Roughly five years into the state's IT consolidation, officials are citing substantial benefits in their operations and cybersecurity standing.
Roughly five years after Oklahoma began to unify information technology (IT), that process is largely finished and has saved the state hundreds of millions of dollars, officials told Government Technology.
By centralizing IT under the auspices of the chief information officer, the state has saved more than $350 million in reduced “IT spend and cost avoidance,” Oklahoma Chief Operations and Accountability Officer Matt Singleton said, noting that number is based on the state’s new, final quarterly reports.
Since beginning IT consolidation, Singleton said Oklahoma technology officials have successfully completed unification at 77 of 78 agencies identified; and an additional 33 agencies that effectively volunteered.
As for the 78th agency identified, Singleton said: “We’re working with them,” but pronounced unification otherwise “substantially complete.”
During unification the state completed 1,171 agency-specific and statewide projects focused on IT and enhancing the client experience, Singleton told GT, during a conversation that included CIO James “Bo” Reese and Chief Information Security Officer Mark Gower. But additional updates continue, including for public safety agencies.
IT officials discovered public safety had “had some pretty unique needs around CJIS compliance,” Gower said, referring to federal Criminal Justice Information Service standards agencies are required to meet.
The CISO said that instead of bearing the cost to make the entire state data center CJIS-compliant and meeting partner needs as well, the state decided to expand and further securitize an existing data center at the Oklahoma State Bureau of Investigation facility.
“We … expanded that facility so we could unify what I believe is going to be 14 of our existing public safety agencies,” Gower said. “As we go about not only moving them into this new facility, we also are going to be undertaking a significant modernization of some of the systems that public safety uses.”
Reese, who has been state CIO since November 2014, was named president of the National Association of State Chief Information Officers (NASCIO) executive committee in October. Among the state-level IT best practices and innovations that he may advocate for as president is cybersecurity, which Reese said is “extremely important” for his state.
Unification, Reese said, actually facilitated the improvement of state-level cybersecurity in Oklahoma as by definition, it reduced siloing by the individual agencies.
“Being that we were siloed, we were very much responsible for our security network technology within the individual agencies. It was very duplicative and it wasn’t secure,” Reese said. “Being able to create a single pane of glass through our consolidation really gave Mark and his team the visibility across the state that we’d never had before.”
Gower described the protection of Oklahomans and their data as “pretty paramount to everything that we do here,” and noted the state has offered security awareness and training that began piloting in 2014 and went live last year.
Currently, the CISO said, employees in about 60 percent of state agencies have been educated through the hourlong training, available online through a vendor over the course of a calendar year — and as a result, the state’s cybercommand has received more reports of potential cyberincidents.
“That’s the measure you want to go for. The net results for the state: citizens may not see it but I hope they can feel it,” Gower said, calling it “no coincidence” that security topped the list of “State CIO Top Ten Policy and Technology Priorities for 2018” for the fourth consecutive year.
“Having a trained workforce for Oklahoma is paramount,” he added.
Unification, Reese added, has also facilitated data-driven decision-making and data governance — both of which are important state-level best practices as well.
In June, Reese testified to the Senate Homeland Security and Governmental Affairs Committee. He called for greater collaboration and participation from federal agencies, and highlighted federal cybersecurity regulations that pose obstacles to state IT unification and risk-based cybersecurity investment.
Since ascending to lead NASCIO’s executive committee, Reese said the organization has formed a working group to hear from states about federal regulations they’d like to see harmonized.
That includes, the CIO said, “mapping those regulatory environments, finding out where they’re different, where they’re the same and coming up with what we consider the gold standard,” and opening a dialogue with the federal sector.
“We have such a short amount of time to make a positive impact in our citizens lives and I think this is an opportunity,” Reese said. “If we look at it as … a partnership we can truly make a difference on a national scale in what we do how we do it and how we invest in cybersecurity and get a return.”
The 2018 edition of NASCIO’s Top 10 CIO priorities included shared services and digital government, but not legacy modernization, which ranked fifth on the 2017 list. Singleton said that signals to him “more of a focus on how to accomplish things.”
“Shared services is a model. Agile is a model. To me, I think that signals a shift in mindset in state CIOs. We’re not spending the next year talking about it,” Singleton said.
But he and Reese have discussed using NASCIO’s reach and grasp to assist CIOs and their organizations nationwide.
“One of the things he keeps talking to me about is this playbook idea, where every state encounters the same types of challenges. The real power of NASCIO is the connections that it enables and facilitates across that space. And so, a playbook of IT unification would really be of great value to states,” Reese said.
“That is exactly what we have been talking about picking up,” he added.
Elsewhere in the tech landscape, officials recently launched Innovate Oklahoma, an opportunity for residents to submit challenges and agencies to make their needs known via the state’s innovation portal and for developers to offer solutions.
Participants have provided solutions to three challenges focused in health and human services and child welfare. These solutions are about to be available for leadership approval, Singleton said, describing officials as “really excited about where this is headed.” Simultaneously, officials have held discussions about technology with citizen groups around the state, and Innovate Oklahoma has been a central topic.