StateTech Magazine - Technology Solutions That Drive Government https://statetechmagazine.com/rss.xml en Q&A: California CIO Amy Tong Calls for More Focus on Cybersecurity https://statetechmagazine.com/article/2019/01/qa-california-cio-amy-tong-calls-more-focus-cybersecurity <span>Q&amp;A: California CIO Amy Tong Calls for More Focus on Cybersecurity</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 01/18/2019 - 11:54</span> <div><p>California’s ca.gov website ranks among the 150 most popular websites in the United States. That may be because it’s so easy to use. Indeed, California receives high marks for offering citizen services digitally. To advance California’s status as a digital leader, state CIO Amy Tong emphasizes <strong>making strategic investments, brokering services for other agencies and bolstering cybersecurity</strong>.</p> <p>In an interview with <em>StateTech</em>, Tong described how far California has come in its modernization efforts and what more she and others must do, particularly to defend against cyberthreats.</p> <p><em><a href="https://statetechmagazine.com/register" target="_blank"><strong>GET STARTED:</strong> Register for the StateTech Insider program today</a>.</em></p> <h2><span style="color: #c74037;">STATETECH: </span>The Center for Digital Government’s 2018 Digital States Survey recently gave California an A- grade for its practices. What factors led to California getting such a high grade? </h2> <p><strong>TONG: </strong>We’re very happy and very grateful for the fact that <strong>we were able to get a grade of A-, which is up from our B+ for the past 10 years</strong>. A lot of hard work made that happen. In addition to the work associated with agile development and project management, we increased our presence in project oversight to ensure that large investments are well managed. We also have modernized IT procurement to support our agile methodology. We started doing more modular procurement so that things can move faster with a lower risk.</p> <p>We also put a lot of emphasis on public safety, public communication networks and the services that are needed. In addition to the A- grade, we ranked first in public safety.</p> <h2><span style="color: #c74037;">STATETECH: </span>At the NASCIO 2018 conference the organization promoted the concept of the state CIO as a broker. What do you think of that model? </h2> <p><strong>TONG: </strong>State CIO as a broker is absolutely the path that we take in California. In fact, we took on that role publicly about two years ago when I first came on board. We as a state technology organization cannot do everything ourselves. There are a lot of resources out there and a lot of partners we can tap into. It’s a matter of how to facilitate those partnerships with a focus on delivering business outcomes.</p> <p>So, we are actively reaching out to our private sector partners to let them know what they can do to help the state. We don’t need to do everything ourselves. And <strong>we’re continuing to increase brokering services for our customers based on their </strong><strong>demands</strong>, so that we can continue to adjust what services California requires and who our partners should be.</p> <p><script type="text/javascript" src="//sc.liveclicker.net/service/getEmbed?client_id=1526&amp;widget_id=1337090682&amp;width=640&amp;height=360"></script></p> <h2><span style="color: #c74037;">STATETECH: </span>If budget wasn’t an issue, what would be on your wish list for modernization? </h2> <p><strong>TONG: </strong>I would absolutely want <strong>more emphasis on cybersecurity</strong>. Today, it’s still an afterthought when it comes to budgeting, although there’s heightened awareness of the need for cybersecurity.</p> <p>I don’t think enough folks see cybersecurity protections as part of the cost of doing business. Obviously, the adversaries use cyberthreats as a way to threaten us. If they were to operate without budget constraints, what would we spend to stop them?</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11391"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Mickey_McCarter.jpg?itok=tWzGOlTU" width="58" height="58" alt="Mickey McCarter" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11391"> <div>Mickey McCarter</div> </a> </div> <div class="author-bio"> <p> <div><p>Mickey McCarter is the senior editor of StateTech Magazine.</p> </div> </p> </div> </div> </div> </div> Fri, 18 Jan 2019 16:54:57 +0000 phil.goldstein_6191 42016 at https://statetechmagazine.com Botnet Attacks: How City Governments Can Defend Against DDoS Attacks Fueled by IoT Botnets https://statetechmagazine.com/article/2019/01/botnet-attacks-how-city-governments-can-defend-against-ddos-attacks-fueled-iot-botnets-perfcon <span>Botnet Attacks: How City Governments Can Defend Against DDoS Attacks Fueled by IoT Botnets</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 01/17/2019 - 09:49</span> <div><p>As smart cities deploy more Internet of Things devices, they face a growing risk from <strong>botnet attacks</strong>, according to IT security experts. </p> <p>“More devices mean more opportunities for botnets,” says Chris Wysopal, CTO and co-founder of application security firm Veracode. “Every connected device that has any kind of programmability is potentially going to become part of a botnet.” </p> <p><strong>Botnet attacks can take control of IoT devices in smart cities</strong>, making such IoT devices weaponized so that they can be used to launch distributed denial of service attacks. These DDoS attacks can send massive amounts of bandwidth to internet gateways and network devices to cripple connectivity to city websites, Wysopal notes. However, they can also be used in DDoS attacks at the application layer, sending traffic directly to IoT devices to tie up their computing power or starving them of resources that are not necessarily network related. </p> <p><a href="https://mendoza.nd.edu/research-and-faculty/directory/mike-chapple/" target="_blank">Mike Chapple</a>, an associate teaching professor of IT, analytics and operations at the University of Notre Dame (and <a href="https://statetechmagazine.com/author/mike-chapple">a<em> StateTech</em> contributor</a>), says that as cities increase their dependence upon IoT technology, “it is important that they realize this dependence comes with increased technology risk,” and “one of those risks is the ability of a malicious attacker to conduct a DDoS attack, <strong>depriving a city of the use of their IoT devices</strong>.” </p> <p>The threat comes as smart cities are booming. <a href="https://www.idc.com/getdoc.jsp?containerId=prUS44159418" target="_blank">IDC expected</a> smart city initiatives to attract technology investments of more than <strong>$81 billion</strong> globally in 2018, and spending is set to grow to <strong>$158 billion</strong> in 2022. Just the IoT technology revenues across 12 key smart city technologies and verticals will grow from around <strong>$25 billion</strong> in 2017 to <strong>$62 billion</strong> in 2026, <a href="https://www.prnewswire.com/news-releases/global-smart-cities-iot-technology-revenues-to-exceed-us60-billion-by-2026-300582127.html" target="_blank">according to ABI Research</a>.</p> <p>And as cities deploy more sensors and IP-connected devices for everything from <a href="https://statetechmagazine.com/article/2018/12/smart-cities-gain-efficiencies-iot-traffic-sensors-and-data-perfcon">traffic cameras</a> to sensors that <a href="https://statetechmagazine.com/article/2018/11/7-things-become-smart-smart-city">monitor infrastructure</a>, they also run the risk of <a href="https://statetechmagazine.com/article/2018/11/cities-are-getting-smarter-and-more-vulnerable-cyberattacks">inviting more </a><a href="https://statetechmagazine.com/article/2018/11/cities-are-getting-smarter-and-more-vulnerable-cyberattacks">cyberattacks</a>. Botnet attacks resulting from IoT vulnerabilities pose a serious risk that city governments need to guard against, experts say. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">What Is a DDoS Attack?</h2> <p><strong>A DDoS attack</strong> is a cyberattack in which multiple compromised systems attack a given target, such as a server or website, to deny users access to that target. Attackers often use compromised devices — desktops, laptops, smartphones or IoT devices — to command them to generate traffic to a website in order to disable it, in ways that the user does not even detect.</p> <p>“The smart cybercriminal imposes limits on the malware code to avoid detection by not utilizing too much of the user’s bandwidth or system resources,” Carl Danowski, a CDW service delivery architect in managed services, <a href="https://blog.cdw.com/security/hyperscale-cloud-offers-additional-protection-ddos-attacks" target="_blank">writes in a blog post</a>. “The user would have to know where to look to detect this, and probably won’t be motivated to as long as the software doesn’t cause any problems for them. The attack does not use just a single system but millions of such compromised systems, nearly simultaneously.”