Password:
NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?
Feldner: Security is everyone's business, from hiring ethical employees, to training on acceptable use policies, to maintaining physical security, and so on. In addition to the software and network security solutions that are deployed, we must also educate our users with regard to security and privacy issues. Helping everyone understand the complexities and choices involved from a business perspective is a big part of the solution. We have a governance structure in place through our Enterprise Architecture initiative that provides for enterprise wide standards and guidelines as a framework for agencies to follow. In addition, we provide information through email, newsletters, websites and workshops.
NASCIO: What advice would you give to other State CIOs as being the most important elements of securing state IT infrastructure and protecting the privacy of citizens' personal information?
Feldner: Whenever possible, leverage solutions for the entire state. The CIO needs to look forward and plan for future needs of all agencies. Even if only one or two agencies have a pressing need or requirement, analyze the solution with regard to the needs of the enterprise - will the solution have to be scalable?
As an example, ITD was asked to provide a wireless e-mail solution. Anticipating the service would be required by several agencies, we deployed a centralized solution. Policies and updates are administered centrally and pushed to devices. As a result, support is easier and security is maximized. If the PDA is lost or stolen, not only is the device password protected but data on the device can be erased remotely by our staff.
Additionally, we are expanding the use of wireless LANs with a more secure solution for state government. This gives agencies viable and affordable alternative to traditional wired networks and provides more flexibility for office workers. At the same time, we are making the solution available to our K-12 and higher education partners on the state network.
NASCIO:As CIO, how have you optimized your state's IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to Consolidation and Shared Services, and Data center consolidation strategies and business justification?
Feldner: Since 2000, the state has utilized a shared network for state agencies, cities, counties, K-12 and higher education. An ERP solution was implemented for three branches of government and higher education in 2002, and consolidation of state agencies' data hosting and storage were mandated in 2003.
Regardless of the savings to the State, agencies are reluctant to participate unless they feel they have a choice. Enterprise Architecture helps to create buy in and a waiver process is in place for exemptions. In addition, we have found that one size does not fit all - different levels of service are needed. Choices need to be available. For example, smaller agencies may require simple, low cost solutions whereas larger agencies may need complex, highly automated solutions. We are also implementing multiple tiers of storage based on availability, size, and redundancy.
ITD implemented a second data center for disaster recovery purposes. Because of the State's centralized approach, each agency must articulate to ITD their need for data redundancy and the recovery requirements for each of their applications. Decisions are then made from an architecture perspective - will the application be designed for a high-availability, clustered environment with redundant systems at the second data center or will simply having data backed up to the second site suffice? The agency has access to a shared infrastructure that they could not afford on their own but they are still involved in choosing the level of service that is most appropriate for their application.
NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?
Feldner: Our department provides hosting services to K-12 school districts who utilize PowerSchool as their student information system under an application service provider (ASP) model. Records of over 60% of the student population of ND are managed using this application. More recently, ITD began hosting a standard data warehousing solution for interested school districts. In addition, we are coordinating the creation of a longitudinal data system to address P-16 education and workforce development.
A health information technology committee was recently established by the legislature. This committee, made up of representatives from the public and private sector, will be adopting information sharing and privacy standards for the transmission of electronic health and medical records in North Dakota. In addition to private sector representatives, the committee includes the state health officer, the director of human services, and the state CIO.
We are in the process of creating a GIS advisory board to enhance and promote the work done by our existing GIS technical committee. As many state agencies and political subdivisions enter the world of GIS, we are leveraging our shared infrastructure to try to accommodate their needs and reduce duplication of services.
Our Criminal Justice Information Sharing system (CJIS) is expanding to meet the needs of states attorneys and county courts. The present system includes collaboration from the courts, the office of the attorney general, corrections, and local law enforcement agencies. We are also exploring the addition of a victim notification system enabled through the CJIS hub.
NASCIO: Please describe some of the major IT projects and initiatives that your state plans to undertake over the next 1-3 years.
Feldner:
