Business Models, Sourcing & CIOs as Brokers
The state IT and business landscape continues to change, reflecting both emerging approaches to delivering IT products and services, and also the faster paced, more complex environment faced by state CIOs. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the emerging role of the CIO as a broker of shared services, and on the use of incremental software development approaches to accelerate the delivery of value to customers. These topics share a common theme – customer expectations continue to rise, and state CIOs must be agile enough to adapt to changing circumstances and to rapidly deliver business value. We also asked CIOs about the characteristics they felt were most valuable for a state CIO, and which dimensions of the role were most critical for success.
State CIOs continue to preside over an increasingly diverse set of service delivery models and sourcing options. Since 2010 we have asked CIOs to tell us what business models they are using to deliver IT services. Over that time period there has been a steady progression towards data center consolidation and increased use of outsourcing, particularly for IT applications and services.
We asked CIOs about their business model and sourcing plans for the future. As their responses showed, the dominant future business model for the state CIO organization will be a shared services organization leveraging managed services and application outsourcing to deliver a significant proportion of the service portfolio. We also asked CIOs to what extent they saw their state CIO organization migrating from a direct provider of services to a ‘broker’ of services. Every respondent stated that they expected in the future to be functioning as a broker of services for at least some of their services. This is clearly the state CIO business model of the future – the differences will be in the mix of services provided and in the proportion of assets that are owned and operated by the state.
Not surprisingly, a significant majority of CIOs believed that this transition will have an impact on the funding of the state CIO organization. Almost one third of CIOs feel that the overall revenue to the CIO organization will decrease as a result of the change. When asked for advice for CIO organizations transitioning into a broker role, the same two recommendations occurred again and again: consolidate first; and exit strategies must be written in contracts up front.
Agile and Incremental Software Delivery
State IT projects continue to receive significant exposure and attention, both from state legislators and from the media. There continues to be a general perception that states are struggling to implement technology solutions. This perception – whether warranted or not – ramps up the pressure on state CIOs to improve the management of technology projects and to clearly demonstrate the value that their organizations are providing to business customers. Over the last several years there has been a pronounced movement in the private sector away from extended, traditional waterfall lifecycle projects and towards the rapid delivery of software in an incremental fashion, often using agile software development techniques. This transition is also beginning to happen in the public sector, but at a slower pace.
We asked CIOs how they would characterize the use of agile approaches within their state. Almost all states have some degree of agile development ongoing. However, for most states the use is limited to certain projects and not subject to any centralized oversight or guidelines. There are a few states who have pioneered a statewide approach to agile and who have invested in state-level training and project management office programs. The majority of states are not yet in a position to decide whether these approaches will be more or less successful than traditional approaches. Almost three quarters of CIOs anticipate increased use of agile software delivery approaches in the next couple of years. It appears that agile is definitely moving into the mainstream in state government.
Critical Success Factors for the CIO
The state CIO position operates in a challenging environment of strategy, operations, service delivery and policy. New service demands, technology platforms, sourcing models and development approaches add excitement to each day. We asked state CIOs to rank the three most important leadership traits to the critical success of a state CIO. By a wide margin, ‘Communicator’ was viewed as the most important, with ‘Strategist’ and ‘Relationship Manager’ the second and third most important.
With a multi-dimensional role, state CIOs have many touch points within state government and externally. Relationships with key state executives are paramount to the success of the CIO organization, especially if a lack of clarity exists regarding the authority of the CIO. When asked to rate the importance of each relationship, the relationship between the state CIO organization and the cabinet secretary/director ranked the highest. This relationship was followed closely by the Governor/Chief of Staff and then state Budget Director.
We also asked the CIOs what they viewed as the most critical dimension of their role. ‘Enterprise vision and strategy’ was the clear number one choice. The second and third choices were ‘Security and risk management’ – an area of concern for all CIOs at the moment – and ‘Align IT for value creation,’ which echoes results earlier in the survey that highlighted the importance of the CIO in driving value to the business.
Business Models, Sourcing & CIOs as Brokers
State CIOs continue to preside over increased diversity in service delivery models and sourcing options. Since 2010 we have asked CIOs to tell us what business models they are using to deliver IT services. As the table below shows, over that time period there has been a steady progression towards consolidation, optimization and increased use of outsourcing, particularly for IT applications and services. While approximately one-third of states continue to own and operate all IT assets and operations, over half of states now outsource at least some IT infrastructure operations and use a managed services model for some or all IT operations. Four out of five states also outsource at least some IT applications and services, a significant increase from the 42% reported in 2010. The use of a shared services model for provision of IT services has now become the norm with over 80% of states using that model, up from just 66% in 2010.
What business models and sourcing strategies does your state CIO organization currently use?
