Armed with more money and increased input from the Governor’s Office, Chief Information Officer Aaron Sandeen revamped the Statewide Strategic IT Plan for 2013 with a keen focus on modernizing and securing the state’s vital technology infrastructure while keeping costs down.
The plan’s three key components include streamlining and improving the ability of the state to engage in business, such as procurement activities, through the use of technology. The second is implementing a continuous improvement culture while reducing costs and the third is “maturing” the state’s IT community.
“The 2013 plan focuses on initiatives and execution of those initiatives, whereas in the past, it focused on where things were trending and was kind of more informational,” Sandeen said.
Sandeen added that another thing that sets the 2013 plan apart from the previous year’s is that the Arizona Strategic Enterprise Technology office — the successor to the Government Information Technology Agency (GITA) — received $9.9 million to set this year’s plan in action.
One vital component of the overall plan is a revamp of the state’s accounting system, which has long been a goal of government leaders.
The revamp, which is expected to be a three-to-five year project, is essential because the current accounting system, which handles the state’s overall $26.9 billion budget, is 20 years old.
“Every state agency leverages it,” Sandeen said. “This is going to replace that. (The current system) is so antiquated and outdated, it makes it difficult to even tell how much cash the state has on hand on one screen. You have to go to multiple screens for something as simple as that.”
As the state moves toward automating more government functions to increase efficiency and save money, the need for cyber security also increases. With breaches around the country costing millions of dollars to correct and exposing residents’ personal information to hackers, strengthening this security is also a major component of several of the goals of the state’s 2013 IT plan.
While there have been some incidents of major security breaches nationwide, including one in Utah in which thousands of public records were lost earlier this year, Sandeen said Arizona has not had any major security issues.
“Fortunately — knock on wood — we really haven’t had a major breach,” he said. “Last year there was an issue with email with the Department of Public Safety. That enforces us to be aware and how to protect ourselves and everybody in the state.”
Sandeen added that part of the task of the Government Transformation Office, which was formed in August by an executive order from Gov. Jan Brewer to “improve government processes by identifying best practices that eliminate inefficiencies and redundancies,” is learning from incidents from around the country to help update safeguards and security measures in Arizona.
“We (receive) updates, releases, inquiries and details that could have happened already,” Sandeen said. “Part of my team’s responsibility is to take that information and make sure we make those changes accordingly and make the state a safer place.”
And diligence in updating cyber security is worth the time, effort and money, according to Roberto Mejias, a clinical professor of information systems with the W.P. Carey School of Business at ASU. He says security breaches and cyber attacks have become commonplace.
“Some stats tell us that most organizations are breached 80 to 85 percent of the time,” Mejias said. “People don’t realize how effective hackers and crackers are in exploiting system weaknesses, accessing restricted databases and an organization’s information resources.”
The 2013 IT plan also includes safety training for state employees.
Mejias said employees should be trained using the SETA concept (security, education, training and awareness). He calls such training “essential” and said it should be mandatory because employees are generally reluctant to do it otherwise.
“Employees won’t just do it,” he said. “For one, they have to be aware of the range of cyber threats and cyber attacks out there in the wild, especially as they log on to various Internet sites from the corporate offices and computers.”
Sandeen acknowledged that the risks to public information are significant. That is why his team is working to ensure safety and has drafted the 2013 Strategic IT Plan accordingly.
“It’s our responsibility to protect data that we’ve been given to deal with,” he said.