Despite a trend in recent years to centralize enterprise IT, not every jurisdiction is ready to make the move toward consolidation. Here’s a look at several governments’ paths to the IT environment that works for them.
Consolidated. Federated. Hybrid.
Which option is best, and more fundamentally, what does each one look like? The question of how government IT should be structured has no easy answer. It depends on who you ask, and a long list of variables: leadership, staff, services, governance, infrastructure, ideology and multiple other factors across every agency in a municipality or state. And so, settling on an overall IT structure is like making dozens, if not hundreds, of critical decisions. And what goes without saying is that nobody is starting with a blank canvas.
In recent years, U.S. governments have tended to favor a centralized, or consolidated structure for information technology, where a single entity handles most IT services for all departments. Of the 15 states that transitioned to a different IT structure between early 2016 and the end of 2018, 13 moved in this direction, according to data collected by the Center for Digital Government.*
But not everyone wants to fully centralize. Five of the 13 states switched to a more hybridized system, where individual agencies still hold some authority over their IT. Moreover, consolidating IT requires years of patience and persistence. As put by Mississippi CIO Craig Orgeron, one of the country’s longest serving state chief information officers, “What I know about consolidations from other states that have done them is that they’re very, very difficult, and they’re very, very painful,” he said, adding, “Not that they’re not good to do.”
We reached out to a number of city and state tech leaders about how their IT operation is structured and why. Here’s what we found.
Nebraska CIO Ed Toner says running a consolidated IT shop like his is like a private company that focuses on customer service to achieve success. / Photo: David Kidd/Government Technology.
In 2017, the Cornhusker State completed its IT consolidation under the leadership of CIO Ed Toner. As with other similar initiatives, cost savings was a major driver. The state eliminated more than 10 percent of its server farm through consolidation, and Toner’s team also set up eight service centers that support clients in different regions of the state, reducing the travel time to deliver services. “We were traveling as much as six hours just to do a simple support call,” Toner said.
Additionally, thanks to the new service-center model, annual surveys have shown increased customer satisfaction. Toner said the average customer satisfaction rating — based on a scale of 1 to 5, with the latter indicating excellent service — was 4.7 last year.
The restructuring also presented unexpected opportunities. Nebraska IT decided to create a centralized compliance team by combining different agency staff members, such as HIPAA experts from health and human services, IRS 1075 experts from revenue and CJIS experts from the state patrol. This idea has led to enhanced professional development. “Everyone is an expert in their own field,” Toner said. “But at the same time, since they’re all now together, I’ve got a person who was an expert on IRS 1075 who now is an expert on HIPAA rules.” Toner called this amalgamated group a “SWAT team for audit and compliance response” that is tackling audits more efficiently than ever.
Five years ago, an executive order from former Gov. Bruce Rauner established the Illinois Department of Innovation and Technology (DoIT) to take control of the IT functions of the state’s various departments. Kirk Lonbom, then state CIO, faced the gargantuan task of consolidating IT staff scattered across 38 agencies.
Before Lonbom retired in December 2018, he cited many notable accomplishments as part of the state’s IT centralization effort. Staff from 10 state agencies had assimilated into DoIT, and employees from 14 more departments were expected to move to DoIT within six months. Illinois saw cost savings of roughly $70 million through a new data center, a new open data portal and a new data dashboard, he reported.
But in 2019, under the leadership of Gov. J.B. Pritzker and CIO Ron Guerrier, the state made a U-turn of sorts in regard to its IT structure. Guerrier, who came into his role with more than 25 years of private-sector IT experience, halted the staff consolidation process. Instead, he felt a more federated model would put IT staff members in a better position to address agency-specific issues.
“There’s no way a centralized DoIT team could meet all the needs of all the agencies, given all their disparate, different and unique challenges,” he said. “What I’m asking the team to do is where there’s commonality, leverage the commonality, but where it’s something very unique to the agency, we’ll work as a team to find those unique solutions.”
Staff morale seemed to play a significant role in Guerrier’s more federated approach as well. He said the stress level of state agency heads took a nosedive after they learned that no more moves to DoIT were planned. And while Guerrier wants to make sure that he can vet particular ideas, he also believes in the idea of sharing power and responsibility.
“I want to make sure [staff] feel empowered to do what they need to do for the betterment of the state,” he said. “In my estimation, strategies will die if people are not tied into it.”
Nebraska IT has enjoyed several other advantages related to consolidation, including improved application management. But greater control comes with greater pressure. If something goes wrong, Toner knows where the blame will go. “You manage everything that happens in the state now, and so there is no finger pointing. … We know it’s us. Or at least our fingerprints are on there somewhere.”
Toner, who came to Nebraska IT from the private sector, likened his organization to a private company that must focus on customer satisfaction to avoid going out of business. “It’s not much different with a consolidated state, because if they don’t think they’re getting the level of service they deserve, then this whole thing could fall apart.”
As far as the challenge of merging operations and resources is concerned, Toner’s perspective again draws on his experience in the private world. To encourage buy-in, he recommends building a strong business case using every piece of available data before proposing any action.