2010 | 2013 | 2014 | 2015 | |
---|---|---|---|---|
Owns and operates all state IT assets and operations | 32% | 30% | 37% | 30% |
Owns and operates multiple data centers | 58% | 65% | 58% | 53% |
Owns and operates a consolidated data center | 55% | 57% | 65% | 64% |
Outsources some of its IT infrastructure operations | 58% | 51% | 46% | 58% |
Outsources some of its IT applications and services | 42% | 69% | 81% | 79% |
Uses a managed services model for some or all IT operations | 50% | 65% | 60% | 55% |
Uses an IT shared services model for some or all IT operations | 66% | 73% | 70% | 83% |
We asked CIOs about their business model and sourcing plans for the future. As the table below shows, the direction is clear – a continued reduction in state-owned and operated data centers, no increase in state staff and a continued increase in outsourcing, including an expanding use of IT shared services and managed services. If CIOs follow through on the plans represented by the data, the dominant future business model for the state CIO organization will be a shared services organization leveraging managed services and application outsourcing to deliver a significant proportion of the service portfolio. It is notable that while no respondents planned a generalized pullback from outsourcing, almost one in five CIOs expected that certain specific operations that are currently outsourced would be brought back in-house. This may reflect lessons learned from a first generation of outsourcing contracts and a better appreciation of what types of services are a better fit for outsourcing.
How does your state CIO organization plan to deliver or obtain IT services over the next three years?
Expand existing IT shared services model | 62% |
Outsource business applications through a SaaS model | 55% |
Expand existing managed services model | 53% |
Downsize state-owned-and-operated data center(s) | 49% |
Expand outsourcing | 43% |
Introduce a managed services model | 26% |
In-source some operations that currently are outsourced | 17% |
Introduce outsourcing as a new service model | 15% |
Maintain the status quo | 13% |
Introduce an IT shared services model | 6% |
Build new data centers | 2% |
Downsize or scale back existing managed services model | 2% |
Increase state IT staff | 2% |
Downsize or scale back outsourced operations | 0% |
Downsize or scale back existing IT shared services model | 0% |
With the increased length of experience in using shared services models, we asked CIOs if these models are providing the expected cost savings. Two thirds of respondents felt that savings were greater than or equal to expectations. Only six percent of CIOs thought that cost savings were less than expected.
Many states however are not measuring savings in an organized fashion – the issue is often that baseline measures were not there prior to beginning use of shared services, so it is difficult to assess the nature of savings. Other respondents stated that while the shared services model has certainly provided value, the value was more in terms of cost avoidance rather than actual savings.
To focus more specifically on plans for the use of managed services models, we asked CIOs whether they planned to move their organization towards a managed services model.
Respondents had a clear expectation that most states already have or will be implementing some form of managed services model. The use of managed services will soon be a normal element of the state CIO tool kit.
We then asked CIOs in what specific areas they were considering use of managed services within the next year. Infrastructure, platform and application services will all be widespread, but application services are the area with the greatest anticipated use. Almost all respondents anticipated at least some use of managed services to deliver Software-as-a-Service (SaaS).
What areas are you contemplating to source for manged services in the next year?
In leveraging managed services, CIOs have a continuum of business models that they can employ. At one end of the continuum they could continue to provide most services to customers using state-owned and operated assets, and just use managed services for specific point solutions (for example, a specific SaaS application). At the other extreme, the CIO organization could transition completely to a ‘broker’ model, where the CIO sources a mix of services from multiple different providers and then coordinates the provision of these services to customers. In this model it is possible that the CIO organization would not actually own any of the technology infrastructure or assets.
We asked CIOs to what extent they saw their state CIO organization migrating from a direct provider of services to a ‘broker’ of services.
We want to move the capital demand to private sector partners, and let them keep up with changing technology.
As the figure shows, every respondent stated that they expected in the future to be functioning as a broker of services for at least some of their services. No respondent stated that they were not going to adopt a broker model in any way. This is clearly the state CIO business model of the future – the differences will be in the mix of services provided and in the proportion of assets that are owned and operated by the state.
The transition to a broker model does not come easily however, particularly given that half of state CIO organizations are funded 100% through a chargeback model, and four-fifths of the rest have chargeback as at least a component of their funding model.
In general, when states utilize a managed service provider (such as a SaaS provider), usage fees will go directly to that managed service provider. While the CIO organization may charge an administrative or contract management fee, the revenue that may previously have been coming into the CIO organization will now go to the managed service provider. We asked what impact CIOs believed increased use of managed services would have on the funding of the state CIO organization.
What impact do you believe increased use of managed services will have on funding your state CIO organization?
Not surprisingly, a significant majority of CIOs believed that this transition will have an impact on the funding of the state CIO organization. Most states expect to add management fees to their rate structure to recoup the administrative cost of overseeing managed service providers. Despite this, almost one-third of CIOs feel that the overall revenue to the CIO organization will decrease as a result of the change. To address these revenue challenges, some CIOs saw a potential need to increase other fees to cover fixed asset (e.g. data centers) costs that would be spread across fewer users. They also saw the potential for pressure to reduce the fixed asset footprint to match the adjusted level of revenue that would be coming into the organization. The following comments reflect some of the ways CIOs saw themselves adapting to the new managed services funding landscape:
• “We have to charge a fee for brokering service, but are making the business case to departments that we can help them reduce the risk of cloud contracting issues, etc.”