</p> <p>The malware then visits or sends special network packets (OSI Layer 7 and Layer 3, respectively) to the website or DNS provider. The attack then generates what looks like, to most cybersecurity tools, normal traffic or unsuccessful connection attempts.</p> <p>“However, <strong>the website soon becomes unavailable as some part of the infrastructure can no longer handle the sheer number of simultaneous requests</strong>,” Danowski notes. “It could be the router, the firewall, the web servers, the database servers behind the web servers — any number of points can become overwhelmed, leading to the unavailability of the service they are providing. As a result, legitimate users of the website are denied service.”</p> <p><a href="https://statetechmagazine.com/article/2018/12/why-cybersecurity-planning-should-be-top-priority-local-agencies" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover why cybersecurity planning should be a top priority for local agencies. </em></a></p> <h2 id="toc_1">What Is a Botnet Attack?</h2> <p>Botnet, shorthand for “robot network,” attacks are related to DDoS attacks. Not all botnets are malicious; a botnet is a simply a group of connected computers working together to execute repetitive tasks, and can keep websites up and running. However, <strong>malicious botnets use malware to take control of internet-connected devices</strong> — such as smart city devices and IP-connected cameras — and then use them as a group to attack.</p> <p>Importantly, these devices “are under the control of a single attacking party, known as the ‘bot-herder,’” <a href="https://www.cdwg.com/content/cdwg/en/brand/paloalto.html" target="_blank">Palo Alto Networks</a> notes in <a href="https://www.paloaltonetworks.com/cyberpedia/what-is-botnet" target="_blank">a blog post</a>. “Each individual machine under the control of the bot-herder is known as a bot. From one central point, the attacking party can command every computer on its botnet to simultaneously carry out a coordinated criminal action.”</p> <p><img alt="Mirai-2.gif" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/Mirai-2.gif" /><br /><span style="font-size: 11px; line-height: 20.8px;">An illustration of the global Mirai botnet attack on DNS provider Dyn in October 2016. Photo: Joey Devilla/Wikimedia Commons </span></p> <p>Botnets can sometimes be composed of <strong>millions of bots</strong>, which then enables the attacker to “perform large-scale actions that were previously impossible with malware,” Palo Alto adds.</p> <p>What makes botnets especially nefarious in the world of cybersecurity is that, since they remain under control of a remote attacker, “infected machines can receive updates and change their behavior on the fly. As a result, bot-herders are often able to rent access to segments of their botnet on the black market for significant financial gain,” Palo Alto says in the blog post.</p> <p><a href="https://statetechmagazine.com/article/2018/12/network-and-it-security-needed-defend-smart-cities" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out about the network and IT security solutions needed to defend smart cities. </em></a></p> <h2 id="toc_2">The Threats Botnet Attacks Pose for Smart Cities</h2> <p><strong>Botnet attacks can take advantage of IoT vulnerabilities</strong> and lead to significant disruptions in services — not just of the affected IoT devices, but other systems and devices as well, experts say. Wysopal notes that although many IoT devices are placed behind firewalls or routers with network address translation, it is not impossible for attackers to gain access to them.</p> <p>The National Institute of Standards and Technology is working on a draft document, “<a href="https://www.nist.gov/news-events/news/2018/09/draft-nistir-8228-considerations-managing-iot-cybersecurity-and-privacy" target="_blank">Considerations for Managing IoT Cybersecurity and Privacy Risks</a>,” which notes that many IoT devices interact with the physical world in ways conventional IT devices usually do not. That means there are IoT vulnerabilities city IT admins need to be guarding against. </p> <p>Further, NIST notes, many IoT devices “cannot be accessed, managed, or monitored in the same ways conventional IT devices can,” and the “availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.”</p> <p>“If IoT devices are deployed and secured just like conventional IT devices, they will be much more likely to be not only exposed to DDoS and botnet attacks, but also <strong>vulnerable to compromise in order to force them to perform such attacks</strong>,” says Karen Scarfone, the principal consultant for <a href="http://www.scarfonecybersecurity.com/" target="_blank">Scarfone Cybersecurity</a> (and <a href="https://statetechmagazine.com/author/karen-scarfone">a <em>StateTech</em> contributor</a>).</p> <p>If a city has deployed thousands of smart energy meters that all have a similar cybersecurity vulnerability, they could all be taken over in one botnet attack, Wysopal notes. Any time a city government is deploying a large number of similar IoT devices, which all may have the same vulnerability,<strong> “that botnet risk should be a part of your calculation”</strong> of how much time, resources and security will be needed to secure those devices.</p> <p>Another aspect of the threat is that the botnet could be used to attack the city’s own networks and services, Wysopal says. “Leveraging maybe the smart meter devices to then go and attack the traffic network,” he says. </p> <p><a href="https://statetechmagazine.com/article/2018/10/what-massachusetts-can-do-combat-iot-security-threats" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover how Massachusetts assessed its IoT vulnerabilities. </em></a></p> <h2 id="toc_3">How Can City Governments Defend Against IoT Botnet Attacks?</h2> <p>As cities deploy IoT devices for smart cities projects, <strong>“they must include security planning into those discussions,” </strong>Chapple notes, if they want to ward off botnet attacks. </p> <p>The “most important control” that cities can deploy is<strong> the use of network segmentation tools </strong>that isolate IoT devices from the internet at large, Chapple says. That will limit the spread of an attack that exploits IoT vulnerabilities. “Placing IoT devices on a segmented network prevents external traffic from reaching them and reduces their vulnerability to DDoS and other attacks,” he says.</p> <p>“One of the important things is to design these networks such that your average government worker’s computer, which may be connected to the office Wi-Fi, can’t talk to the IoT devices that are running a smart city, with segmentation” Wysopal adds. “The risk is attacking an employee’s computer and then using that as a stepping stone to get to these Internet of Things networks.” </p> <p>To guard against DDoS and botnet attacks, city IT departments should also <strong>deploy network monitoring and intrusion detection solutions</strong> that can detect when botnets are using are attempting to connect with known command and control servers, Wysopal says. Intrusion detection systems can detect if compromised workstations are scanning the network for vulnerabilities, for example. However, that detection will likely come after a device or series of devices have already been compromised.</p> <p><script type="text/javascript" src="//sc.liveclicker.net/service/getEmbed?client_id=1526&amp;widget_id=1479324680&amp;width=640&amp;height=360"></script></p> <p>As they work to counter the botnet threat, city network managers can deploy <a href="https://statetechmagazine.com/article/2018/11/how-network-performance-monitoring-and-diagnostic-tools-can-help-track-smart-city-iot-devices-perfcon">network performance monitoring and diagnostic tools</a>, which can give them a baseline for network traffic so they can determine if something is anomalous. </p> <p>A key element of guarding against botnet attacks and IoT vulnerabilities is for cities to not deploy devices that have vulnerabilities to begin with, Wysopal says. Before a city purchases and deploys IoT devices, it needs to <strong>work with vendors to ensure basic cybersecurity practices are followed</strong>, such as not having hard-coded passwords. Additionally, if a vulnerability is discovered and becomes widely known, cities should know how quickly their IoT devices can be patched and updated and how much work that will require. </p> <p>“Once a vulnerability becomes public, there’s that risk. Attackers will start to go after all devices of that type,” he says. “if your city has deployed those devices, you’re at risk until you update.<strong> So how easy has the vendor made the update process?