Goal: Provide information technology (IT) infrastructure services to agencies and other government customers that are high quality, efficient, and add value

Why is this goal important?
In the 21st century, government depends on technology the same way it depends on electricity, heat and water. Basic network and computing services are "utilities" that must be available in order for the real work of government -- serving the citizens -- to get done. Every major state program, including public safety programs, financial and personnel systems, medical and health care programs, childcare, food stamp and benefits programs, depends on an information technology (IT) infrastructure to manage data and facilitate communications.

Managing a complex infrastructure for multiple agencies that is both reliable and secure is the business of the Office of Enterprise Technology. In some cases, the agency provides services directly. In other cases, OET's oversight functions (enterprise architecture, IT standards and purchasing and planning and program management) make the agency-based utility services of a caliber that allows state government to function efficiently and effectively.

What is OET doing to achieve this goal?
The Office of Enterprise Technology has, over the past 18 months, launched a continuous improvement program designed to increase the quality, reliability and responsiveness of its services to agencies and other government entities.

        Internal process improvement projects currently underway include selecting a financial   
           system that will reduce the amount of time and resources required to manage internal
           and external financial processes and allow OET to better communicate with customers;
           developing Information Tech Asset Management (ITAM) best practices, process flow
           and documentation; creating a state-of-the-art command center in the OET facility for all
           platforms, services and locations; and developing a scheduler solution that works across
           platforms.

        Working with its agency customers, OET is improving the process by which it sets rates
           for the utility services it provides to state customers and is making the structure of those
           rates more transparent.

        An increased emphasis on customer service has been instituted throughout the
           organization and has been reinforced through a re-organized customer service division, 
           employee training and an ongoing customer survey program.

        A new security program for improving the baseline physical and cyber security
           environment at OET and within the infrastructure services the agency provides to
           government customers.

        In a collaborative process with customer input, OET is developing an implementation  
           plan for new utility services to which all agencies will migrate. These services will be
           managed by service level agreements that improve accountability and performance
           measurement.

How is OET's progress?
High Quality
OET has recently instituted a survey tool that will allow the agency to compare on an annual basis end customer satisfaction with agency services. The following is a baseline upon which future customer satisfaction will be compared.

Efficiency
The Office of Enterprise Technology manages the high-speed internet that connects all government agencies to each other and to the outside world via the Internet. This network transfers large volumes of sensitive data quickly and securely among all of the state's most vital programs, including human services, public safety, and health, and connects the state to its citizens. State government depends on the network's reliability and availability.

Value
In an effort to save money and provide more features, the State of Minnesota has increased the number of installed Internet Protocol (IP) telephones by nearly 81 percent since July 2006 and is planning to add 1,315 lines (10.3 percent increase) in 2008. IP telephony (IPT) is a phone system that uses voice-over internet protocol (VoIP) data connections to exchange voice data that have been carried traditionally over the public switched telephone system.
 

Goal: Develop an enterprise security program to protect the integrity and confidentiality of data, and to ensure the continuous availability of critical government services

Why is this goal important?
Like every government institution, the State of Minnesota's technical infrastructure and data systems are prime targets for cyber attack aimed at disrupting normal government operations and/or stealing the volumes of personal data and government systems data that government maintains. In fact, a recent survey found that government accounted for over 25 percent of all identity theft-related breaches -- more than any other sector -- and government is the most targeted sector for denial-of-service attacks, accounting for over 30 percent of the total. Such security threats are increasing at an alarming rate -- up 35 percent in 2006 alone -- and the threats are more complex, increasingly perpetrated by well-funded criminal groups, many from outside the United States.

The increase in security threats occurs at the same time that there is increasing demand from citizens for easy, accessible online service. The challenge faced by the state is how to safely and securely collect, store and protect the growing volumes of personal data and how to share that data effectively among governmental programs. In order to maintain citizen trust, the state must always balance ready access to government service and public information with its obligation to ensure that citizen interaction with government is safe, secure and confidential.

