Security

Managed Service Providers Gain Domain Knowledge and Trust from State Governments

Faced with digitalization demands, CISOs require help from partners who know the score.

Jon Mazella is director of state and local government at CDW•G.

Reliance on and trust in managed service providers is growing among state governments, particularly for cybersecurity.

Last fall, Deloitte and the National Association of State Chief Information Officers (NASCIO) released a biennial cybersecurity survey of state CISOs. In the report, CISOs confirmed they were outsourcing security operations. Of CISOs surveyed, 52 percent said they outsourced their security operations centers. Others chose to outsource only specific functions, such as security information and event management, risk assessments, incident response, and more.

This increased reliance on managed service providers is no surprise for several reasons. States have rapidly increased digital transformation in the past two years, yet struggle still to hire qualified IT personnel, particularly cybersecurity staff. Meanwhile, managed service providers have gained greater competencies to respond to state and local government challenges.

Click the banner below to receive customized content by becoming an Insider.

How Governments Are Scaling Rapid Digital Transformation

State CISOs have gained more authority and enhanced visibility over the past several years as top officials embraced the importance of the role. Part of the renewed strength of CISOs springs from their role in the acceleration of digital transformation.

A Deloitte Insights post notes that governments became “wired but not transformed” in the past two decades. Many digitized front-end services while leaving internal systems unaltered. But in 2020, the pace of digital transformation accelerated tremendously. State governments expanded remote work and telehealth and established virtual courts and remote training.

This unprecedented digital expansion left state and local governments with the challenge of scaling these new offerings without the underlying technological foundation to truly do so. But managed service providers can help.

According to McKinsey, “The most successful government transformations are much more likely ... to deploy cutting-edge digital tools such as hybrid work platforms to strengthen their collaboration, communication and decision-making.”

The very nature of hybrid work platforms — connecting disparate locations with cloud services — is foreign to many state and local governments but very much the province of managed service providers.

EXPLORE: How railroads mitigate cyberthreats against their networks.

Why Cybersecurity Hinges on Hiring Qualified Personnel

As the Deloitte-NASCIO CISO survey notes, “As CISOs continue to build a robust in-house staff, they can turn to private-public partnerships to close the gap. Management of third-party vendors is maturing, as CISOs rely on them more to provide not only securities operations center functions but also forensic and legal support and cyberthreat risk assessments. CISOs have more confidence in the cybersecurity practices of contractors than other third parties such as local governments and higher education.”

There is a lot to think about here, but the big takeaway is that state CISOs cite the lack of cybersecurity professionals to hire as a top challenge. State governments have a long, drawn-out process for hiring new public sector personnel, and the private sector can make offers very quickly. So, states remain at a competitive disadvantage when it comes to hiring.

Roughly half of states say it takes three to six months to hire “mid-level personnel” and more than six months to hire directors, the survey says. This creates a manpower gap that CISOs may close by hiring qualified contractors or outsourcing security operations or specific functions to third-party managed service providers.

When dealing with gaps in competencies, CISOs turn to service providers. At least 79 percent of state governments have hired at least one cybersecurity contractor to work as a member of staff. To close competency gaps, 63 percent intend to outsource certain functional areas to contractors, while 78 percent seek to contract with a managed services provider.

Trusted managed service providers occupy a unique space for state governments pushing for digital transformation.”

Increasing Understanding and Improving Visibility of Your Environment

Private sector managed services teams have the right people, processes and tools in place to manage efficient operations 24/7. Working with state and local governments over the past several decades, many managed service providers have come to understand the unique and specific challenges and pain points involved.

Moreover, trusted managed service providers occupy a unique space for state governments pushing for digital transformation: They already are there. Take, for instance, a basic requirement for Disaster Recovery as a Service, through which state governments may seek to protect vital data in the event of a ransomware attack. Managed service providers live in that off-premises world and are therefore well positioned to assist with such a fundamental service.

States likewise have gained greater visibility and trust in managed service providers. In the Deloitte-NASCIO survey, 17 percent say they are very confident in the cybersecurity practices of their managed service providers, while 62 percent say they are somewhat confident in their partners.

And so begins a powerful time for trust and transformation between the public and private sectors.

This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.