</strong>” City IT leaders should also determine that vendors are using secure coding practices to create software for their IoT devices.</p> <p>Aside from network segmentation, intrusion detection and supply chain security, there are also basic cybersecurity measures cities can take to protect IoT devices. The NIST publication provides a draft list of 15 cybersecurity and privacy capabilities all organizations should consider implementing for their IoT devices, Scarfone notes.</p> <p>“The first one is the ability to identify each IoT device both logically and physically. An agency may take it for granted that they can identify every device, but in the IoT world this is not the case,” she says. “If a DDoS attack occurs, the agency may need to be able to rapidly identify affected devices or, if the agency’s own devices are performing the DDoS attack, which devices are responsible.”</p> <p>Other steps include having <strong>an inventory of the software on each IoT device</strong>, having the ability to securely patch each IoT device and control configuration changes, and having the ability to control local and remote access to each IoT device, Scarfone notes.</p> <p>“These are all generally taken for granted in the conventional IT world, but many IoT devices do not offer all these capabilities,” she says. “To compensate for this, agencies may need to use network-based security controls, such as firewalls and gateways, instead of relying on controls within individual IoT devices.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is the web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 17 Jan 2019 14:49:42 +0000 phil.goldstein_6191 42011 at https://statetechmagazine.com The StateTech Insider Program: Gain Access to Exclusive Content and Insights https://statetechmagazine.com/article/2019/01/statetech-insider-program-gain-access-exclusive-content-and-insights <span>The StateTech Insider Program: Gain Access to Exclusive Content and Insights</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 01/16/2019 - 14:00</span> <div><p>As a state or local official, you’re swamped when it comes to keeping up with the latest and greatest in government tech. You can count on <em>StateTech</em> to advise you on IT management and general tech know-how. But there’s so much to sift through across social media, online searches and hallway conversations. That’s why we’ve taken the time to <strong>reimagine our Insider program in a way that’s smarter, more user-friendly and, ultimately, more valuable</strong>.</p> <p><em>StateTech</em> Insiders <a href="https://statetechmagazine.com/register"><strong>gain access to personalized recommendations</strong></a> and our most in-depth, premium articles, videos and more. Insiders can unlock access to white papers, view daily fast facts, save articles to read later and weigh in on trending topics through Insider polls.</p> <p><em><a href="https://statetechmagazine.com/register" target="_blank"><strong>GET STARTED:</strong> Register for the StateTech Insider program today</a>.</em></p> <h2>Custom Dashboard Gets Smarter as You Use It </h2> <p>What I find most exciting about the new Insider content dashboard is that<strong> the more you use it, the smarter it gets</strong>. Insiders select the topics and subjects they want to learn more about or that affect their day-to-day, and receive personalized Insider updates based on those preferences. That means you can easily read what’s important to you first, when you want it, without having to lose time on a search or perusing nonessentials. </p> <p>When content catches your eye, but you don’t have time to read it, you can tap or click a flag found on every article or video to save it in your library and quickly access it later.</p> <p>Beyond the cool factor of having articles served up based on your personalized interests and reading habits, <em>StateTech</em> Insider <strong>also offers users access to a growing library of exclusive</strong> content not available to the general website or print magazine audiences. You won’t want to miss out on what’s in store.</p> <p>Visit <a href="https://statetechmagazine.com/register">statetechmag.com/register</a> to become an Insider today. There, you can also<strong> renew or sign up to receive a print subscription, as well as our e-newsletter</strong>, which brings must-read content to your inbox twice a month.</p> <p>Thank you for making <em>StateTech</em> a part of your workday. As always, we’re here to help.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/ryan-petersen"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/ryan-petersen-2013-headshot.jpg?itok=iV6msfy0" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/ryan-petersen"> <div>Ryan Petersen</div> </a> <a target="_blank" class="google-plus" href="https://plus.google.com/110888965639568833839/posts?rel=author"><span>Google+</span></a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=RyanPete&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Ryan has been a magazine and newspaper editor for 18 years, with the last 12 covering a variety of bases for CDW’s family of tech magazines. As Editor in Chief, he works on developing editorial strategy and is always on the lookout for new writing talent and sharing great stories with the IT world. In his spare time, Ryan enjoys spending time with his family, biking and obsessively following Iowa Hawkeye sports and Cubs baseball.</p> </div> </p> </div> </div> </div> </div> Wed, 16 Jan 2019 19:00:46 +0000 phil.goldstein_6191 42006 at https://statetechmagazine.com State Cybersecurity Centers Nurture Solutions and Relationships https://statetechmagazine.com/article/2019/01/state-cybersecurity-centers-nurture-solutions-and-relationships <span>State Cybersecurity Centers Nurture Solutions and Relationships</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 01/16/2019 - 09:40</span> <div><p><a href="https://statetechmagazine.com/article/2019/01/how-colorado-mounted-best-defense-against-ransomware">High-profile </a><a href="https://statetechmagazine.com/article/2019/01/how-colorado-mounted-best-defense-against-ransomware">cyberattacks</a> have certainly produced cause for concern, but bigger threats loom on the horizon, say state and local leaders. “Data breaches are going to be the least of our problems if and when the day comes that threat actors hack into connected physical systems and cause serious injuries and deaths,” warns New Jersey CISO Michael Geraghty.</p> <p>As director of t<a href="https://www.cyber.nj.gov/" target="_blank">he New Jersey Cybersecurity and Communications Integration Cell</a>, Geraghty is responsible for preparing for such doomsday scenarios. The aim of the NJCCIC is to make New Jersey <strong>more resilient against </strong><strong>cyberattacks</strong><strong> by serving as a cybersecurity clearinghouse</strong>, sharing threat intelligence and best practices with public agencies, private businesses and citizens throughout the state.</p> <p>NJCCIC’s reach has extended far beyond the borders of the Garden State. As the nation’s first state-level cyber-security information-sharing and analysis organization, it has opened the door for <strong>similar centers in California, Georgia and a handful of other states</strong>. These state cybersecurity centers now serve as the coordinating organizations for identifying a range of threats, <strong>marshaling stakeholders to combat those threats</strong> <strong>and training the next generation of cybersecurity experts</strong>.</p> <p>“I think everybody’s realizing that there’s a need for a focal point — people who are focused on this on a daily basis and not as 25 percent of their jobs,” says Michael Garcia, senior policy analyst with the <a href="https://www.nga.org/bestpractices/divisions/hsps/" target="_blank">Homeland Security &amp; Public Safety Division</a> of the National Governors Association Center for Best Practices. Cybersecurity touches every aspect of government — hospitals, schools, even elections. “You can’t just have a hodgepodge of activities,” Garcia says. “It requires a coordinated effort.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_HowStrong%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity-report_HowStrong%20(2)_0.jpg" /></a></p> <h2 id="toc_0">New Jersey Pushes to Think About Cybersecurity Holistically </h2> <p>A year after NJCCIC’s creation, New Jersey moved responsibility for strategic and enterprise cybersecurity out of its <a href="https://tech.nj.gov/about/index.shtml" target="_blank">Office of Information Technology</a> and into its <a href="https://www.njhomelandsecurity.gov/home/" target="_blank">Office of Homeland Security and Preparedness</a>, which oversees NJCCIC. </p> <p>“Today, <strong>cybersecurity is much more than just an IT issue</strong>. In the days when IT consisted of data processing and communications, organizing information security within an IT organization made sense. But now, technology — embedded systems — exists in all aspects of a business and all aspects of our lives,” Geraghty says. </p> <p>Over time, the Internet of Things will become a greater part of everyday life, likely disrupting solutions to various problems, he adds. IT officials will face many challenges outside of their traditional domain, but they also will find new opportunities to impact the health and welfare of citizens. </p> <p>“Instead of looking at this only as a cyber problem,<strong> we have to treat this holistically as a security problem</strong>,” Geraghty says. “The lines between physical security and cybersecurity have been blurred, and eventually they will be erased.”