Connecticut CIO Mark Raymond on the Governor's Cybersecurity Initiative and Moving to the Cloud Without a Budget

Perhaps the best way to describe Connecticut’s Bureau of Enterprise Systems and Technology under the leadership of CIO Mark Raymond is measured and deliberate. Raymond has served in the state’s lead tech spot since 2011, adding a stint as NASCIO president to his resume as well. Raymond shared his perspective on Gov. Dannel Malloy’s recently announced cybersecurity initiative, how the state is adapting its IT procurement strategy and what the near-term looks like in a state struggling to cement a budget.

1. Gov. Dannel Malloy announced a sizable cybersecurity initiative in July. What will it mean for the state?

The strategy called for seven principles that we believe are required for the state to improve its cybersecurity posture, and then outlined the need for an action plan. Specific things that we are working on: The first is agency cybersecurity risk assessments and scorecards to share with agency heads and the governor’s office.

We have an identity management strategy underway to synchronize how we deal with citizen identities and digital identities. Part of the philosophy is that we need to improve identity proofing and security and get rid of user IDs and passwords and add greater degrees of authentication, whether that is multifactor authentication or other methods. Making sure we have a clean view of the citizens and what their multiple touchpoints or interactions are will enable us to improve identity proofing related to government services.

2. How is the state innovating around procurement, a traditional pain point for government?

Our purchases are actually pretty efficient. In the Department of Children and Families, we’ve moved to replacing our child welfare system and we’re doing it in an agile fashion. We changed how we procure to enable a multi-vendor, iterative delivery process. We just selected the final set of vendors and are selecting the individual contracts that will allow us a mini-pool of folks all capable of implementing different sprints for our child welfare system.

3. Which initiatives are top of mind for you today?

In the Department of Social Services, we have an integrated eligibility system. They have six go-live dates by offices. Five of them are done and the system is running great. The sixth office will come on board in September, so we will be wrapped up with that implementation, which is close to a million citizens and all of the health and human services benefits.

In the Criminal Justice Information System, we have a far-reaching and innovative program to collect and improve the workflow and data-searching capabilities across our entire criminal justice community, from local police officers to the courts to the state police and prisons and parole, making information more available to people at the time that they need it. The first of three releases of that application are live, and the remaining releases will be wrapping up by February 2018.

4. Where does Connecticut stand on its cloud migration journey?

We have our first agency moving to Microsoft cloud … so we are still early on that, but a year from now we should have a substantial amount of work done.

We’re pursuing [the cloud] where it makes sense. What we’ve found is that because we’ve been very efficient and frugal on how we spend on technology, for some of the things we do it would actually be more expensive to move to the cloud. Given that we don’t have a budget yet — we’re operating under the emergency powers of the governor — we’re in no position to spend any more on anything. We look at cloud, software-as-a-service and productivity tools, but where it remains more cost-effective for us to run it internally, we do so. We don’t have a cloud-first strategy; we are looking to find the absolute right solution for each one of the problems that we have.