• “Ideally, decreases in revenue due to funds going directly to a provider will be offset by reduced costs.”
• “The transition will be a challenge as the last agencies to move to the new model will have to pay higher ratios, to support existing services.”
• “Federal funding is a big issue – need to set up structure so that Federal funds can be used to buy services, not just assets. The Feds have been OK as long as this approach has been included in Advanced Planning Documents.”
CIOs are also looking to change the type of services they provide to customers so that their value to the business becomes more clearly apparent. As some CIOs observed:
• “We are looking at creating new services that will provide added value to the enterprise, such as integration services for data, identity management, and others.”
• “You need good cost accounting to understand the true cost of providing services. Customers don’t see the hidden costs of brokering services since their cost accounting doesn’t show costs of floor space, security etc.”
CIOs were clearly aware of the impact of this shift on their people, and on the way that the CIO organization will be structured:
• “We want to move out of the infrastructure business – the complexity requires technical skill sets that outpace public sector salaries. We want to move the capital demand to private sector partners, and let them keep up with changing technology.”
• “A broker model means a lot more people contact required for our staff. Business Relationship Management skills are important – we can’t just be order takers. We must understand our customers’ business and be advisors to them.”
• “We are moving from a detailed IT service catalog to a more business-oriented service catalog (e.g. employee on-boarding, application hosting). This means changing the technology organization to reflect the services offered (e.g. an on-boarding team vs. a server team)”
When asked for advice for CIO organizations transitioning into a broker role, the same two recommendations occurred again and again: i) consolidate first; and ii) exit strategies must be written in contracts up front.
Agile and Incremental Software Delivery
State IT projects continue to receive significant exposure and attention, both from state legislators and from the media. There continues to be a general perception that states are struggling to implement technology solutions. This perception – whether warranted or not – ramps up the pressure on state CIOs to improve the management of technology projects and to clearly demonstrate the value that their organizations are providing to business customers.
Over the last several years there has been a pronounced movement in the private sector away from extended, traditional waterfall lifecycle projects and towards the rapid delivery of software in an incremental fashion, often using agile software development techniques. This transition is also beginning to happen in the public sector, but at a slower pace. As one illustration, the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in late 2014 and contains provisions for federal government agencies with respect to an incremental approach. The recent policy guidance issued by the Office of Management and Budget defines this requirement as “development of software or services, planned and actual delivery of new or modified technical functionality to users that occurs at least every six months.”
A key focus of incremental development approaches is the rapid delivery of working software into the hands of business users, and then continuously adapting to change as more is discovered about the nature and scope of the business problem. Many of the inherent characteristics of incremental software development do not align well with traditional public sector funding and management practices, particularly where procurement and contracting with implementation vendors is required.
We wanted to understand the current state of agile/incremental software development within state governments, and wanted to hear the thoughts of state CIOs on the appropriate use of agile/incremental approaches. Although there are many incremental software development approaches available, agile is by far the most commonly used approach, and we used the term ‘agile’ to refer to incremental approaches in general throughout the survey.
We began by asking CIOs whether their state defined standards or guidelines for agile software development and project management. Almost half of the states already have some kind of standard or guideline for agile software delivery, and another third are developing one.
We then asked CIOs how they would characterize the use of agile approaches within their state. As the table below shows, almost all states have some degree of agile development ongoing. However, for most states the use is limited to certain projects and not subject to any centralized oversight or guidelines. There are a few states who have pioneered a state-wide approach to agile and who have invested in state-level training and project management office programs.
Given that use of agile approaches is beginning to be fairly widespread across the states, we wanted to understand how successful these approaches have been considered to-date, especially in comparison to traditional waterfall approaches.
Pick the right kind of project. Start small, choosing one project rather than trying to do a wider approach.
Consistent with the limited/trial adoption of agile in most states, the majority of states are not yet in a position to decide whether these approaches will be more or less successful than traditional approaches. One fifth of states though – generally those who have invested in more structured agile programs – state that agile approaches have been superior to the traditional waterfall approach. CIOs who had experience using agile approaches in their states provided the following advice and commentary on the adoption of agile:
• “It really depends on the project on whether agile or waterfall is the more successful methodology. You need to select the right methodology for the right project.”
• “The key we have found is the level of business involvement makes all the difference. Where the business commits to participate, agile is far superior. If the business wants it to be “all IT” then it fails.”
• “In some cases, agile/incremental approaches have been very successful. It is entirely dependent upon the program/project manager’s level of maturity and ability to coherently work with oversight and procurement. It is critical that program/project managers have a proficiency in agile/incremental, not only from an operational perspective, but also from a sourcing and vendor management perspective. Some folks talk a good game, but really have only learned the buzz words and end up essentially trying to hybridize agile/incremental and waterfall. Additionally, our boiler-plate deliverables-based contract paradigm will need adjustment, which we are using pilot engagements to help steer.”
