CDW-G assesses state, local IT spending
It looks at what is involved in developing robust IT security.
A new study found that consistent executive and legislative leadership, strong academic programs, and significant information sharing through user groups and associations necessary for developing robust information technology security in state and local governments.
CDW Government released “Technology Investment Curve,” a comprehensive study of state, city and county government spending on IT security products, today.
Andy Lausch, director of CDW-G’s public-sector sales for state and local government, said the study shows an unbiased view of purchasing data over five years, from 2000 to 2005, and a measure of how pervasive technology is throughout a state.
Unlike the federal government, state and local governments do not have a unified framework for assessing technology purchases, Lausch said. The study is a way to provide better insight into purchasing data – including the current assessment of the market and future trends – to government and industry officials, he said.
But the study does not show how state and local governments have implemented their IT security investments and security postures, he added. It is a way of measuring certain core elements involved in looking at security strategy, Lausch said. The study also does not provide figures showing how much money each state has invested in IT security.
The study combines state and local government data to provide an index of how well states did as a whole in terms of IT security purchases. It breaks down states’ investments in products – including network security, security software and antivirus software – and also ranks them in terms of IT security investment.
But the index is not intended to show that some states are better at security than others, Lausch said.
This is “absolutely not a ranking of IT program success at any level,” he said. “Investment is one key component in looking at the eventual success of security programs. There’re people, there’re processes, there’s technology. Investment technology – clearly being a part of that – is just one of the inputs.”
CDW-G representatives said the study’s goal is to improve market dialogue around state purchasing and security technology usage.
Mike Weir, CDW-G’s segment manager for state and local government marketing, said the index provides some examples of leading or early investors in adopting security technology and showing common characteristics.
For example, the study provides brief profiles of some “lead investor” states such as Ohio, Michigan, Wisconsin, Washington and Massachusetts. In Ohio, the state government’s IT office sponsors a network vulnerability and risk assessment program, while Wisconsin operates strong academic information security programs at the undergraduate and graduate levels, according to the study.
Common indicators among leading states are strong and consistent leadership, established academic information assurance programs, use of statewide user groups and associations to provide education, IT budget support and early development of security programs.
“By identifying these common indicators and going into, very specifically, lead investor states and showing a few concrete examples of what they’ve done, we’re trying to give the public an understanding of maybe some necessary things or examples of things that they could leverage in the future,” Weir said.
The Center for Digital Government helped develop the study to quantify the number of users in the state and local sector and compare it with CDW-G’s customer database. The margin of error of the report is less than 2 percent, Lausch said.
He said the company will provide the study to its state and local customers, which can then compare themselves with one another and share best practices with the goal of improving their security.
CDW-G, which had total public-sector sales of $1.89 billion in 2005, plans to introduce similar studies in various categories with yearly to 18-month updates.
NEXT STORY: Panel: Industry crucial to fighting cybercrime