This blog post is an excerpt from GovLoop’s recent guide, Mapping Government’s Journey to the Cloud: 8 Success Stories. The guide includes interviews with federal, state and local officials who have overcome common barriers to cloud adoption, including procurement and security. Download the full guide here to get their insights and tips for success.
We’ve all been on the dreaded tech support line — languishing in despair as the wait time increases and real help seems like a distant dream. There has to be a better way, right? If only the government could find one.
The Delaware Department of Technology found that solution. In 2013, the department implemented a cloud-based, software-as-a-service solution that allows employees to track IT assets and applications. The most-used feature allows employees to process help tickets and work requests via the cloud. As soon as the ticket is submitted, it’s routed to the right people. Based on the severity level of the ticket, it is assigned a certain level of tracking and escalation.
Every agency in the state can submit tickets, making it a truly centralized solution. For Delaware, this capability is transformative.
“There is no agency that is not heavily dependent upon technology,” said James Collins, Delaware’s CIO. “When that technology is not functioning properly, it brings their ability to serve citizens to a halt. This new process is just a way for us to quickly be made aware of the issues, get the right classification and escalation, and monitor it through to resolution.”
The cloud allows the department and state employees to interact with the system whenever and wherever they are. Historically this access hasn’t been available to users. “We’ve had these systems that were behind our firewall, and you had to VPN [virtual private network] in with two-factor authentication and all these different things to actually access the system,” Collins said. Until the new solution rolled out, “there wasn’t a lot of proactive communications going out.”
But despite the successful cloud implementation, Collins warned that the process of procuring cloud solutions is still difficult for governments.
“We have more than 175 different cloud applications and each one of those contracts is slightly different,” said Collins. “I have a lot of challenges to overcome when it comes to making sure the right cloud solution is implemented.”
To help ease the procurement process, Collins and his team created a terms and conditions document.
“Potential vendors have to agree to our terms and conditions in order for state information to be hosted in their environment,” he said.
Those terms and conditions act as a roadmap for agencies considering moving their programs to the cloud. Featured prominently in the document are sections on security and data ownership.
“Per our state laws, data that is classified as non-public is required to be encrypted at rest and in transit,” Collins said. “Additionally, data is required to be housed in the continental U.S. If a vendor can’t agree to those terms, we can’t contract with them.”
“On the ownership side, we specify in our contracts who owns the data,” Collins said. “It is very explicit in our terms and conditions that the data belongs to the state.”
Safeguarding a solution that processes help-desk tickets may not seem like a big issue, but it contains sensitive data about the state’s IT systems. And any system that contains personally identifiable information (PII) must be secured.
“We really put vendors through the paces when there’s going to be PII of citizens, or employees or pensioners of the state as well,” Collins said.
He isn’t worried only about current contracts, either. In the terms and conditions, the state included clauses that ensure it can exit the contract.
“One of the biggest risks related to moving to a cloud environment is the ability to leave the contract,” Collins said. “Realistically, what happens when you move to a cloud environment is that you don’t have an on-premise infrastructure to host this application. In some instances, the contract specifies that you need to move to a proprietary platform, so that even if you decide to leave that vendor, the application, that language is proprietary to that vendor. So while the data is still yours, you don’t have a system to use that data in.”
To address this issue, Collins recommends that agencies ensure a true exit strategy is in place before signing a contract.