• “Business owners need a change of perspective: if they are thinking that a project has to last longer than two years, then they are probably thinking about the business problem the wrong way.”
• “Let success prove itself – you can’t convince people on the theory.”
To further investigate the factors that drive successful adoption of agile approaches, we asked CIOs their views on the top three critical success factors for the adoption of agile on projects. By far, the most common factors cited were picking the right types of projects on which to employ agile, effective training of staff, and the use of agile-specific project management methods and tools. A significant number of respondents also mentioned the use of experienced agile coaches as a key to success.
Where you have employed agile or incremental software development approaches on projects, what were the top three critical success factors?
We then asked CIOs, given their experience to-date, how they saw the use of agile approaches changing in the next 12-24 months? Almost three quarters of CIOs anticipate increased use of agile software delivery approaches in the next couple of years. It appears that agile is definitely moving into the mainstream in state government.
As CIOs considered the increased adoption of agile, they also offered some specific thoughts on the circumstances where agile methods may or may not be an appropriate choice:
• “The hardest problem in state IT is getting your authorizing environment to fund projects. Taking an incremental approach where you can deliver tangible value at each step is the most effective way of selling the projects you want to create.”
• “We no longer believe that the 2+ year project fits within the state application context. Too much changes over that period of time (business needs, elections, legislative sessions, federal government) and state government has not been great at the IT planning and anticipation process. The move to more rapid projects and development approaches are to lock in the benefits quickly and not wait for large projects where the benefits are delayed.”
• “The current method of planning the whole project takes too long on the big projects and the users continually change their requirements due to their evolving business. We need to deploy smaller pieces of functionality in a shorter period of time.”
IT procurement is always a subject of interest to state CIOs, and the intersection of agile with state procurement processes creates a number of interesting challenges. We asked CIOs how well they saw their state’s procurement and contracting policies matching the needs of agile software development approaches.
Only one quarter of CIOs believe that their state’s procurement and contracting processes fully support agile and incremental software development approaches. Some specific comments from CIOs on this topic included:
• “Arguably one of the biggest problems we have. More of an issue of expectation setting with the authorizing environment than contracting.”
• “The main disconnect is that agile is focused on fixing time (sprints) and letting the scope vary (project velocity), while procurement is historically more interested in fixing scope (project milestones) and letting the time be determined later.”
Although agile-specific project management methods and tools are considered very important by CIOs, relatively few states are putting in place agile-specific procurement or contracting methods. Two-fifths of states are making no changes, with about one fifth of states creating specific contract vehicles and contract types. Only about one-in-ten states are adopting more incremental approaches to requirements management or are changing oversight approaches to address the different circumstances of agile projects.
Is your state taking steps to modify procurement and contracting policies and processes to better support agile and incremental software approaches?
No changes | 40.5% |
Agile/incremental-specific contract vehicles or Terms and Conditions | 21.4% |
Payment for results/working software rather than payment for progress/deliverables | 26.2% |
Training procurement officials on incremental approaches | 16.7% |
Changes to contract change management processes | 16.7% |
Changes to state reporting and oversight approaches | 11.9% |
Progressive elaboration of scope/requirements after contract award | 11.9% |
Bake-offs/pilots during procurement to choose among implementation vendors | 9.5% |
Changes to schedule management requirements | 9.5% |
Financial incentives for early completion | 4.8% |
Finally, we asked CIOs what advice they would have for other state CIOs who are looking to explore increased adoption of agile or incremental software development approaches. The most common advice CIOs provided included:
• “Agile projects have a very hard time determining when they are ‘done.’ Rework is a real problem. If you don’t like rework, don’t do agile.”
• “Educate business customers on the value of agile development vs. waterfall. Ensure your customers (agencies) are truly ready for the sprint style approach, and fully understand the increased involvement/ commitment needed by agency resources as compared to traditional methodologies. Finding a champion who is capable of putting the ‘state government’ harness around an agile project is critical.”
• “Secure agreement from the business side early in the project effort and demonstrate success through a pilot initiative. The quickness of seeing a solution that is available to the business really demonstrates the value of agile and incremental approaches. With the challenges of state procurement and funding cycles, it truly helps to have full products available throughout the lifecycle of the project. Also, leveraging existing agency/business partners to advocate for the efficacy of agile to other business users really makes a huge impact. They become champions and coaches for the use of newer processes that more quickly meet business outcomes.”
• “Get a coach! Don’t try to do Scrum without a coach.”
• “Persevere. There will be doubters that do not understand why this is a change. Invest heavily in cultural change management for the unenlightened. Also invest in release planning and software change management. More frequent development means more constant release schedules.”
• And finally: “Take a look in the rearview mirror and see how well your waterfall methods appear to be doing.”
