For nicely over 10 years, IT managers have mentioned cybersecurity as their selection one worry. Both equally the CompTIA Public Technological innovation Institute (PTI) and the Countrywide Association of Condition Information Officers (NASCIO) have been tracking top rated developments in IT administration, coverage, governance and operational challenges as they relate to state and area govt. Only not too long ago has “procurement” entered the prime 10 problems domain—and it is about time. More than the previous various years, I have experienced the enjoyment to speak ahead of several procurement officer situations, as well as a acquiring cooperative. What I learned from these ordeals was that paying for managers have a legitimate desire to find out much more about the IT business. Also, IT supervisors described their romantic relationship with procurement as somewhat mixed, normally blaming outdated processes, not people. Both of those sides have voiced the will need for larger understanding and cooperation. As we all know IT is very specialized, and apart from laptops and similar machines, the rest is considerably from becoming labeled as a “commodity merchandise.”
The pandemic (the beast) may have been the essential and essential catalyst for change. Never in the historical past of general public administration has metropolis and county IT aid had to pivot to a distant workforce even though continuing to provide citizens in these types of a short period in time. Rules ended up facet-stepped to make the great change to distant get the job done possible. Hundreds of hundreds of laptops, displays, cameras and headsets experienced to be acquired in record time. A lot less clear was the large procurement of VPN networks, collaboration program and cybersecurity checking units. The pandemic forced every person to work and transfer in methods and speed not assumed achievable. The pandemic compelled community governments to accelerate plans for the digitalization of governing administration. Significantly of what had been considered non permanent has now mostly been maintained and is most likely listed here to stay.
As much more government workforce have been forced to work remotely, cyber criminals sought (normally correctly) to exploit the new distant workforce landscape. Not only did ransomware assaults raise, but we also figured out of a new sort of assault referred to as a “supply-chain” attack wherever a cybercriminal would hack a vendor’s purchaser databases so that when updates were pushed out, so too was malicious malware.
The 2022 CompTIA Community Engineering Institute (PTI) State of Town and County IT National Study experienced procurement enter its prime 10 area for the very first time mentioning the want to “streamline procurement procedures.” When compared to the other priorities on the annual survey, there is a lot of have to have for obtaining conclusions that go further than cybersecurity, such as IT modernization, technique integration, increased electronic services for citizens, and lastly, migrating techniques/purposes to the cloud. Though NASCIO’s Once-a-year CIO Best 10 Priorities doesn’t stage out procurement immediately, procurement is outlined in their fourth priority below Cloud Services—“cloud method selection of assistance and deployment styles scalable and elastic products and services governance support management safety privacy procurement.”
Above the a long time, cloud expert services have grown in features as very well as in the definition by itself. These days, an growing variety of point out and community governments are moving additional and more of their functions to cloud well as managed company companies. For IT and procurement supervisors alike, it is generally complicated to evaluate the expert services available by this sort of sellers. The federal procurement current market can lean on FedRamp for cloud-safety relevant assurances through vendor certifications. Till not too long ago state and neighborhood governments were being left out of the method when hundreds of countless numbers of lesser regional and nearby company providers did not qualify underneath FedRamp polices. Fairly new to the scene is StateRamp, a nonprofit group whose mission is to give certifications for this kind of community players. As StateRamp evolves, state and community governments will have a significantly-needed instrument to superior obtain their buying conclusions when it arrives to cloud and managed companies with a concentration on cybersecurity.
Including to the immediacy of the problem, the Cybersecurity and Infrastructure Safety Agency (CISA) has just lately issued a global and country-extensive advisory aimed at preserving managed company vendors and customers—often state and local governments. Among the 5 suggestions is to “Understand and proactively handle offer chain danger across stability, legal, and procurement teams, employing chance assessments to recognize and prioritize the allocation of methods.”
Current situations have brought on a large adjust in how we use, procure and operate information technologies. The list of supplemental obtaining selections that must be designed relating to the purchase of IT machines and methods, each components and software program selections will need to be considered by various lenses these types of as legal, cyber, funding, possibility evaluation, compatibility, support and coaching, to name just a handful of. The pandemic, along with an maximize in cybersecurity demands, has made a new path ahead in which procurement has advanced into a staff activity, resulting in more powerful information and facts engineering for all point out and local governments in particular and producing the course of action far more safe and powerful. And that’s the splendor of this beastly pandemic.
Dr. Alan R. Shark is the vice president community sector and executive director of the CompTIA Community Know-how Institute (PTI) in Washington, D.C., since 2004. He is a fellow of the National Academy for Community Administration and chair of the Standing Panel on Know-how Leadership. He is as affiliate professor for the Schar School of Policy and Government, George Mason University, and is course developer/instructor at Rutgers University Center for Govt Expert services. Dr. Shark’s believed management things to do include things like keynote talking, running a blog and the bi-weekly podcast Sharkbytes. He also is the creator or co-writer of much more than 12 books like the nationally regarded textbook “Technology and General public Administration,” as very well as “CIO Management for Cities and Counties.”
This article initially appeared in the June 2022 issue of Governing administration Procurement.