</p> <p>As a component organization within OHSP, the NJCCIC works with a broad array of partners, including the New Jersey State Police, the FBI, the Department of Homeland Security, the <a href="https://www.cisecurity.org/ms-isac/" target="_blank">Multi-State Information Sharing and Analysis Center</a> and a host of other public and private organizations, creating a sort of security ecosystem. At last count, that ecosystem consisted of <strong>more than 4,000 organizations globally</strong>. </p> <div class="sidebar_wide"> <h3>6 Tips for States Weighing Cybersecurity Centers</h3> <p><strong>1. “Take inventory of existing state programs,” </strong>advises Garcia. What information sharing exists within the state fusion center? How many cybersecurity analysts are employed across state and local agencies?</p> <p><strong>2. “Leverage federal resources,”</strong> such as the Multi-State Information Sharing and Analysis Center, Garcia adds.</p> <p><strong>3. “Connect with states that already have cyber centers. </strong>For instance, New Hampshire has expressed interest in being a Northeast hub,” says Garcia. </p> <p><strong>4. Decide on a centralized model </strong>or one that pulls partner organizations together for a “one-team, one-fight approach,” says California CISO Peter Liebert.</p> <p><strong>5. “Plan beyond the technology,” </strong>Liebert says. “Many factors go into planning a cyber center, including state laws, policies, resources and jurisdictional lanes.”</p> <p><strong>6. “Choose a space that’s collaborative yet conducive to classified briefings,” </strong>advises Georgia CIO Calvin Rhodes. The Georgia Cyber Center has the open design of a technology company but also compartmentalized floors for classified discussions.</p> </div> <p>“No one organization has all the answers,” Geraghty says. “Going at this problem alone is foolish and doomed to fail, but by working together and sharing information, we have a much better chance of succeeding.” </p> <p>NJCCIC <strong>uses an array of tools and technologies to support its defense-in-depth approach to cybersecurity</strong>. These technologies include intrusion detection and prevention systems, security information and event management systems, incident response systems, web application firewalls, endpoint security and a data lake that takes in various security events from agencies across state government.</p> <p>“We are agnostic when it comes to technology,” Geraghty says. “Our decision on what technology to use <strong>comes down to whether it works for us in our environment</strong>. We make a lot of our decisions based on simplicity. We do not want to spend our limited resources caring for and feeding the technology. Does the security technology work for us, or are we winding up working for the technology?” </p> <p><a href="https://statetechmagazine.com/article/2018/11/vermont-aims-open-cybersecurity-operations-center-spring-2019" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out about Vermont's plans for its own cybersecurity center. </em></a></p> <h2 id="toc_1">California Forges Alliances with Its Cybersecurity Center </h2> <p>Cybersecurity centers operate much like fusion centers, except instead of compiling and distributing intelligence about broad vulnerabilities, <strong>they focus specifically on digital threats</strong>. In fact, many cybersecurity centers, such as NJCCIC and <a href="https://www.caloes.ca.gov/cal-oes-divisions/law-enforcement/california-cybersecurity-integration-center" target="_blank">the California Cybersecurity Integration Center</a>, or Cal-CSIC, grew out of their state fusion centers. </p> <p>Former California Gov. Jerry Brown established Cal-CSIC through an executive order on Aug. 31, 2015, but it took until June 2017 for the team to fully ramp up, says Mario Garcia, the agency’s acting commander. In September 2018, Brown signed a bill codifying the center into law. </p> <p><strong>“Absolutely every state should make sure that they have this addressed,”</strong> says California CISO Peter Liebert. “There are states that are lagging behind, but we’re talking about it, which is good news.”</p> <p>Rather than dedicate a single organization to focus on cybersecurity, California opted to <strong>pull representatives from various agencies onto the Cal-CSIC team</strong> so that it would have multiple perspectives — a model recognized by the National Association of State Chief Information Officers with a 2018 special recognition award. </p> <p><script type="text/javascript" src="//sc.liveclicker.net/service/getEmbed?client_id=1526&amp;widget_id=1479324680&amp;width=640&amp;height=360"></script></p> <p>Cal-CSIC partnerships begin with what it refers to as the <strong>4-Core Partnership</strong> — full-time representatives from the California Military Department, the state’s department of technology, the California Governor’s Office of Emergency Services and the state’s highway patrol — and extend to various state and federal agencies and businesses. </p> <p>“The end result is that<strong> you don’t have multiple agencies all trying to attack the same problem in a stovepipe</strong>,” Garcia says. </p> <p>Cal-CSIC’s goal is to incorporate <strong>new</strong><strong> automated threat intelligence–sharing technologies</strong> so that it can receive real-time alerts and threat information from its many partners. “We’d like to see very quickly whether the entire state or a specific sector or industry is under attack so we can more readily focus our energy on protecting that particular sector or alerting the entire state,” Garcia says.</p> <p>The <a href="https://cdt.ca.gov/" target="_blank">California Department of Technology</a> has been working toward that end by passing information from state stakeholders on the California Government Enterprise Network to Cal-CSIC. “<strong>Kind of like a hub-and-spoke model </strong>— we provide all that information to Cal-CSIC and then distribute that across the state,” Liebert says. </p> <p>CDT’s cybersecurity portfolio includes <a href="https://www.cdwg.com/search/?key=Splunk%20Enterprise&amp;searchscope=all&amp;sr=1" target="_blank">Splunk Enterprise</a>, <a href="https://www.cdwg.com/search/?key=FireEye%20Network%20Forensics&amp;searchscope=all&amp;sr=1" target="_blank">FireEye Network Forensics</a>, <a href="https://www.cdwg.com/search/?key=Trend%20Micro%20TippingPoint%20Advanced%20Threat%20Protection%20for%20Networks&amp;searchscope=all&amp;sr=1" target="_blank">Trend Micro TippingPoint Advanced Threat Protection for Networks</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/crowdstrike.html?enkwrd=CrowdStrike" target="_blank">CrowdStrike</a> endpoint protection and <a href="https://www.cdwg.com/content/cdwg/en/brand/symantec.html?enkwrd=Symantec" target="_blank">Symantec</a> endpoint protection and encryption, according to the Cal eProcure portal.</p> <p>CDT is internally vetting a host of technologies — including <strong>endpoint protection, endpoint detection, and response and lateral (east-west) traffic security analysis</strong> — with plans to offer them as services to partner agencies and departments next year. It also plans to offer anti-phishing training and security training as a service and continuous monitoring as a service, Liebert says.</p> <p><a href="https://statetechmagazine.com/article/2018/12/why-cybersecurity-planning-should-be-top-priority-local-agencies" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover why cybersecurity planning should be a top priority for local agencies. </em></a></p> <h2 id="toc_2">Georgia Works to Build the Cyber Workforce of Tomorrow </h2> <p>Like Cal-CSIC, the Georgia Cyber Center was built on its partnerships, which come together in <strong>a $100 million, 332,000-square-foot facility</strong> encompassing two buildings, <a href="https://statetechmagazine.com/article/2018/08/georgia-unveils-cybersecurity-center-workforce-development-mind">the first of which opened in July 2018</a> and the second of which was completed in December.</p> <p>In fact, the primary driver for the center was to meet the needs of the U.S. Army Cyber Command, which is consolidating its operations and moving to Fort Gordon in Augusta.