Procurement
Moving to a topic that we have tracked regularly over the five years of the CIO Survey, we polled CIOs on the state of technology procurement. In past years, procurement has been a top area of concern for CIOs, who have often questioned the ability of their state’s procurement entities and processes to effectively procure and contract for complex IT solutions and services under procurement laws designed in bygone eras. Additionally, CIOs consider lengthy procurement cycles problematic as technology innovations make timely purchasing imperative. The shift to a services-centric acquisition approach for IT has added to the disruption.
The 2015 survey responses indicate a clear split in opinion over procurement. Roughly one-half of CIOs (47%) exhibit negative outlooks on IT procurement processes. On the flip side, the same number of CIOs are very or moderately satisfied with the current system of IT procurement in their state.
Those who find procurement wanting note that archaic laws and regulations hamper acquisition processes, and several report that new and evolving computing models – including cloud and agile – are not well supported. Some samples from CIO comments:
• “The current system purchases IT the same way it purchases cars, copiers, etc. This is problematic for IT purchases particularly as we move to Agile.”
• “State procurement does not handle the rapidly changing environment of IT effectively. We see this often during large system replacements requiring longer than nine months to implement. While it is possible to maneuver within the guidelines, it takes consistent focus and intention. We are working with our state legislature to analyze overall procurement rules and processes to build awareness and to improve these efforts."
The people are very good. The rules and statutes are relics of an age long before Moore’s Law - and so is the budgeting process.
Critical Success Factors for CIOs
The state CIO position operates in a challenging environment of strategy, operations, service delivery and policy. Regardless of the state’s organizational and governance model, state CIOs have broad responsibilities for information technology within the executive branch and with agency customers. A core responsibility common to almost all is support of the technology infrastructure and initiatives directly related to security and infrastructure consolidation. While CIOs invest time and resources supporting these core elements, the landscape is shifting, presenting more opportunities and risks. New service demands, technology platforms, sourcing models and development approaches add excitement to each day. Like many other state leaders, the CIO must wear multiple hats and expect surprises. To be successful in this environment requires important leadership traits or attributes. What are these critical attributes? What skills and disciplines do state CIOs consider the most important? From a list of options, we asked state CIOs to rank the three most important leadership traits to the critical success of a state CIO.
In your experience, what are the three most important leadership traits or attributes to the critical success of a state CIO?
Score | Overall rank | |
---|---|---|
Communicator | 73 | 1 |
Strategist | 58 | 2 |
Relationship manager | 56 | 3 |
Change manager | 27 | 4 |
Motivator | 26 | 5 |
Negotiator | 10 | 6 |
Facilitator | 7 | 7 |
Diplomat | 6 | 8 |
Technologist | 4 | 9 |
Educator | 3 | 10 |
It’s evident the respondents are focused on communications skills and relationships as being the most critical to their position. Key attributes of a successful state CIO are the ability to outline their vision, build consensus, engage stakeholders, partner with vendors, promote innovation and drive change. Effectively communicating the strategic vision, enterprise policy imperative, security risks or business case investment is crucial in a setting of constant change, growing demands and fixed resources. These issues are only “heard” when communication is effective.
Being viewed as a strategist and establishing relationships are ranked highly because it’s vital to the evolving role of the state CIO. No longer just focused on infrastructure operations, the enterprise leader of the IT business is emerging as a leader who creates value for the enterprise. In addition, being a change manager, motivator, negotiator and facilitator are all attributes that resonate with state CIOs on any given day.
Technologist is not viewed as a highly important trait, but clearly necessary. Given the CIO role, this may seem surprising to some, however cultivating the “soft side” of leadership is perceived as more important to their success. In a state government organization with many non-technical stakeholders, state CIO communication often involves a “translator” role from the standpoint of technology capabilities in meeting business demands.
With a multi-dimensional role, state CIOs have many touch points within state government and externally. Relationships with key state executives are paramount to the success of the CIO organization, especially if a lack of clarity exists regarding the authority of the CIO. When asked to rate the importance of each relationship, the ratings were tightly clustered among four key officials, with the relationship between the state CIO organization and the cabinet secretary/director ranked the highest. From an organizational and reporting perspective, this result should be expected. Just more than half of the state CIOs report to a cabinet secretary or department director and not the Governor. This relationship was followed closely by the Governor/Chief of Staff and then state Budget Director. These results are generally consistent with previous NASCIO research and surveys, however CIOs often highlight the importance of a strong relationship with the budget director to gain support for initiatives and influence enterprise IT investments.
Even with the diverse organizational and operating models across the states, it must be noted that relationships with agency executives, agency CIOs and agency customers are all ranked in the top tier of importance. CIOs recognize alignment with the business side is often challenging and fostering these relationships is important to their success. This will become more important as CIO organizations move gradually to a broker role in IT service and solutions delivery. In similar fashion, CIO organizations are generally responsible (or required by law) to articulate the strategic IT direction, create governance and issue IT policies. The relationships with agency CIOs is critical with these endeavors because stakeholder input and ultimately enterprise buy-in is essential to success.
Considering your authority and responsibilities as state CIO, what are the most critical factors/dimensions you focus on to advance your agenda and drive results?
