Password:
NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?
Khanna: When it comes to security, the greatest challenge is dealing with a moving target - every day it takes a new form and brings about new complexities in our environment. We need to be both proactive and reactive, and this requires a huge paradigm shift in how we manage our entire IT infrastructure complex, moving with a sense of urgency to effectively contain the security challenges of the 21st century. The encouraging part is that our stakeholders recognize that, like quality, security needs to be embedded upstream rather than downstream, and requires a transformational change in the way we think, develop, build, deploy, and manage the IT assets and systems that support our delivery of agency-specific services to citizens. The truth of the matter is that in our current, totally siloed operating environment, we are only as secure as our weakest link. To get where we want to go - 24/7 citizen access to government services and data - we must, among other things, move from a distributed to a centralized IT operating framework, so that security can be standardized across traditional boundaries.
The most exciting part of my job has been to get people to focus on the reality, take it seriously, and treat it as an opportunity to improve not only the security of our systems, but the government operations infrastructure as a whole. The good news is that Minnesota has a longstanding tradition of public-private entities working together for a better state, and I have confidence that we will turn this challenge into an opportunity to deliver better government for our citizens. We have a long way to go, but I believe that we're on the right path.
NASCIO: What advice would you give to other State CIOs as being the most important elements of securing state IT infrastructure and protecting the privacy of citizens' personal information?
Khanna: Our actual experience corroborates national studies suggesting that government operations are an ever-increasing target for malicious attacks. We all know that the threat has moved from nuisance to being a threat to daily operations of government, with people trying to do us harm and trying to gain access to our data and assets.
What we need going forward is to build a comprehensive security framework that includes systems certification, risk assessment, training, scans and tests of critical government systems, intrusion detection, a threat response and communication system, computer forensics, and regular audits, and enterprise-wide disaster recovery and continuity of operations planning. While in general, government doesn't need to be cutting edge, in the case of security, that's exactly what we need to be, because we collect valuable personal data from our citizens and must therefore protect it by investing in the latest and best tools and technologies available as we provide more online access.
In addition to defining a comprehensive security framework, we have, in Minnesota, established an enterprise information security council which is fostering cross-boundary collaboration and creating a sense of urgency to implement policies, procedures, and training across all government entities.
NASCIO: As CIO, how have you optimized your state's IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to Consolidation and Shared Services, and Data center consolidation strategies and business justification?
Khanna: Like the private sector and many other states, Minnesota stakeholders have reached a common understanding that the current distributed IT environment is not sustainable and, though we recognize that we're behind the curve compared to our counterparts, the mission and vision for moving forward are indeed clear.
Two years ago, the Governor's Drive to Excellence Transformation Roadmap made the business case for shared services and IT consolidation. Over the past year, we have laid the groundwork for implementing those recommendations by accomplishing several "proof of concept" consolidation projects in partnership with an assortment of large, medium, and small-sized agencies. In this process we have, in conjunction with our customers, not only developed Service Level Agreements, templates for integration, and consolidation competencies, but have also identified performance measures that outline improved service and improved cost performance.
Better government is one of Governor Tim Pawlenty's top priorities, as evidenced by his proposed $213 million biennial IT budget which outlines his holistic view for modernizing government operations and prepares the state to serve what he calls the "iPod generation." The framework, as outlined in the Governor's budget, calls for investments in security, the building of a cross-cutting shared application for e-licensing, and capacity-building at the Office of Enterprise Technology to manage and accelerate consolidation, planning and portfolio management -- the foundation of a consolidated infrastructure and high performance enterprise security. However, the vast majority of the governor's budget is, as it should be, earmarked for modernization of the agency systems that rest on that foundation.
NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?
Khanna: Governor Pawlenty's vision for better government is not only about leveraging technology to make government operations more effective and accountable, but also about effecting cultural change. It is a huge shift to move from managing a "vertical" sliver of the enterprise, to thinking more "horizontally" as an enterprise and re-engineering processes to reflect that change. I believe that such a transformation can be achieved if we build a culture that is rooted in cross-boundary collaboration and engage the community-at-large to tackle the many facets of this transformation, among them consolidation, workforce planning, systems modernization, and business process re-engineering.
To be successful, we must also work with a sense of urgency in a new, less linear paradigm. Often, the evolution of technology and business needs far outpace government's ability to construct a recommendation and, thus, solutions are outdated before they are even complete. Government needs to embrace an environment in which building consensus, and defining and implementing a solution overlap. This shortens what I call "time to action" and builds momentum.
Over the last eighteen months we in Minnesota have established some exciting collaboration models that center on empowering small "SkunkWorks" teams to quickly incubate ideas and develop a "straw man" that can be further vetted by larger groups and eventually turned into successful projects. The methodology includes working with a sense of urgency, no "analysis paralysis," quick "time to action," and following what I call the "80/20 rule," wherein teams focus on identifying common ground and seeking standardization where possible instead of getting caught up in finding "silver bullet" solutions.
Using just such a SkunkWorks team, we were able to set the first-ever statewide standard for desktops, a move that will save the state complex $19 million annually. We have repeated this collaborative method to set server, storage and cell phone standards for additional savings for the enterprise, and to implement a data center consolidation project with the Department of Revenue. We're using the same cross-boundary collaborative approach to developing an enterprise email system, and to achieve other specific utility and shared IT services consolidations including WAN, LAN and IPT migration with the Department of Transportation.
The key is partnership and trust, and the credit for the success of this approach goes to the many people throughout the enterprise who have come together because they want to build the best possible shared IT complex for the state. I cannot say enough about the value of their willingness to work in a new way.
NASCIO: Minnesota has embarked on transforming its IT governance structure. From your perspective, what are the critical success factors that are necessary for transforming a state's IT governance structure?
Khanna: I think that with a clear vision and support from key stakeholders, i.e., the governor, bi-partisan support from the legislature, and agency business and IT leadership, one can achieve the kind of cross-boundary collaboration that is going to result in the agenda we've set here in Minnesota and others are achieving elsewhere. As I've said, the "time-to-action" is necessarily short - it builds momentum and allows us to make progress in a very short window of opportunity. We also need to work with stakeholders to realize some fundamental systemic changes that will make our job easier -- changes in IT funding, a focus on systems modernization, business process re-engineering, and ways to capture the savings so we can reinvest them in order to build a culture of innovation, change and transformation.
NASCIO: Please describe some of the major IT projects and initiatives that Minnesota plans to undertake over the next 1-3 years.
Khanna: The Governor's proposed biennial IT budget initiatives focus on three categories of activity: enterprise projects that build out the state's capacity to create a secure computing platform for the enterprise, services shared by a group of agencies, and, finally, systems modernization at the agency level, i.e., projects that re-engineer services in order to address the impending shortage in the state workforce, and the inability for current systems to operate state business in a future 24/7 environment.
Among the first category are initiatives to:
Some shared services examples include an enterprise e-licensing system and a real property management system.
The latter category, systems modernization at the agency level, includes such projects as an integrated tax system, planning for a new ERP system, a case management system for the Department of Human Services, and a workers compensation system interface for the Department of Labor and Industry.
In sum total, the Governor's initiatives create a holistic program that ensures secure, effective IT management and improved service to the citizens. And, as we move forward, I envision government's major infrastructure investments will continue to move from "brick to click," as citizens demand an IT-enabled environment that delivers effective and secure government business transactions in the 21st century.
