Govciooutlook

Traversing the Contours of Technology Evolution to Achieve Goals

By Suma Nallapati, CIO, State of Colorado

Suma Nallapati, CIO, State of Colorado

1) How do you see cloud computing transforming your governance, and how have you embraced it?

It’s definitely transforming governance— from approach to enterprise solutions, to IT security, we have tried to ensure that our customers are comfortable with the effectiveness and security around solutions we propose that involve the cloud. It has changed the way we approach vendor solutions as well those that are cloud based offer the ability of scalability, and reusability—like Salesforce and Google.

2) Governments at all levels—local, state, national, transnational—are exemplifying the benefits of becoming e-governments. What are your thoughts on getting this act right?

The item that should be at the top of the list in this effort is user experience. We recently created the position of Digital Transformation Officer, who is responsible for looking across the enterprise to determine if citizen facing services were built with user experience in mind. If not, we have a User Experience expert who works to hone those applications. So to the question, the “getting it right” part is fixing those tools that did not address user experience needs, and ensure that we build all future applications with user experience considered at the beginning of the project.

"All decisions need to incorporate an assessment of the risk to ensure the decision doesn’t carry an unacceptable level of risk"

3) There is a lot of buzz these days around social media, mobile, cloud and tablets. Can you share with us how some of these technological trends will have significant impact on your business environment?

We are trying to transform the traditional business environment in government, by turning our access points into more of an “Amazaon.com” type experience. An example of this is MyColorado, a mobile app that we hope to get on line in the next year or so that will start with some initial government services for citizens to use from their device (mobile or otherwise), which we hope to build out so that eventually, any online government service can be reached through one portal. And it would be a “smart” app that could tell you when you log in, “your car registration is due in such and such time would you like to renew?” This is what our consumers expect in their everyday lives and government shouldn’t be any different.

4) Government has lots of information but can’t use it effectively to drive business. Data is both difficult to access and needed by more applications. How do you examine the effective and proactive use of data—how to consolidate, integrate and use it to drive business?

I am proud to say that Colorado was the first state to hire a Chief Data Officer… which was before my time at the state. However, our current Chief Data Officer has been working proactively with our agencies to encourage sharing of open data. Agencies and businesses can use the open data to find business solutions, instruct policy decisions, and be transparent for our citizens. We know that there is a reticence to share data, simply because there are security concerns. However, we are working to ensure that state agencies see the value of their data, and several have already started to gain results because they did share with us on our open data site—Colorado Information Marketplace.

5) What is the difference between a threat, vulnerability, and a risk?

A threat is something that exists all of the time, and is something you don’t control. For instance, the state of Colorado sees around 8.4 million security events per day. Many of these are external entities attempting to breach our security and we don’t have control over that. Vulnerability is a weakness within your own environment that can be eliminated by implementing a software patch. It can also be dealt with by implementing a compensating control such as making a change within the environment to curtail the impact of vulnerability exploitation. A risk is anything that jeopardizes the confidentiality, availability, and integrity of the business, its operations, or its data. Deploying in your own datacenter carries risks, such as the risk of having a key resource on vacation when there is an issue, the risk of exceeding your own capacity or support capabilities. Deploying in the cloud may carry other risks. All decisions need to incorporate an assessment of the risk to ensure the decision doesn’t carry an unacceptable level of risk.

6) Over the years, we have witnessed a massive change pertaining to the role of CIOs depending on the organization, the industry, the business strategies, the prevailing market conditions and the financial climate in terms of business value. How would you describe your own role as CIO has changed in the past couple of years?

In two years we moved mountains, and increased our customer service excellence by 20 percent, reduced our IT security risk score, surpassing the goals we set. We also started initiatives that made our services transparent to the customer—One View dashboards that track each agency’s projects including risk, budget and staffing and 5 year IT plans for each agency, so they could anticipate and budget for software upgrades, infrastructure maintenance, and so on. I used my role initially to galvanize that change, but CIOs are just as much managers of relationships, vendors, and champions for state innovation. I see IT innovation as my charge, and as CIO, I need to engage in key partnerships, and am happy to have a seat at the table of the Governor’s executive team. That is a big shift from the CIO role ten years ago.

7) With your rich experience of managing IT organization and steering technology for your enterprise, can you please share some of the unique lessons learned and your advice for fellow CIOs?

Employee engagement matters. It translates into customer service. We focused on that and increased our employee engagement by 12 percent in two years, when other agencies saw their scores go down. So I would say—it starts at the top if you value customer service and make that your purpose that will translate to your teams. If you value the employee, they will feel valued and perform better.

Ensure you are a trusted partner at the table with your agency customers. Once you’re delivering the basics, you can uplevel to advise your agencies on their IT solutions, so they aren’t going off and buying one-offs because a slick vendor came in the back door.

8) Are there any special considerations for securing services in the cloud?

It’s really critical to have a contract in place. I’ve seen situations where the business will start using a cloud service without reviewing the terms of use, and it may not actually have any provisions to secure the data that the business puts into that cloud service.

It’s important to have a contract in place, and to request third party audits that will demonstrate how the service provider is protecting the confidentiality of your data and availability of its service. These are just a couple of examples of the things you may want to look at, depending on the type of cloud service and the data that may come into scope.

New Editions