Score | Overall rank | |
---|---|---|
Enterprise vision and strategy | 141 | 1 |
Security and Risk Management | 89 | 2 |
Align IT for value creation | 71 | 3 |
Agency customer service and relationship management | 63 | 4 |
Innovation and transformation | 49 | 5 |
Efficiency and cost savings | 38 | 6 |
Budgeting and fiscal management | 36 | 7 |
Human Capital/IT Workforce development | 33 | 8 |
Enterprise IT Governance | 30 | 9 |
Enterprise IT policy and planning | 25 | 10 |
In a formal sense, the authority and responsibilities of the state CIO position is often contained in statutory language with broad intent. In practice, executing on these responsibilities to meet the needs of state government, drive results and produce outcomes highlights a long list of critical success factors for state CIOs. In fact, some CIOs might contend that many of these factors are equally critical and close in priority. Some are intertwined and interrelated and so it may be difficult to limit to discrete choices.
However, when asked to consider the important critical factors and rank the top five, several rise to the top of the weighted calculation, with enterprise vision and strategy a solid number one. The top ten selections are presented in the table above.
Security and risk management ranked second is an accurate reflection of the current cybersecurity posture in the public sector. State governments are at risk and the state CIO is the designated lead for all things cyber.
Managing Data As A Strategic Asset
In 2015, we return to Enterprise Data Management, a topic first polled in a comprehensive manner in the 2014 CIO Survey. State agencies and CIOs are wrestling with a host of challenges around data governance, legacy data, data access and sharing, and major new flows of data from new sources. The survey included a short section with questions seeking to capture progress on data management practice and technology maturity, breadth/scope, and in advancing the role of the CIO.
Again, the findings indicated that states are mostly in the earlier stages of a truly “enterprise-wide” approach to data management. Less than 5% stated that they possessed formal data management policy and practices.
How would you characterize your data management function in-terms of importance and maturity?
Enterprise data management programs present a fragmented picture, as states’ programs and practices range from comprehensive and fairly mature to narrowly-focused and immature. The majority of states remain in the planning or start-up phases of their enterprise data approaches – and very few (2%) are enterprise-wide programs.
What best describes the scope and breadth of your state's enterprise data management program?
CIOs see a wide array of possible roles and responsibilities for their organizations in the management of enterprise data. The two most popular responses aligned with the 2014 CIO survey – taking the lead in advocating for data as a strategic asset (59%) and on the need to develop an enterprise data strategy (48%). Notably, the majority of CIOs see a current role as the lead and advocate for strategic data use but only 42% recommend that the CIO occupy this role going forward.
What is the current and recommended role of the state CIO organization in enterprise data management?
Current | Recommended | |
---|---|---|
Take the lead and advocate for data as a strategic asset | 59% | 41% |
Develop an enterprise data strategy | 48% | 52% |
Create a formally documented data architecture | 36% | 64% |
Convene the stakeholders for data governance decisions | 38% | 65% |
Create a chief data officer role under the CIO | 35% | 65% |
Host a data stewards network | 27% | 73% |
Issue data governance policies | 51% | 49% |
Invest in technologies and tools | 68% | 32% |
Mobility
Mobile devices and applications have continued to be a high priority for a majority of CIOs. In the 2013 and 2014 surveys, we covered mobility in deep detail, finding that mobile initiatives were moving higher in importance and visibility – resulting in better agency coordination and collaboration – across state governments.
In our 2015 survey, we’ve again asked CIOs to report on the status of mobile devices and applications projects. A combined 50% of respondents report that such projects are in either the essential or high priority category. Those levels reflect a slight drop from the 60% total tallied by the “essential” and “high priority” categories in 2014.
Regarding technology approaches to increasing mobility investments, state CIOs are taking a hybrid approach – with the clear majority using a mixture of native mobile applications and responsive web design.
Our state has a very high percentage of citizens who access services from mobile devices. It must be a priority for us in
order to serve them.
Cloud Services
As we did in 2013 and 2014, we asked CIOs about their state’s level of investment in cloud services. CIOs gave a very strong level of response indicating that states have gone beyond the early adoption phase and are turning to consideration of further business processes and applications to move to the cloud.
In the 2012 and 2014 surveys, we asked CIOs for an update on which types of services they were moving into the cloud. E-mail and collaboration, storage, and office productivity software were the areas of greatest activity in the states in both those years. By contrast, application software such as Enterprise Resource Planning, Customer Relationship Management and program/ business applications had less adoption in the cloud.
In the 2015 survey, we again asked the CIOs about their progress toward migrating various types of data, applications and services to the cloud. The table below indicates that email/collaboration and office productivity software continue at the most advanced stages of implementation, with almost all states planning some type of cloud service migration. A large number of states also continue to plan or have implemented storage, disaster recovery and geographic information systems services in the cloud. Hosting of application software in the cloud is still relatively rare, but more states are now exploring this, and it appears that almost two thirds of states have some kind of cloud-based application software initiative underway or planned. Another area of increased activity is cloud-based security services and monitoring. Three-quarters of states are investigating this technology.
