firewall ports, and officially and irreversibly becoming “the agency that says no,” get ahead of this conversation and position IT as the de facto partner for a measured, planned embrace of consumer technologies. Be the lead voice in sifting through the pretenders who bring too much enterprise risk for the capabilities they provide to arrive at a manageable, happy medium.
And don’t forget about integration between work and home! Introducing consumer technologies that can’t integrate with anything in your enterprise simply continues and even exacerbates the islands of information problem because government workers (and people in general) increasingly want technology tools that reflect a seamless, 360-degree view of their digital life. For example, Microsoft integrated the video-chat capabilities of the new Kinect Xbox 360 controller with the video-conferencing capabilities of Windows Live Messenger and Lync, the company’s enterprise instant messaging/presence/video/audio conferencing solution. So when I travel for work, I can video conference via my Lync client with my family on the consumer device, the Kinect, and get the benefits of consumerization without the risk.
Ultimately in my chief security adviser role, I found that life was too short to spend my time engaging elected officials in some philosophical debate designed to suddenly make them care about cyber-security for its own intrinsic value. Rather, I worked to recast that conversation in terms of risk management — risk to infrastructure, risk to public image — and found that when connecting what I cared about to things they already cared about, most were more willing to listen and act. The same is true in selling the broader value of IT. If CIOs do these things, they will be better positioned to define IT as a living, breathing example and enabler of government at its best.