New Jersey CTO Chris Rein Explains Why Hybrid Cloud Is Helpful for State Agencies

STATETECH:  You previously said, “...We build a foundational bottoms-up infrastructure that enables analytics and data-driven decision-making.” What does this mean for agencies?

REIN: New Jersey has a 2023-2025 strategic plan. It’s neither an operational nor a tactical plan, but rather a directional plan. Toward that end, it’s increasingly important to use data as we provide government services. We have data, and we need, therefore, analytics as well to inform our cabinet members, our governor, our chief of staff, our residents and our policymakers.

We have many agencies, and they are quite diverse. In New Jersey — and this is probably true everywhere — if you’ve seen one agency, you’ve seen one agency. They’re all different; so is their technology maturity, their technology budget and their staff maturity. So, to your question, I don’t know that it strictly says we keep our data here and our applications there. It’s not that, strictly speaking. I don’t think it’s that well-defined, and it’s certainly not a requirement to architect applications that way. For some data, it makes operational sense to have the data coexist with the application. But for some, in many cases, it does not.

For example, like many states, we still have a mainframe. The mainframe, by and large, is 60 to 80 percent of a given entity’s processing when it comes to large back-end processing. It’s processing all of the motor vehicle licenses, all the unemployment claims and more. Now, we have moved our mainframe into the cloud through Mainframe as a Service. Our mainframe data is not local, but when we’re providing Mainframe as a Service, it is available to all those other applications as though it were on-premises.

DIVE DEEPER: Why modernizing IT is a top priority for state and local governments.

STATETECH:  So, you provide customer service to your fellow agencies. They come to you with a technology need. And you provide them with what may be a hybrid cloud solution.

REIN: Of the many hundreds or thousands of applications, it’s probably an extremely small number that are stand-alone applications. There are a few, but they’re rare. Therefore, the implication is that almost every application must interface with or send update statuses to other applications, and those applications could be on-premises or in the cloud. The Office of Information Technology’s job is to provide the infrastructure. The agencies own their applications.

So that means the business intelligence — how this application works, what data’s in our database, all of that — is, in the model that we operate within, owned by the agency. So they have programmers, but they typically don’t have server and network professionals. That’s us. So, this is how we draw the distinction of responsibilities. It is part of my job to approve every technology-related procurement.

There’s not a clean way of making these decisions, but there are several factors to consider when making the decision of where to host a given application. We may grow something in AWS or grow it in Azure, and it may depend on what other applications this thing has to talk to. We may look at other factors if we are going to be on-premises.

STATETECH:  Is there an ambition for New Jersey to be cloud-first or cloud-smart? How do you talk about that?

REIN: Maybe I part ways with some of my colleagues on this topic. Perhaps some set a goal of going from 50 percent cloud to 80 percent cloud, for example. I would ask, why? What is it about 80 percent that makes you want to spend the money to move those applications? Maybe it’s the right decision. I’m not questioning that it’s the right decision. I’m saying, clearly, we need to have a return on investment where we can say this is a good idea for the taxpayers, whether it’s due to cost avoidance or whether it’s due to risk management.

Remember, when you put an application in the cloud, for the most part, you usually get two different availability zones. Right away, you get some resilience that’s built into the use of clouds.

In addition, you may avoid taking capital expenditures and buying servers and routers and big storage arrays. That could be a cost-avoidance move. And again, that typically applies more to growing in the cloud from the start. For example, we may have an application that is related to tax seasons. Well, it’s busy as heck in March and April, then it quiets down until business filings. Some applications must scale dramatically.

But static applications, which may have been written 10 or 20 years ago, most of them were not designed and written to use cloud-native features. To say cloud-native, we imply that we are taking advantage of cloud services and cloud architecture. We are not doing that if we simply migrate to someone else’s data center, perhaps one that happens to be owned by a CSP. That’s not taking full ROI advantage of cloud-native services — it’s a tricky decision, and sometimes is as much of an art as it is a science.

LEARN MORE: How this county upgraded its case management system with help from AWS.

STATETECH:  How do you handle legacy applications struggling to integrate with other technologies, and that being one of the biggest challenges facing state and local government IT today?

REIN: Not only is it one of the biggest challenges, but I feel it’s the biggest challenge, and it’s near the top of the list of greatest risk areas. An application may be running, and perhaps the last change was made to this system some time ago. But sometimes, when we need to update underlying software — like the operating system or security patches — sometimes they may not be backward compatible. We are then at risk. For those reasons, it is the largest challenge. It’s a high-risk situation to have these old legacy applications. We may retire some of this technical debt, which keeps us up at night, maybe by modernizing an application or building a new one and putting it in the cloud.

STATETECH:  How do you view your current security challenges and opportunities in the IT environment in New Jersey?

REIN: There are security concerns everywhere. The biggest concern, of all security concerns, is humans and the mistakes that we make with the keyboard and the mouse, emails that we open, sites that we go to and so forth. You can throw a lot of technology at the problem — and yes, there is a lot of great technology that helps mitigate security risks — but it’s the person, by and large, that remains the biggest risk. The next biggest risk is bad actors who want to do harm to our nation, our state, our citizens or residents.

You must build a secure operating environment in the cloud to protect your IT assets and to protect your traffic. When we’re going to transmit data from the state of New Jersey to the cloud, there are security measures, such as firewalls, data inspection and encryption. Generally, as stated earlier, the older an application, the more likely it’s going to have security risks.

EXPLORE: Here are five questions to ask when upgrading your Microsoft SQL server.

STATETECH:  Any additional thoughts on hybrid cloud?

REIN: As for hybrid cloud in New Jersey, the future’s bright. More and more, there’s information, there are more people learning about it and there are more people understanding the value of running in the cloud. However, the fact that you say the word “cloud” does not mean it’s a panacea for everything.

I feel that’s becoming better understood. We are growing our cloud skills and the breadth of our bench strength for cloud technology within our teams.  To answer your question, is it likely that the agencies will deepen their investment? Probably, but it’s also changing their investment. It used to be a case where I would find a software vendor, and I would pay for a big application and then I owned it. That’s called a perpetual license. I could legally run that application forever without paying any more.

That falls apart at some point, because we need updates or there may be a bug fix. So, we pay a percentage per year for maintenance, and a vendor monitors the application or upgrades it or fixes it.  This, of course, is a perpetual license with support. But now almost everything is a subscription model. We pay a flat rate per month, or we pay so much every year. That’s how almost all software and software services are now marketed and purchased. And so, it’s changing how agencies are investing in technology, and so is the use of hybrid cloud computing.