North Dakota CIO Shawn Riley has about six months under his belt in this career turn toward government. Before coming to the state, Riley spent 13 years in IT leadership positions at the Mayo Clinic, where his responsibilities included oversight of the organization’s security operations. With the support of Gov. Doug Burgum, Riley is making strides on plans to help state IT run as efficiently and securely as possible, including a unification plan that builds on past consolidation efforts, which will bring the state IT workforce from 400 to 700 by the end of next year. Also on his to-do list in the near term is a comprehensive citizen engagement strategy that effectively serves today’s mobile-enabled citizenry.
1. What are the biggest differences between health care and state government?
There’s very little difference between health care and government. Physicians and the Legislature feel very similar in the way that they’re able to change policy and change how the organization roams and moves. There are also a lot of similarities in that in government you have those stand-alone agencies out there all trying to serve their customer base, and in the health-care world, it’s ophthalmology or nephrology, or pick your -ology. The biggest difference that I’ve seen is the way in which the finances work. But as you would imagine, health care is also very regulated, so their money model is coupled with many governmental aspects. They are both very complex, but it feels similar: a lot of people trying to do the right thing for the public, whether you call them citizens on the government side or patients on the health-care side.
2. Where is the state now in terms of its cybersecurity position?
We have started a Zero Trust model in our data centers. We’ve been able to consolidate the state down to two main data centers (one primary and one redundant), so we have a very consolidated infrastructure compared to most other states. We’ve implemented Zero Trust, and to me, that is a best-in-class security model. We are well down that road. We also have a very significant focus on the client side, on the desktop-user type of environment in managing those systems, making sure that we have a comprehensive, across-the-state view of assets and asset management, and then what we can manage from a security perspective at a software level.
3. What are your plans for a Unified Data Management Platform? Why was it needed?
We’re putting together a way to restructure data to enable our agencies to communicate in vastly simplified ways and ways where we can do big data analysis in vastly easier and less expensive ways than we’ve ever been able to before. At the same time, we want to keep the classification in between the systems — whether it’s protected health information, payment card information or Criminal Justice Information Services data, etc. — making sure we can keep that classification separate and still be able to do data research and mining and build applications across this large state entity. We want to position ourselves at a strategy level to do the [analytics] projects we don’t even know exist yet. We want to be able to manage our data in a way that positions us to take on the next issue, whatever that may be, and vastly improve our time and response rates to the citizen using that technology as the baseline.
4. How does the cloud play into your overall IT strategy?
We are moving to a cloud-first and a mobile-first strategy. It’s not cloud-only and it’s not mobile-only, but it is cloud-first. We’re taking an “If not, why not?” approach to our new development and our new projects to ensure that we look at cloud as the initial capability and only go to on-prem if it’s an absolute necessity.