What categories of service have you migrated or plan to migrate to the cloud?
Done | Ongoing | Planned | Total | |
---|---|---|---|---|
Storage | 3% | 26% | 50% | 79% |
Disaster recovery | 3% | 22% | 58% | 83% |
Imaging | 0% | 17% | 20% | 37% |
Citizen relationship management | 8% | 24% | 24% | 56% |
Digital archives | 6% | 11% | 37% | 54% |
Electronic records | 0% | 19% | 45% | 64% |
Geographic Information Systems | 9% | 49% | 14% | 72% |
Office productivity software (e.g. word processing) | 18% | 32% | 47% | 97% |
E-mail and collaboration | 22% | 42% | 29% | 95% |
Enterprise Resource Planning (e.g., finance, budget, procurement) | 3% | 31% | 29% | 63% |
HR/payroll/time and attendance | 0% | 25% | 34% | 59% |
Program/business applications (e.g. licensing, unemployment insurance, Workers Compensation etc.) | 0% | 36% | 27% | 63% |
Security services/monitoring | 11% | 28% | 36% | 75% |
Open data | 15% | 24% | 32% | 61% |
In responding to a new question we posed for 2015, CIOs reported on their usage of the primary models of cloud services delivery – private, public, community and hybrid. While Private cloud (hosted by state government) is the most used model across the states, no single model constitutes a majority.
Additionally, practices across states vary significantly. While one-third of respondents stated that 75 percent or more of their applications were hosted in a Private cloud, 20 percent of states host 75 percent or more of their applications in a Hybrid cloud. There were also several states that host 75 percent or more of their applications in either a Public or Community cloud. The main message of these results is that there is no single approach that works for all states, and that the distribution of different cloud models will vary according to the needs of each individual state.
Cybersecurity
We asked CIOs about their cybersecurity program and compared their responses to those they provided in recent surveys of 2014 and 2012. As the figure below shows, the overall status of each activity continues to edge up in 2015. We added a new question on adding cyber insurance as part of their cyber plans and 20% of respondents reported purchasing such a policy.
Characterize the current status of the current cybersecurity program and environment in state government.
2015 | 2014 | 2013 | |
---|---|---|---|
Adopted a cybersecurity framework based on national standards and guidelines | 80% | 80% | 78% |
Acquired and implemented continuous vulnerability monitoring capabilities | 80% | 78% | 78% |
Developed security awareness training for workers and contractors | 87% | 80% | 78% |
Established trusted partnerships for information sharing and response | 80% | 69% | 75% |
Created a culture of information security in your state government | 74% | 75% | 73% |
Adopted a cybersecurity strategic plan | 74% | 61% | 61% |
Documented the effectiveness of your cybersecurity program with metrics and testing | 52% | 45% | 47% |
Developed a cybersecurity disruption response plan | 52% | 51% | 45% |
Obtained cyber insurance | 20% | n/a | n/a |
We again asked CIOs to update us on the most significant barriers they faced in addressing cybersecurity. The top four barriers are as follows and are consistent with responses to the 2013 and 2014 surveys:
• Increasing sophistication of threats
• Lack of adequate funding
• Emerging technologies
• Inadequate availability of security professionals
CIOs commented that cybersecurity remains a hot and visible issue – but investment in security technologies lags behind the political and media attention paid to the issue.
What major barriers does your state face in addressing cybersecurity?
Public Sector Broadband
We asked CIOs to characterize the role of the Office of the CIO in the deployment of broadband networks in their states. The question was framed to include all public sector broadband and the approaches being used in the state.
The top two responses reveal that state CIOs are still most active in promoting public-private partnerships to deliver broadband services (69%) and in planning and sourcing public sector networks (78%).
What role(s) does the office of CIO play in the deployment of broadband in the state?
Disaster Recovery and Business Continuity
Disaster recovery and business continuity continue to grow into a key service offered by the offices of the state CIOs. We surveyed the CIOs to assess approaches they’re using, the role of the CIO, and components of the response plan.
In their approaches to rolling out disaster recovery and business continuity, states are most commonly using a federated approach – with responsibilities shared between the CIO and agencies. An enterprise approach led by the CIO’s office is the second most common approach (24%).
The CIOs were queried about their role in helping the state respond and recover from a manmade disaster and response data is captured in the figure below. Key responsibilities include coordinating the response to a disaster and maintaining critical infrastructure and communications in the state.
Regarding formal planning for disaster responses, CIOs are well along in developing crisis plans: 44% have plans in place and 33% have plans in progress.
What is the state CIO's role in helping the state repsond and recover from a natural or manmade disaster?