</p> <p>“This new division coming to Georgia is like a Fortune 100 business,” says Calvin Rhodes, Georgia CIO and executive director of the Georgia Technology Authority. “The No. 1 issue that we believe the state can help with is <strong>workforce development</strong>.”</p> <p>That goal drove the first of several components of the center: education and training. Through partnerships with Augusta University and Augusta Technical College, the Georgia Cyber Center will offer <strong>certificate, undergraduate and graduate cybersecurity programs and training for state and local government employees</strong> through the Georgia Cybersecurity Workforce Academy. </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/melissa-delaney"> <div>Melissa Delaney</div> </a> </div> <div class="author-bio"> <p> <div><p>Melissa Delaney is a freelance journalist who specializes in business technology. She is a frequent contributor to the CDW family of technology magazines.</p> </div> </p> </div> </div> </div> </div> Wed, 16 Jan 2019 14:40:33 +0000 phil.goldstein_6191 42001 at https://statetechmagazine.com 9 Ways State and Local Government Can Rethink IT Acquisition https://statetechmagazine.com/article/2019/01/9-ways-state-and-local-government-can-rethink-it-acquisition <span>9 Ways State and Local Government Can Rethink IT Acquisition</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 01/16/2019 - 09:20</span> <div><p>State and local government IT modernization projects continue to receive significant exposure and attention, both from legislators and the media. There continues to be a general perception that S&amp;L governments are struggling to implement technology solutions. </p> <p>This perception — whether warranted or not — ramps up pressure on governments to<strong> improve the management of technology projects and to clearly demonstrate the value </strong>that their organizations are providing to business customers. </p> <p>Over the past several years, there has been a pronounced movement in the private sector away from extended, traditional waterfall lifecycle projects and toward the delivery of software in an incremental fashion, often using<strong> agile software development techniques</strong>. However, software development lifecycle models are only one part of the story in planning and executing legacy modernization initiatives in government. </p> <p>The funding, procurement and contracting model used by government can be an even greater influence on project approach. Many of the inherent characteristics of incremental software development do not align well with traditional public sector funding and management practices, particularly where procurement and contracting with implementation vendors is required. <a href="https://www.grantthornton.com/library/survey-reports/public-sector/2018/todays-state-CIO-as-communicator.aspx" target="_blank">As documented in the state CIO survey</a> administered by the National Association of State CIOs (NASCIO), Grant Thornton and CompTIA, IT procurement has been an area of ongoing concern for state CIOs.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" tabindex="-1" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2 id="toc_0">The Challenges of State and Local Government IT Acquisition</h2> <p>The following drivers of S&amp;L acquisition practices create particular challenges in the effective planning and implementation of IT modernization projects:</p> <ul><li><strong>Lack of trust between government and vendors. </strong>The inherent lack of trust embedded in procurement practices requires strong risk allocation measures in contracts to make government feel it is protected from poor vendor performance and is not being taken advantage of.</li> <li><strong>Tension</strong><strong> between incompatible procurement objectives.</strong> S&amp;L governments have two sometimes incompatible objectives: They seek to procure best-value solutions for the government while also enforcing fair, equitable and transparent procurement processes. These two objectives are not always in alignment.</li> <li><strong>Unreasonable expectations on what can be planned and promised in complex IT modernization efforts.</strong> Existing procurement practices require government planners and vendor implementers to estimate the size and complexity of a project several years in advance of its completion. This is the point in the project lifecycle where parties are least informed on actual customer needs, technological capabilities and the degree of complexity involved in implementing a solution. It’s never been realistic to expect a vendor to commit to a firm scope, price and schedule for a complex system several years in advance, but over the past 30 years we have become accustomed to this practice, and we measure success against this expectation.</li> <li><strong>Lack of alignment between government budget cycles and project funding needs. </strong>Most government organizations run on a one- or two-year budget cycle and cannot assure funding for projects beyond those timeframes. By contrast, large technology modernization initiatives often have a four- or five-year time horizon. This mismatch deters long-term planning and may put strategic initiatives at risk due to changes in funding availability and administration leadership.</li> </ul><p><a href="https://statetechmagazine.com/article/2018/12/4-top-state-and-local-government-it-trends-watch-2019" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Discover the top state and local government IT trends for 2019. </em></a></p> <h2 id="toc_1">Government IT Procurement Becomes Inflexible, Misaligned</h2> <p>The consequences of these challenges are significant and result in:</p> <ul><li><strong>Rigid procurement processes that limit the flexibility</strong> to engage in discussion, negotiation and learning. Procurement officials fear treating categories of vendors differently, public policy goals promote small/disadvantaged businesses even where this might not make sense for a particular type of acquisition, fear of protest reduces the willingness to take risks or to deviate from prescribed processes, and concern that government risks must be mitigated through strong contract language results in onerous terms and conditions that can deter some bidders. When combined, these factors result in extended procurement processes where frequently neither party is fully aware of the needs, concerns and limitations of the other until after a contract is signed.</li> <li><strong>Projects set up for “failure.”</strong> A project can be set up for “failure” from the beginning when commitments are made by vendors — for example, through firm fixed price (FFP) contracts with hard implementation deadlines — without the necessary information to be fully informed. In many cases, it is practically impossible to make a good estimate so far in advance and with so many unknowns, but commitments are documented and publicized and then any deviation from those commitments is looked at as a failure (by customers, the legislature and the public).</li> <li><strong>Misaligned incentives.</strong> Projects often start with an adversarial foundation between the government and vendor built in from the procurement process and contract structure. Incentives are not aligned, and parties will plan, execute and negotiate with their individual best interests in mind.</li> </ul><p>Significantly improving the S&amp;L IT procurement process is not easy, and multiple initiatives at the national and state level have attempted improvements with varying degrees of success. Common sense recommendations <a href="https://www.nascio.org/Publications/ArtMID/485/ArticleID/732/A-View-from-the-Marketplace-What-They-Say-About-State-IT-Procurement" target="_blank">include those published by NASCIO</a>. However, the challenge requires a holistic approach that encompasses the root causes of the problem. The following recommendations address the policy, culture and process issues that prevent S&amp;L IT procurement from achieving its objectives:</p> <p><script type="text/javascript" src="//sc.liveclicker.net/service/getEmbed?client_id=1526&amp;widget_id=1337090682&amp;width=640&amp;height=360"></script></p> <h2 id="toc_2">1. Delineate Constraints and Compromises That Must Be Accepted</h2> <p>Public policy goals for fairness, transparency and equity will not always align with a best-value procurement. For example, if promoting small/disadvantaged business participation is important to a government, make it clear that the government understands that the resulting procurements may be less than best-value in terms of cost/quality, but that the government is willing to accept that to achieve other policy goals. </p> <p>Where business benefits are paramount or where the business need is critical,<strong> be prepared to compromise on other public policy goals if it will promote a faster, more effective procurement</strong>. Examples would be limiting the ability for protest, removing small/disadvantaged business requirements, and allowing vendors who have assisted with requirement definition to also bid on implementation work.