1. State of the States 2012: IT Priorities, Issues and Trends National State Auditors Association IT Conference Nashville, Tennessee Doug Robinson, Executive Director National Association of State Chief Information Officers

2. About NASCIO  National association representing state chief information officers and information technology executives from the states, territories and D.C.  NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy.  Founded in 1969 – we’re a legacy system

3. Fiscal recovery: budgets are better, slow revenue growth, federal spending will decline. Impact on state CIOs? CIOs seeking IT operational cost savings and alternative IT sourcing strategies CIO Balancing Act: living with the past while leading innovation IT security and risk! Game has changed IT workforce: retirement wave, skills gap, recruiting challenges State CIO transition – major churn State IT Landscape Today

4. Revenue Remains Below Pre-Recession Levels ($ in BILLIONS) * FY 2007 – 2010 are actual, FY 2011 is preliminary actual and FY 2012 is enacted. Source: NASBO

5. State Spending by Funding Source Source: NASBO 2010 State Expenditure Report

6. Medicaid Continues to Drive General Fund Spending Growth 6 Data is based on comparative levels of enacted spending in FY 2011 and FY 2012 Source: NASBO Fall 2011 Fiscal Survey of States In Billions Changes in General Fund Spending by Category Between FY 2011 and FY 2012

7. Budget Cuts Made after the Budget Passed Fiscal 1990 to Fiscal 2012 (millions) Source: NASBO Fiscal Survey of the States, June, 2012

8. States Only: Will your state IT budget grow or shrink and by how much? a.Flat b.Increase c.Reduce by up to 10 percent d.Reduce by up to 20 percent e.What budget? 1

9. State CIO Transitions 2011-12

10. View from the States: Priorities and Trends

11. Tracking State IT Trends  Alternative sourcing/hosting: moving to the cloud  Multi-state collaboration: sharing infrastructure, solutions, applications  Legacy modernization  Cybersecurity threats  Health care implementation  Procurement reform

12. State CIO Priorities for 2012 1. Consolidation / Optimization: consolidating infrastructure and services, centralizing 2. Budget and Cost Control: managing budget reduction, strategies for savings 3. Governance: improving IT governance, authority, data governance, partnering, collaboration 4. Health Care: Affordable Care Act, health information and insurance exchanges, architecture, partnering, implementation, technology solutions, Medicaid systems 5. Cloud Computing: governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership, legal issues, vendor management 6. Security: risk assessment, governance, budget and resource requirements; security frameworks, data protection, training and awareness, insider threats, third party security 7. Broadband and Connectivity: strengthening statewide connectivity, public safety wireless network/interoperability, implementing BTOP grant 8. Shared Services: business models, sharing resources, services, infrastructure, independent of organizational structure, service portfolio management 9. Portal: maturing state portal, e-government, single view of the customer/citizen, emphasis on citizen interactive self-service, mobile apps, accessibility 10. Mobile Services/Mobility: devices, applications, workforce, security, policy issues, support, ownership, communications, wireless infrastructure Source: NASCIO State CIO Survey, October 2011

13. State CIO Priorities for 2012 IT Applications and Tools 1.Virtualization: servers, desktop, storage, applications, data center 2.Legacy application modernization/renovation 3.Cloud computing: software as a service, infrastructure, platform, storage 4.Mobile workforce technologies 5.Networking: voice and data communications, unified 6.Enterprise Resource Planning (ERP) 7.Identity and access management: digital credentials, federation, standards 8.Business Intelligence (BI) and Business Analytics (BA) applications 9.Document/Content/Records/E-mail management: active, digital archiving 10.Public Safety Radio Network Source: NASCIO State CIO Survey, October 2011

14. IT Governance: what works? Supporting a legacy environment IT procurement modernization Recruit and retain IT staff Information sharing/data exchanges Lack of shared enterprise vision for IT Managing mobile devices, BYOD Inadequate funding and budget constraints Security threats and risks The CIO Pain Point Survey…  All of the above

15. Growing Maturity: IT Governance, Frameworks and Business Disciplines Enterprise Architecture Project and Portfolio Management, PMO Service Level Management: itSFM, ITIL, CoBIT Performance metrics, measure Business transformation, change management Enterprise IT Governance

16. Today’s State IT Workforce: Under Pressure  State CIOs say 21 - 40 % of state IT employees eligible for retirement within the next five years  Fiscal stress - hiring freezes and elimination of vacant positions  Nearly two-thirds say they anticipate having to reduce IT staff  IT Security positions are the most difficult to recruit and retain Source: NASCIO State IT Workforce: Under Pressure, January 2011

17. 2011 State CIO Survey Highlights  Budgets continue to drive action  CIO roles are changing  Consolidation has broad appeal  Health care cannot be ignored  Mobility…on the move Source: NASCIO-TechAmerica –Grant Thornton LLP 2011 State CIO Survey, October 2011

18. Cost savings is lead motivator for collaboration Collaboration: Top Agenda Item Source: NASCIO-TechAmerica–Grant Thornton LLP 2011 State CIO Survey, October 2011

19. IT Consolidation: A Key Strategy for Years To address budget issues and control operational costs Facilities: reducing data centers, equipment, operational costs Enterprise services: networks, email, telecommunications, imaging, wireless Server consolidation: reducing footprint, operations, security impact, backup/recovery Applications: enterprise, similar business functionsIT personnel and staffing

