It's been said that a budget crisis is IT's time to shine. On the surface it may seem counterintuitive. But many argue that when the chips are down, technology solutions, if deployed appropriately, can drive efficiency and cut costs. However, as any public-sector IT veteran can attest, such a strategy can be a tough sell -- or, worse yet, the legislature has bought into technology as a viable solution to budget woes and starts issuing unfunded mandates to "do more with less."
Such was the situation in New York -- a state that, like most others, is in the midst of a budget meltdown. But even with severe financial woes, the business of government must go on. One job New York Deputy CIO Rico Singleton had before him was to improve the state's IT security. The challenge was to do it with a fraction of the money they'd spent on security in years past.
Securing a Deal
One approach many state agencies are taking to trim expenses is growing their mobile work force. Employees who work remotely don't need state vehicles, offices and a lot of the things that cost employers money. One thing they do need, however, is security for their mobile devices. So when Singleton was tasked with improving statewide IT security while also cutting costs, he had to factor in the mobile work force too.
Singleton started looking across the state at purchasing patterns that could be aggregated for enhanced buying power and economy of scale. During the state's annual technology planning process -- when agencies submit technology plans for the ensuing year -- IT security became the leading candidate for an enterprisewide overhaul, thanks in part to the New York State Office of Cyber Security and Critical Infrastructure Coordination having issued a requirement for encryption on all mobile endpoints.
According to Singleton, more than half the state's agencies had already standardized on McAfee security software. "So if you look at leveraging your current install base, and you see that they've already deployed in more than 50 percent of the agencies, then obviously there is a prime opportunity there to potentially leverage that value and savings," he said.
Singleton got in touch with former Kentucky CIO Mark Rutledge, who now serves as director of government strategies of McAfee. The two began discussing options for meeting the cyber-security office's requirements for cutting costs.
During those discussions, Singleton said the state gained an understanding of what products it would take to achieve 100 percent endpoint protection. "When we looked at what the agencies were currently procuring, we saw that we had only, on average, about a 10 percent level of protection across the enterprise."
In other words, the ad hoc approach meant the state was achieving only about 10 to 15 percent of the IT security it should have as an enterprise. The reason for the ad hoc approach, from an agency position, was that it was too expensive to buy multiple products or suites of products. So instead, agencies were procuring the security components they deemed most critical.
Singleton said that spurred him to find out if Rutledge could come up with a product suite that would work across the enterprise, offer total protection and cost the state less money.
"We have quite a few customers in the state of New York, and we held a majority of the security products," Rutledge said. "So when it came to New York wanting to find ways to maximize its budget spend, increase its security posture and meet mandates, McAfee decided that New York has been a good partner for us and we wanted to be