</p> <h2 id="toc_3">2. Reset Expectations for Project Estimation and Execution</h2> <p>Set realistic expectations for<strong> what should be asked of government and industry in terms of estimates for large, complex projects</strong>, and educate policymakers and oversight bodies on those limits. Restructure budgeting, procurement and project oversight practices to reflect actual levels of uncertainty. </p> <p>Understand the level of uncertainty/risk a government is willing to accept and use this as a boundary to limit the length and size of projects that are funded. For example, if a government decides it is not willing to accept risks to schedule and budget greater than would accrue through forecasting a project one year ahead, then do not approve projects that take longer than one year to achieve their objectives.</p> <h2 id="toc_4">3. Find New Ways to Measure Project Success</h2> <p>Schedule, budget and even scope adherence are just means to an end, not an end in themselves. What matters is business benefits and return on investment. <strong>Be more aggressive in demanding benefits realization as a core project activity</strong>, and measure success on the delivery of anticipated benefits. </p> <p>Even if a project comes in over budget, late and with less than full scope implemented, it can still be a success if business users received benefits commensurate with their investment in time and resources.</p> <h2 id="toc_5">4. Move Away from ‘Boom and Bust’ Patterns of Modernization</h2> <p>The traditional approach to IT modernization over the past 30 years has been to build large, monolithic systems, to operate them for around a decade until they are judged to have reached the end of their useful life and then to replace them through another large, monolithic system acquisition. </p> <p>To shift this pattern, government must <strong>embrace shorter, more frequent projects that can be estimated, procured and delivered more rapidly</strong>. In effect, governments should move to a continuous modernization approach where solutions are continually upgraded and improved and where they never become “legacy.” This will break the cycle of once-a-decade mammoth projects. </p> <p><a href="https://statetechmagazine.com/article/2019/01/how-it-automation-can-lead-savings-state-and-local-governments" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Find out how CIOs and CFOs can work together to generate both technology innovation and return on investment.</em></a></p> <h2 id="toc_6">5. Establish Consistent, Incremental Funding for IT Modernization</h2> <p>To reliably plan and execute more frequent, smaller projects requires a dependable funding source. This source should not rely on the annual or biannual budget cycle and should be somewhat insulated from competing demands for general fund dollars. </p> <p>To make this happen, <strong>IT modernization innovation/working capital funds can be employed</strong>, with a dedicated funding stream and projects competing for funds both inside and outside the traditional budget cycle.</p> <h2 id="toc_7">6. Explore New Ways to Share Risk on IT Projects</h2> <p>FFP contracts expose the vendor to a large amount of risk, causing it to inflate prices through contingency dollars and manage scope very tightly to avoid any unplanned changes. “Time and materials” contracts create a potentially unlimited cost exposure for the government and do not incentivize the vendor to complete the work in a timely manner. IT departments should <strong>explore other contract structures </strong>(such as cost-plus fixed-fee and benefits sharing arrangements) to better align government and vendor incentives. Penalties and bonuses for late/early completion (as are frequently used for construction contracts) are also candidates for consideration.</p> <h2 id="toc_8">7. Use Incremental and Agile Procurement Approaches</h2> <p>Traditional public sector procurement approaches do not work well for projects intended to be rapid; that recognize significant uncertainty in timelines, scope and budget; and that are based on achievement of business outcomes rather than on a prescriptive set of requirements. </p> <p>Techniques such as Requests for Information, draft solicitations and proposals, confidential discussions and prototyping, and open-ended negotiation can all be used to<strong> increase dialogue between governments and vendors during the procurement process</strong>. </p> <p>The challenge is to balance increased dialogue with speed and be comfortable with some level of ambiguity and uncertainly that will extend through contracting.</p> <h2 id="toc_9">8. Employ Agile and Incremental Software Development Approaches</h2> <p>In concert with an incremental approach to project definition, funding and procurement, <strong>agile and incremental software development approaches </strong>can increase speed to delivery, reduce the risk of unmet user needs and focus activities on the functionality most likely to drive business benefits. </p> <p>These techniques are already being used to some success by S&amp;L governments, and they can be even more successful if tied to complementary procurement and contracting approaches.</p> <h2 id="toc_10">9. Change the Nature of Independent Oversight</h2> <p>Governments implement a variety of means to independently oversee IT modernization projects. This can include <strong>independent project oversight consultants, independent verification and validation, periodic state auditor reports and legislative oversight committee hearings</strong>, to name but a few. In general, these oversight tools have been designed for traditional monolithic, waterfall projects. Adjust oversight processes and expectations to match the new funding, procurement, contracting and software development approaches.</p> <p>While none of the above recommendations provides a simple fix for the challenges facing the S&amp;L IT acquisition process, together they offer a roadmap for a new acquisition framework that can better match expectations with reality and more closely align government and vendor incentives to achieve project success.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/graeme-finley"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Finley_Graeme_R.jpg?itok=nbnIZNdY" width="58" height="58" alt="Graeme Finley" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/graeme-finley"> <div>Graeme Finley</div> </a> </div> <div class="author-bio"> <p> <div><p>Graeme Finley is a principal within Grant Thornton’s Public Sector practice. Finley has more than 20 years of experience providing consulting services to public- and private-sector organizations in the U.S. and in Europe. He has experience in IT strategy, investment management, business case analysis and acquisition support, enterprise architecture, and custom and packaged software development and integration.</p> </div> </p> </div> </div> </div> </div> Wed, 16 Jan 2019 14:20:00 +0000 phil.goldstein_6191 41996 at https://statetechmagazine.com Multicloud Management Controls Boost Visibility for State IT Managers https://statetechmagazine.com/article/2019/01/multicloud-management-controls-boost-visibility-state-it-managers <span>Multicloud Management Controls Boost Visibility for State IT Managers</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 01/15/2019 - 11:05</span> <div><p>Once the histrionic arguments about security, control and compatibility pass, it falls to IT managers to <strong>migrate to public cloud Infrastructure as a Service</strong>. And while cloud-based IaaS offers many benefits, dramatic differences arise in how these services are provisioned and paid for compared with traditional on-premises computing models. </p> <p>IT managers moving to public IaaS embrace<strong> a new management layer focused on cloud services</strong>. Things become even more complicated with multiple cloud deployments. <a href="http://www.govtech.com/biz/Cloud-Players-Whos-Who-in-the-Government-Market.html" target="_blank">According to Government Technology</a>, state and local government purchases of cloud services<strong> rose from about 150 per month in 2012 to nearly 600 in early 2017</strong>, suggesting states have been adapting their IT strategies to accommodate multiple cloud service providers.