But did he have an easier time of it given the relatively small size of the population, and therefore the state workforce, in Nebraska? He doesn’t think so. Bigger agencies tend to be more mature, he said, and get on board more quickly with change.
“They also may be really good at what they do, and so you have to be willing to adopt their standards when their standards are better than yours,” he said.
When Saad Bashir, former CIO of Ottawa, Ontario, Canada, took over as Seattle’s chief technology officer in 2019, he inherited a centralized IT enterprise. There were still small pockets of tech staff in different departments, but all corporate IT functions rested in one agency for the purposes of consistency, cost control and client experience.
Bashir found, however, that more change was needed. “Although [the city] had made such a huge change three-and-half years ago … organizational change management practices perhaps were not put into place at that time,” Bashir said. “And so there were still a lot of what I call small dragons that were not addressed … there was a sense that we were still a shop of many different smaller IT shops.”
One of Bashir’s ideas made headlines. In May 2019, Seattle eliminated 14 IT positions, ranging from directors to middle managers. The idea was to remove hierarchies that had developed over time in order to fully unlock the decision-making power of the organization, Bashir said.
But the biggest shift in 2019 was transforming the way Seattle IT was perceived. After hundreds of conversations with both IT staff and clients, Bashir realized his agency was sort of a bottleneck when it came to receiving and acting on client requests. “We had become such a big, insular department. We did not have the pulse of the organization. We couldn’t predict what our clients were looking for,” and that, according to Bashir, affected morale.
In response, Seattle IT made various adjustments. It combined similar types of client-facing functions that were previously fragmented across the department, and created governance structures to foster a more participatory environment. It also heavily invested in bolstering its staff’s skills — both technical and soft. It overhauled processes to ensure, for example, that tech was being introduced and patched on an appropriate and timely schedule.
Bashir opined that every public-sector entity is facing similar issues, but many shy away from making the tough decisions, either by developing strategic plans or asking for millions of dollars before they do anything.
“I don’t believe that it’s a question about money or it’s a question about having some consultants do a big long-term strategy for us,” Bashir said. “We are talking about some really bread-and-butter type stuff, opportunities that we have in front of us.”
While CIO Craig Orgeron's IT office runs major systems like telecommunications and the state data center, Mississippi agencies are otherwise responsible for thei rown tech functions. / Photo: David Kidd/Government Technology.
What kind of IT structure does Mississippi have? From a people and money perspective, IT is decentralized or federated. Each agency has its own IT personnel and its own appropriation for technology. “There is not an omnibus technology bill that would represent the people and the money in terms of the spend,” CIO Orgeron said.
When it comes to IT functions, the picture gets more complicated. Orgeron’s agency, the Mississippi Department of IT Services (ITS), runs and administers all telecommunications programs, whether they’re related to telephony or the Internet, even though state dollars for telecommunications go to the other agencies before finding their way to ITS. His agency also represents the only state data center, with two mainframes and thousands of servers.
Outside of those major examples, individual agencies are doing their own thing. “The compute side of the business is not consolidated,” Orgeron said. “There is a tremendous amount of infrastructure sprawl across the agencies and that’s really a product of the last 15 or 20 years.”
In other words, the only way Mississippi could identify the IT infrastructure throughout the state would be by survey. Orgeron candidly said that the state “just doesn’t know the answer” about some of its IT tools because of the lack of standardization. “I’m not saying it’s good or bad,” Orgeron explained. “I’m just saying there isn’t any sort of scale to any of those solutions.”
Philosophically, Orgeron doesn’t believe consolidation is always the right approach. For one thing, consolidation doesn’t automatically drive efficiency. For another, Orgeron predicts the commoditization of the cloud through companies like Amazon and Google could change the IT landscape of Mississippi “pretty dramatically and relatively quickly.” Something that would take Orgeron’s agency three or four days to accomplish could be done in 15 to 20 minutes thanks to “tremendously scalable cloud solutions.”
“I see the way we’re structured now more as a strength than I have in the past,” he said. “Because it allows a centralized IT organization like us to basically build an ecosystem … which can be consumed, and it can be built without many, many millions of dollars of capital investment, which can take years to do on the government side.”
In other ways, the decentralized aspect of Mississippi’s IT structure will continue to pose different challenges. In October 2019, state auditor Shad White released a report indicating that many agencies in Mississippi were “operating like state and federal cybersecurity laws do not apply to them.” White’s audit came about as part of a 2017 state law that speaks to what departments need to do with cybersecurity while also acknowledging the individual governance of each agency.
Orgeron wasn’t surprised by the lack of uniform security standards across the state. “These agencies are like individual organizations or companies,” he said. “They’re managed differently. They have different skill sets. They’re funded differently. So I think what [the audit] teased out is potentially the need for not an intrusion into each agency but a more standard look at what is the baseline for a security program in each agency.”
When you’re in Orgeron’s position, you can’t force a mandate on issues like cybersecurity. You have to work within the existing political structure.
*The Center for Digital Government is part of eRepublic, Government Technology's parent company.