California’s Department of Technology is modifying its services strategy, including cloud policy, the Office of Digital Innovation and the state’s data centers, Interim Chief Technology Officer Ellen Ishimoto said at the biannual vendor partner forum May 22.
The new plan includes metrics in core performance measures as laid out by the 2016 annual report.
The strategy will allow customers to self-serve with contract management provided through the department or use the department’s hosted services as it partners with vendors.
“We want to make that as cloud-like as possible,” Ishimoto said.
The department is also focusing on a 2020 vision for strategic planning that aligns IT purchases with business investments.
“Bringing business value is very important in government today, to set a strategic perspective, and we want to make sure we’re aligning with those core values,” said Chris Cruz chief deputy director at the Department of Technology.
The strategies road map will align IT service offerings with those core goals.
“Really what we’re doing is setting expectations into the next administration,” Cruz said.
Two of the main services discussed at the forum are the state’s cloud offerings and a security operations center.
“Maybe we should be doing less services with higher quality,” Ishimoto said.
Cloud Strategy
The department is revising its cloud strategy, transitioning from a partnership, and infrastructure-as-a-service plan to a public cloud offering.
“We think by standardizing those, we can create the necessary outlooks of management and we can create an enterprise fit for the entire state,” Chris Cruz.
This would enable pairing vendors with local governments through the department.
The CDT will act as the broker for infrastructure and platform as a service, further enabling the department’s new strategy. This applies even if customers have their cloud on premises or use the public cloud.
The broker and contract management model would make it easier to understand how much the state spends on and to secure IT assets throughout the state.
Validating that vendors have appropriate security products and protocols would allow the department to secure IT programs across multiple customers.
The new cloud strategy would also create more competition and diversification of vendors, offering more product option to local governments.
Security Operations Center
The department plans to stand up a security operations center in an initial operations phase by July 1, Chief Information Security Officer Peter Liebert said.
This could be as simple as moving some packets across a detection platform where they will be analyzed by technology and a person. Eventually the center will be a 24-hour, seven-day-a-week service to analyze threats to state systems.
It will be a multi-phased approach, including partnerships with the state’s Cyber Security Integration Center, as well as existing security operations centers at the Department of Motor Vehicles and California’s Department of Corrections. Those centers will provide some analysis, as well as minimize the duplication of effort by providing tools that already work.
The Security Operations Center is currently using Splunk to analyze the system, but is still searching for workflow management and threat intelligence platforms.
An RFP will be released at the beginning of the next fiscal year to bring a vendor in to assist with setting the center up.
“We want some over watch. We want someone to look over our shoulder as we get this set up in July,” Liebert said.
Along with that RFP the department is looking for research about advanced email prevention and detection, as well as training opportunities for the security operations center.