</p> <p>Even IT departments with a strong set of configuration management tools (and modern orchestration and automation tools) will discover that adding a second or third cloud service provider changes everything. </p> <p><strong><a href="https://statetechmagazine.com/article/2018/09/benefits-and-challenges-moving-cloud-public-sector-perfcon" target="_blank"><em>MORE FROM STATETECH: </em></a></strong><a href="https://statetechmagazine.com/article/2018/09/benefits-and-challenges-moving-cloud-public-sector-perfcon" target="_blank"><em>Discover the benefits and challenges of moving to the public cloud. </em></a></p> <h2 id="toc_0">State IT Admins Should Make Cloud Decisions Based on Requirements</h2> <p>Without some type of <strong>direct control and monitoring of an IaaS cloud environment</strong>, a state IT manager is running blind and faces both security and budget risks. More important, state IT managers never have the luxury of closing their on-premises or hosted data centers and moving all workloads to a single cloud provider. </p> <p>Inevitably, <strong>some workloads stay in-house</strong>, such as legacy applications on currently unsupported platforms such as Windows 2000; <strong>some applications require specialized hardware</strong>, such as tape libraries; and <strong>some applications don’t make sense to move</strong>, such as local printer management. These constraints produce a public-private hybrid approach, which complicates management of the cloud environment.</p> <p>Many state IT managers also deal with multiple public IaaS providers. Shadow IT projects already up and running can be nearly impossible to move if tightly locked into services available on a single cloud provider, such as <a href="https://www.cdwg.com/content/cdwg/en/brand/google.html" target="_blank">Google</a>’s geographic information systems tools — a favorite for government application developers. <strong>Existing IT silos can also fragment IaaS choices.</strong> </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/joel-snyder"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/author/Joel_Studio_Headshot_180.jpg?itok=TYcy4rmk" width="58" height="58" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/joel-snyder"> <div>Joel Snyder</div> </a> </div> <div class="author-bio"> <p> <div><p>Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.</p> </div> </p> </div> </div> </div> </div> Tue, 15 Jan 2019 16:05:07 +0000 phil.goldstein_6191 41991 at https://statetechmagazine.com Review: VMware Workstation 15 Pro Impresses by Running Multiple, Powerful VMs https://statetechmagazine.com/article/2019/01/review-vmware-workstation-15-pro-impresses-running-multiple-powerful-vms <span>Review: VMware Workstation 15 Pro Impresses by Running Multiple, Powerful VMs</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 01/14/2019 - 09:56</span> <div><p>For as long as I have been an IT professional, <a href="https://www.cdwg.com/content/cdwg/en/brand/vmware.html" target="_blank">VMware</a> Workstation has been the flagship product for testing and developing infrastructure on a local system before trying deployments in production. </p> <p>More than 10 years ago, I built my first <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> Windows Server 2008 cluster with SQL Server 2005, carefully documenting each step. With VMware Workstation, it is <strong>easy to create virtual networks</strong>, so I even had all the networks for the cluster heartbeat mapped out.</p> <p><a href="https://statetechmagazine.com/article/2018/11/data-center-consolidation-strategy-and-best-practices-state-governments-perfcon" target="_blank"><em><strong>MORE FROM STATETECH: </strong>Discover data center consolidation best practices for your agency. </em></a></p> <h2 id="toc_0">IT Admins Can Run Massive Virtual Machines </h2> <p>While much has changed over a decade later, VMware Workstation Pro is still the gold standard. <a href="https://www.cdwg.com/product/VMware-Workstation-Pro-v.-15-license-1-license/5290999?pfm=srh" target="_blank">VMware Workstation 15 Pro</a>, released in September, is the latest in a series of virtualization products that <strong>allow IT professionals to run multiple, isolated operating systems on a single workstation</strong>. Users can network together sets of operating systems to complete the testing and development of code or of network or server architecture, all on a single desktop computer.</p> <p>How big can these virtual machines get? <strong>Monster-sized! </strong>Massive virtual machines may<strong> span up to 16 virtual CPUs, with 64 gigabytes of RAM and 8 terabytes of virtual hard disks</strong>. Graphic-intensive applications get an additional boost through the allocation of 3GB of available host video memory directly to a virtual machine. The Workstation 15 Pro supports incredibly high 4K resolution (3840x2160 pixels) on desktops and QHD+ (3200x1800 pixels) on laptops and x86 tablets, all with DirectX 10.1 support. Virtual machines may even span multiple monitors.</p> <p><img alt="VMware Workstation Pro 15" data-entity-type="" data-entity-uuid="" src="/sites/statetechmagazine.com/files/Q0119-ST-PR_Sheen-specs.jpg" /></p> <h2 id="toc_1">Agencies Can Support Powerful Resources with Workstation 15 Pro </h2> <p>The Workstation 15 Pro also n<strong>ow supports a RESTful program interface for virtual machine automation</strong> using standard JavaScript Object Notation over HTTP or HTTPS. Using the same application programming interface framework introduced in the Fusion product, the API provides more than 20 controls for manipulating virtual machines. The API allows changes to host and guest virtual networking and enables users to power virtual machines on or off.</p> <p>Seamless support for <a href="https://blog.cdw.com/data-center/product-review-vmware-vsphere-6-7" target="_blank">vSphere 6.7</a> is included in Workstation 15 Pro. With this feature, users can remotely connect to a vSphere 6.7 production host to manage virtual machines running on vSphere. And they can upload a virtual machine from a 15 Pro desktop to vSphere or download a virtual machine to a local desktop.</p> <h2 id="toc_2">VMware Workstation 15 Pro Offers New Features on Windows</h2> <p>VMware Workstation 15 Pro offers several other <strong>handy new features specifically for Windows-based hosts</strong>. </p> <p>Users can automatically <strong>connect physical USB devices to a virtual machine when running</strong>. On Windows 10 version 1803 or later, users can access Linux virtual machines using secure shell (SSH) provided by the Workstation 15 Pro. When connected to a remote vSphere host, the inventory tree now shows a hierarchical arrangement in two different views:<strong> hosts/clusters and VMs, with a simple toggle between the two</strong>. </p> <p>Stretching the guest display across the host interface is also now supported in two different ways: “Keep Aspect Ratio Stretch” stretches the guest portal while maintaining the aspect ratio (say, 4:3), while “Free Stretch” stretches in any direction.</p> <p>The only problem I could find with the software is the currently documented known issue involving mouse-clicking functionality when certain third-party software, such as WizMouse, is installed on the host. In this case, simply add mks.win32.processWin32MouseInput = “TRUE” to the virtual machine’s .VMX configuration file, and that solves the issue.</p> <h3 id="toc_0">VMware Workstation 15 Pro</h3> <p><strong>Processor</strong>: Supports every processor since 2011 except some Atom processors and AMD processors based on Llano and Bobcat<br /><strong>Architecture</strong>: Requires 64-bit host operating system<br /><strong>OS Requirement</strong>: Ubuntu, CentOS, Windows, Red Hat and SUSE Linux</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/dr-jeffrey-sheen"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/author/DrJeffSheen_200.jpg?itok=5DOwI_-c" width="58" height="58" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/dr-jeffrey-sheen"> <div>Dr. Jeffrey Sheen</div> </a> </div> <div class="author-bio"> <p> <div><p>Jeff is tasked with separating the “gee whiz” factor from the truly useful when it comes to the latest tech gadgets, and oh, he holds a Ph.D. in physics. He currently works as the supervisor of enterprise architecture services for Grange Mutual Casualty Group of Columbus, Ohio. His biggest challenge is being an avid Wolverine fan while living in the midst of Buckeye country.</p> </div> </p> </div> </div> </div> </div> Mon, 14 Jan 2019 14:56:04 +0000 phil.goldstein_6191 41986 at https://statetechmagazine.com Cities Move 311 Systems to the Cloud and Improve Citizen Services https://statetechmagazine.com/article/2019/01/cities-move-311-systems-cloud-and-improve-citizen-services <span>Cities Move 311 Systems to the Cloud and Improve Citizen Services</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 01/11/2019 - 08:51</span> <div><p>Unlike its older sibling 911, 311 service is still a relatively new phenomenon. <a href="https://www.baltimorecity.gov/" target="_blank">Baltimore</a> was the <a href="https://311services.baltimorecity.gov/" target="_blank">first city to introduce 311</a> for nonemergency services in 1996.