The architecture Colorado is developing needs to clearly grant permission to users and applications to access certain data sets, since not every user or app will need to or should access all other state data.
“The underlying technology to do these kinds of things isn’t that hard,” Neal-Graves says. “I think the hard part is really setting up the appropriate policies and controls so that you know how to manage that data. That’s the part that we’re trying to sort through.”
The technology needed to make those linkages could be as simple as adding an export or query capability to an old application or modifying databases such that external queries can access them, Schulz says. That can be done in a “safe, secure manner where you’re not actually introducing new threats or compromising that data,” he says, via programmatic APIs and other similar capabilities.
“The capabilities are out there, maybe not as elegant as some would like, but it really does come back to the policies around who can access” the data, Schulz says. “What, when, where, why and how can you grant those rights, those accesses, and how can you revoke the access in those controls so that you don’t have an inadvertent breach?”
Schulz adds: “Good news is if everything is connected. The bad news is if everything is connected, just think of the remedies.”
COMPLIMENTARY RESOURCES: Get the tools you need to modernize your IT infrastructure.
The Path Ahead for Digital Government Service Creation
The road to the holy grail of digital service delivery is a winding one, and many state and local agencies are still in the early stages of the journey.
“It’s a long, tough road to get to where we need to be,” Neal-Graves says. The state has had some early success with its myColorado digital ID, but Neal-Graves says this is “just scratching the surface.”
“The challenge that we have with those types of applications is that we’re trying to do new things on a very old legacy infrastructure. That’s why that investment to try to bring that stuff forward is so important,” he adds.
Schulz says IT leaders should take a step back and consider what factors are preventing applications from being moved off legacy mainframes and architectures. Maybe there isn’t reliable source code or the app is too fragile or there aren’t enough people with the right skill sets to modernize the apps. Over the years, developers may have put in place hooks or APIs that tied apps to particular systems.
“That’s the bad news,” Schulz says. “What’s the good news? Don’t do it again, unless you’re not going to worry about what happens in 10, 20 years from now.”
RELATED: States can follow Montana’s lead on moving off of mainframes.
IT officials and workers may be tempted to repeat the same approach and tie themselves to a newer service from a vendor partner due to a really appealing feature, Schulz says. “So, there is that opportunity of moving forward and learning from the lessons of the past,” he says.
Quinn says everything Vermont is doing “is done by design to be able to make it easier later on to put these systems together, to integrate and provide a platform to the citizens that will always be up to date and won’t have to be supported on the back end by a workforce here at the state.”
Vermont IT staff will be able to “be experts in the actual application, but we won’t be having to do things like updates to the servers. We won’t need to be doing updates to the application, necessarily, from a security patch standpoint,” he says. “We won’t need to be upgrading our data center.”
“These are all things that will give us the ability to focus in on our customers, the business users, Vermonters,” Quinn notes, “and to really focus on becoming experts on those applications to provide the best service possible.”