Internet of Things
The Internet of Things (IoT) has attracted a great deal of public and media attention and is generating discussion in the state and local government technology space. It’s clear the policy framework is lagging technology adoption. The table below provides an illustration of the state of planning and activity with IoT. No states have adopted policies or developed an IoT roadmap, while roughly 1 in 5 have moved to the formal discussion phase. The majority of states remain in investigations and informal discussion phase. Based on existing and planned deployments of IoT devices in states to support transportation, law enforcement, agriculture, environmental protection and other functions, it is clear state CIOs will need to address the current gaps in IT policy and security to provide more explicit direction.
To what extent is the Internet of Things on your agenda?
Unmanned Aerial Systems (UAS)
Another topic in the headlines is the deployment of unmanned aerial systems (UAS) or “drones.” Following on to a question we first posed in the 2014 survey, we asked CIOs to report on their leadership roles and policy engagement for the use of civilian UAS in state government.
Most CIOs report an unstructured role today – with a willingness to serve when called up – or no role at all. With the projected growth of UAS activities in state government, CIOs will certainly be more involved in the coming years as states deal with issues of data management, privacy and cybersecurity.
Conclusion & Report Methodology
This year’s survey covered a wide variety of topics – business models for delivering operational services, approaches for new systems and the personal qualities important to an effective state CIO. Nonetheless, a common theme emerged throughout the survey – the importance of agility and delivering value to the business customer. Emerging trends in IT development and operations, whether agile software development or flexible sourcing models for IT shared services, focus on the business customer and on rapidly delivering value to them in a dynamic and unpredictable environment.
The transition of the state CIO to a broker of services is consistent with this theme. CIOs must be effective relationship managers and communicators, and must use these skills to keep state CIO organization services relevant to their business customers. The state CIO organization must increasingly be seen as the provider of choice if it is to succeed, and the state CIO will lead this evolution.
SURVEY PURPOSE
Grant Thornton LLP, The National Association of State Chief Information Officers (NASCIO) and CompTIA have collaborated for a fifth consecutive year to survey state government IT leaders on current issues, trends and perspectives. The survey sponsors seek to provide these state government IT leaders with an opportunity to voice their thoughts and opinions on matters of high importance. Governors, legislatures and business leaders can benefit from these knowledgeable insights about essential state IT services. The full report is available to download and print here.
METHODOLOGY
In Spring, 2015, the sponsors jointly developed a series of questions reflecting both the new issues of the day as well as follow-up on some of the questions they included in the 2013 and 2014 survey. The questions were presented to state CIOs in an online tool, and between June and August 2015, they individually logged in and addressed the forty-six multiple-choice and open-ended questions. The response rate was excellent with 47 of the NASCIO member states and territories completing the survey. Primary respondents were the state CIOs, although deputy CIOs and other senior state IT leaders contributed. Throughout the survey, we refer to them all as state CIOs. Thirty-four of the respondents also participated in the 2014 survey. However, new perspectives were introduced by 28% of the respondents who are different due to the normal turnover that occurs in state CIO positions. We also conducted in-person interviews with 18 state CIOs and incorporated their ‘advice from the trenches’ along with the quantitative and qualitative responses to the online survey. Click here for a list of states and territories that participated in the survey.
ANONYMITY
This report reflects the responses and opinions of the survey respondents to the maximum extent possible. However, to preserve anonymity we do not attribute responses to specific individuals.
Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.GrantThornton.com
Grant Thornton’s Global Public Sector, based in Alexandria, Va., is a global management consulting business with the mission of providing responsive and innovative financial, performance management and systems solutions to governments and international organizations. We have provided comprehensive, cutting-edge solutions to the most challenging business issues facing government organizations. Our in-depth understanding of government operations and guiding legislation represents a distinct benefit to our clients. Many of our professionals have previous civilian and military public sector experience and understand the operating environment of government. Visit Grant Thornton’s Global Public Sector.
Founded in 1969, the National Association of State Chief Information Officers (NASCIO) represents state chief information officers (CIOs) and information technology (IT) executives and managers from the states, territories and District of Columbia. NASCIO’s mission is to foster government excellence through quality business practices, information management and technology policy. NASCIO provides state CIOs and state members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information and promote the adoption of IT best practices and innovations. From national conferences to peer networking, research and publications, briefings and government affairs, NASCIO is the premier network and resource for state CIOs. For more information, visit www.NASCIO.org.
The Computing Technology Industry Association (CompTIA) is the voice of the information technology industry. With approximately 2,000 member companies, 3,000 academic and training partners and nearly 2 million IT certifications issued, CompTIA is dedicated to advancing industry growth through educational programs, market research, networking events, professional certifications and public policy advocacy. Through its Public Sector Councils and its advocacy arm, CompTIA champions member-driven business and IT priorities that impact all information technology companies – from small managed solutions providers and software developers to large equipment manufacturers and communications service providers. CompTIA gives eyes, ears and a voice to technology companies, informing them of market trends and policy developments – and providing the means to do something about it. Visit www.comptia.org.
This site was produced on behalf of Grant Thornton by GEMG Custom Strategies, the marketing services division of Government Executive Media Group.
The editorial staff of Nextgov was not involved in its preparation.