20. Status: Consolidation & Shared Services More than 90% of CIOs say 7 of the top 12 key services are targets Source: NASCIO-TechAmerica –Grant Thornton LLP 2011 State CIO Survey, October 2011 52% 33%

21. Challenges to IT Consolidation Source: NASCIO-TechAmerica –Grant Thornton LLP 2011 State CIO Survey, October 2011 CIOs' opinions on challenges to IT consolidations Governance issues 51% Obtaining up-front capital to fund consolidation 45% Establishing baseline measurements for comparison to understand how effective the consolidation was 43% Making a business case for consolidation & measuring subsequent results & savings 41% Redesigning/re-engineering business processes 25% Insufficient in-house IT experience to manage the process 24% Reaching agreement on fee structures 22%

22. Moving to the cloud continues…slowly Source: NASCIO-TechAmerica –Grant Thornton LLP 2011 State CIO Survey, October 2011 15% 56% 19%

23. What is the primary reason for adoption of cloud services? a.Software updates b.Scalability on-demand c.Increase business agility/quicker service delivery d.Risk mitigation e.Storage capacity f.Reduced IT staffing and administration cost g.Not using and do not intend to use cloud

24. Business objectives GovernanceAcquisition strategyJurisdictional issues Security and privacy concerns Policy and legal issuesExit strategy Key Considerations: Cloud Adoption

25. Apply existing security framework and policies Consumer cloud vs. industrial strength Test drive: start with private cloud 3 rd party contracts – protect state interests Enable legitimate business use Monitor & control unauthorized use Leverage FedRAMP Reducing Risk: Cloud Security Guidance

26. State Governments at Risk!  Critical infrastructure protection risk  More aggressive threats – organized crime, unorganized crime, hacktivism  Spam, phishing, hacking, and network probes up  Data breaches – loss of citizen trust!  Lack of broad executive support  Inadequate funding  Need more training, awareness  Complying with federal regulations and guidance – lack of harmonization

27. What are your State’s top five IT security initiatives? 1. Data Protection 2. Information Security Risk Assessments 3. Information Security Training and Awareness 4. Application Security 5. Information Security Measurement and Reporting

28. Growing IT Security Risks in the States Protecting legacy systems Expansion of wireless networks Online payment transactions Mobile devices and services Use of social media platforms Use of personally- owned devices (BYOD) for state business Adoption of cloud services; rouge cloud users Inadequate policy compliance Third-party contractors and managed services

29. NASCIO Cybersecurity Call to Action Key Questions for State Leaders  Have you created a culture of information security in your state government?  Have you adopted a cybersecurity framework, based on national standards and guidelines?  Have you acquired continuous vulnerability management capabilities?  Have you documented the effectiveness of your cybersecurity with metrics and testing?  Have you developed security awareness training for workers and contractors? Source: NASCIO Cybersecurity Call to Action, February 2011

30. Mobile Agenda: Trends and Issues

31. By the Numbers: Mobile Explosion in the U.S.  Wireless Subscriber Subscriptions…………………323 M  Wireless Only Households………………………………..32%  Data Traffic on Wireless Up…………………………….111%  Data Capable Mobile Devices……………………….278 M  Smartphone Users………………………………………..100 M  Mobile Text Messages………………………..........193.1 B  Average Local Monthly Bill…………………………..$47.00  Tablet Penetration – Adults………………………………11% Sources: CITA, FCC, TIA, Pew Research 2012 19

32.  By 2015 mobile application development projects targeting smartphones and tablets will outnumber native PC projects by a ratio of 4-to-1.  Mobile app downloads are forecast to soar from 10.7 billion in 2010 to 182.7 billion in 2015  1 billion smartphones will be sold in 2014 – about double the number of PCs it expects will be sold that year.  Worldwide media tablet sales to end users are forecast to total 118.9 million units in 2012, a 98 percent increase from 2011 sales of 60 million units. Sources: Forrester, Gartner, IDC 20

33. Mobility = CIO Strategic Priority Source: NASCIO-TechAmerica –Grant Thornton LLP 2011 State CIO Survey, October 2011

34. CIOs readiness to deploy & support mobile devices & apps CIOs opinion of their states' level of engagement with citizen-facing apps Source: NASCIO-TechAmerica–Grant Thornton LLP 2011 State CIO Survey, October 2011

35. Enterprise direction: strategic or ad hoc? Policy? Standards? Managing mobile devices? BYOD? Security and privacy Managing business and end- user expectation Lack of technical expertise: architecture and apps State Views: Common Themes on Mobile Architecture Native apps, web or both? Legal Issues? Terms of Service from apps stores?

36. Looking Ahead  More IT consolidation, shared services  Outsourcing: more steering, less rowing  IT implications of healthcare reform  Demand for performance, results  Extending the enterprise: locals?  Massive collaboration - Web 2.0  Continuing pressure for operational efficiency  More IT consolidation, shared services, cloud, collaboration  Risks continue…cyber threats  Extending shared services: locals  Public Safety Broadband Network  Social media integration  Continuity of CIO leadership? Looking Ahead…What to Watch

38. Connect with... youtube.com/nasciomedia linkedin.com facebook.com twitter.com/nascio nascio.org Questions?