</p> <p>Over the two decades since, more and more American cities have embraced the idea as <strong>a means for residents to contact local authorities with concerns that don’t constitute emergencies</strong>. Through 311, residents report a wide range of issues, from potholes to illegal dumping, and request services, such as traffic signal repair or the removal of dead wildlife.</p> <p>As more people use 311, however, many cities struggle to handle the volume of requests and to efficiently coordinate the government agencies tasked with responding to those requests. Many cities seek a new approach to managing their 311 programs — and in many cases, <strong>they are turning to new cloud-based 311 systems to get the job done</strong>.</p> <p>“The days of building out your own in-house application are probably gone,” says Cory Fleming, 311 program director for the <a href="https://icma.org/" target="_blank">International City/County Management Association</a>. “Cities with homegrown systems are moving more toward off-the-shelf systems now.” </p> <p>Beyond simplicity of use and automated updates, cloud-based 311 systems allow cities to set and easily evaluate goals. “Say the department of public works guarantees that <strong>85 percent</strong> of the time, they will get a pothole filled <strong>within 72 hours</strong>,” Fleming says. Because cloud-based 311 systems capture and process so much data, cities can offer <strong>a new degree of transparency on how well goals such as prompt road repairs are being met</strong>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/jacquelyn-bengfort"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Screen%20Shot%202015-08-24%20at%2010.46.40%20PM.png.jpg?itok=0Wu86nnL" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/jacquelyn-bengfort"> <div>Jacquelyn Bengfort</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=jacib&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Jacquelyn Bengfort is a freelance writer based in Washington, DC. A social anthropologist by training, she writes on topics from education to the military, gender to fictional post-apocalyptic worldscapes.</p> </div> </p> </div> </div> </div> </div> Fri, 11 Jan 2019 13:51:59 +0000 phil.goldstein_6191 41981 at https://statetechmagazine.com How States Benefit from Appointing a Chief Data Officer https://statetechmagazine.com/article/2019/01/how-states-benefit-appointing-chief-data-officer <span>How States Benefit from Appointing a Chief Data Officer</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 01/10/2019 - 09:13</span> <div><p>How do you read the news every day? Most of the time, it’s probably with a desktop computer, or on the go with a laptop or mobile device. </p> <p>When that device was first purchased by your employer, someone likely affixed it with an asset tag or barcode and inventoried it. Look around and you might find that your chair or desk also has a tag so that it can be inventoried. In fact, <strong>the more valuable the asset is, the more likely it is to be inventoried</strong>. </p> <p>We maintain inventories of these valuable physical assets, but we rarely do so for an equally valuable intangible asset:<strong> data</strong>. </p> <p><a href="https://statetechmagazine.com/article/2018/12/how-cities-can-improve-open-data-programs" target="_blank"><em><strong>MORE FROM STATETECH:</strong> Find out how cities can improve open data programs. </em></a></p> <h2 id="toc_0">Why Data Is a Strategic Asset for State Governments </h2> <p><strong>Data is a strategic asset.</strong> If it were missing or unavailable, it would severely limit the ability of government to function. Additionally, data has the ability to help government to <strong>deliver the types of services expected by the public</strong>, to create more effective policy and to operate more efficiently. This is why many governments benefit from having chief data officers.</p> <p>How many of us have an inventory of our data? How many of us know how it’s used? Where it comes from? How secure it must be? We know this about our facilities, our equipment, our vehicles and even our software and applications. We know this information about many of our collected physical assets, yet we seldom know as much about the data we collect in government. </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11786"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Tyler_Kleykamp_0.jpg?itok=T4ZFQ1GX" width="58" height="58" alt="Tyler Kleykamp " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11786"> <div>Tyler Kleykamp </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=TKleykamp&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Tyler Kleykamp is chief data officer for the state of Connecticut.</p> </div> </p> </div> </div> </div> </div> Thu, 10 Jan 2019 14:13:09 +0000 phil.goldstein_6191 41976 at https://statetechmagazine.com Digital Signs Point the Way to a Brighter Future https://statetechmagazine.com/article/2019/01/digital-signs-point-way-brighter-future <span>Digital Signs Point the Way to a Brighter Future</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 01/08/2019 - 11:33</span> <div><p>In 2014, John Newsome, CIO of the <a href="https://www.orlandoairports.net/" target="_blank">Greater Orlando Aviation Authority</a>, embarked on a journey along with his director of engineering to look at technology in top airports globally. GOAA was preparing for a big overhaul, and Newsome wanted to see what was working at other leading airports.</p> <p>The team’s first observation: The video walls prominent in <a href="http://www.changiairport.com/en/airport-experience/attractions-and-services/immersive-wall.html" target="_blank">Singapore</a> and <a href="https://www.lg-informationdisplay.com/stories/case/view/Terminal%202%20at%20the%20Incheon%20International%20Airport" target="_blank">Incheon, South Korea</a>, airports could really improve GOAA’s game. </p> <p>“We realized that the video walls would be very beneficial for our redesign of check-in counters at our airport,” Newsome says. “The old way we did things wouldn’t work anymore — having fixed and painted logos and branding. Video walls would <strong>give us more options every day and communicate more to our airlines and travelers</strong>.”</p> <p>Modern video displays are transforming how state and local governments deliver wayfinding information to constituents. The video screens at Orlando International Airport in Florida demonstrate how the technology excels at providing directional and informational data. Like other digital solutions, they are becoming increasingly interactive rather than static. </p> <p>“Once just a simple, unidirectional broadcasting mechanism, digital signage now offers an array of new technology features like <strong>interactivity, facial recognition and magic mirrors that can drive valuable business scenarios across any vertical</strong>,” says <a href="https://www.forrester.com/J.-P.-Gownder" target="_blank">J.P. Gownder</a>, a vice president and principal analyst with Forrester. “Digital signage also interacts increasingly with mobility, as more installations allow customers to take what they see on such signs with them on their own smartphones.” </p> <p><a href="https://statetechmagazine.com/media/video/how-turn-smart-state-ideas-reality" target="_blank"><em><strong>VIDEO: </strong>Find out how to turn smart state ideas into a reality. </em></a></p> <h2 id="toc_0">Orlando Gives Airlines an Interactive Tool </h2> <p>Orlando’s new video walls consist of 700 <a href="https://www.cdwg.com/content/cdwg/en/brand/lg.html" target="_blank">LG Electronics</a> 55-inch, ultrathin-bezel screens oriented in portrait mode. The individual units sit side by side, interrupted only by doors and passageways. Located behind common-use counters at the airport, they can be used by different airlines at different times of the day. </p> <p>“These video walls allow us to have airline branding right behind the counters,” Newsome says. Some of the airlines choose to have <strong>static displays, while others use full-motion video</strong>. “It’s providing very clear information about where your airline is. These screens are also noticeable from the curb, so you don’t have to wonder from the moment you get to the airport.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/karen-j-bannan"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/bannan.jpg?itok=AUnlK_-q" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/karen-j-bannan"> <div>Karen J. Bannan</div> </a> </div> <div class="author-bio"> <p> <div><p>Karen J. Bannan is a freelance writer and editor who has written for a variety of publications including <em>The New York Times, The Wall Street Journal, Time</em> and <em>CIO.</em></p> </div> </p> </div> </div> </div> </div> Tue, 08 Jan 2019 16:33:07 +0000 phil.goldstein_6191 41971 at https://statetechmagazine.com