To meet these expectations and to combat the growing threat to the safety of both data and technology systems, the state must develop a robust enterprise-wide program that prevents disastrous loss or inappropriate disclosure of nonpublic data. The program must also ensure that mission-critical technology systems on which the state relies are always available, particularly during a time of crisis.
                                                                                         
The program must include security assessments of all systems, 24/7 intrusion detection, security controls on all computers, continuity of operations planning, routine testing of disaster recovery strategies and security               During the 48 hour disaster recovery
awareness training.                                                                    exercise, OET staff work to restore the
                                                                                                      infrastructure — the operating systems
                                                                                                      that support individual applications.
What is OET doing to achieve this goal?
The Office of Enterprise Technology is taking the lead to transform the state's security profile into one in which all state government entities follow a common set of formalized processes and use a common set of world-class security tools to maintain a secure environment. A comprehensive plan, with broad-based support from state agencies, has been developed through a newly-formed governance process. The plan identifies initial focus areas for the enterprise program. Fixes to many tactical security issues are already underway, including new policies regarding the security of portable computing devices and email, as well as vulnerability identification and remediation.

How is OET's progress?
Program and governance. The Enterprise Security Office, led by the state's Chief Information Security Officer within the Office of Enterprise Technology (OET), is the State of Minnesota's central information security organization. The ESO will provide security program management and information risk management for the Executive Branch and additional government entities statewide.

With start-up funding from the 2006 Legislature, the ESO has instituted and has begun to staff the following program areas:

Planning and Preventive Controls: Information Security Program development and management to provide an understanding of the state's risk profile through risk management, policies, standards, procedures, system certification and accreditation, awareness training, emerging technology research, personnel and physical security.

Threat and Vulnerability Management: Monitoring and evaluating the risk profiles of state entities and assets through the use of technology solutions that provide host scanning, penetration testing, threat dissemination and ongoing event monitoring.

Investigative and Corrective Controls: Enterprise continuity management program for the delivery and recoverability of the state's key services, tied to incident response and computer forensics solutions.

Information Security Compliance: The process to ensure that information security controls functions comply with applicable laws, regulations, and other requirements, working with state entities to develop cost-effective and sustainable solutions to mitigate compliance gaps.

Access Control: Development and management of access control methodologies across state agencies and architecture for centralized controls to protect state assets.

Small Agency Support: Security risk analysis, consulting services and access to enterprise security services for small agencies, boards and commissions that allow for cost-effective security solutions to support their business needs and meet Enterprise Security requirements.

These program areas are in the active planning phase, which includes developing performance metrics that will measure on an ongoing basis the state's preparedness for security management and business continuity.

Goal: Ensure effective management of state technology investments and stewardship of state resources

Why this is goal important?
Three simultaneous trends in information technology management require the state to become ever more vigilant in the management of resources devoted to technology:

        The availability of good technology solutions to improve government service is growing
           exponentially.

        The cost burden of technology infrastructure, applications and security is increasing,
           consuming larger proportions of state agency budgets.

        The competition for limited resources in state government continues to build.

Prudent stewardship of the available, limited technology dollars is the only way the state can take effective advantage of the new technologies that are now available and are essential to improving the delivery of important government programs to citizens. Gone are the days when individual agencies could afford to "go it alone." There are too few skilled workers and available dollars to support redundancy in services that can be considered "utility," i.e., common to all government entities. 

The Office of Enterprise Technology provides leadership in the state's effort to leverage its IT investments, share precious resources, streamline systems and bring down their total cost of ownership (TCO) and engineer strategic benefits from the aggregation of goods and services.

What is OET doing to achieve this goal?
IT Purchasing. OET's new IT Standards and Resource Management Program is developing standards for hardware, software and professional services with active input from the public entities that purchase them (state agencies, higher education, local and county government and K-12 schools). Cross-governmental teams develop standards for commonly purchased IT goods and services and negotiate advantageous contracts based on those standards. OET is simplifying the contract approval process for entities purchasing standard products from state contracts and has built a new tool that allows agencies to purchase standard products online.

Portfolio Management. Portfolio management, a fundamental component of information technology governance, aligns the state's spend with strategic objectives and establishes a decision-making process to allocate and balance resources.

        OET maintains the state's enterprise IT portfolio, gathering information about agency
           strategic information plans, assessments of the business value and technical condition
           of agency applications and historical IT spend data. OET also collects information about
           current projects and proposed budget initiatives as applicable. OET registers and tracks
           major state and agency IT projects, significantly contributing to:

• Improving the state's data on existing IT assets;
   

• Improving agencies' ability to successfully manage and complete IT project and control costs; and
   

• Improving the state's ability to manage, plan, and prioritize IT investments as a whole.

        OET evaluates agency IT budgets within the context of the enterprise IT portfolio, that is,
            the combined information about each agency's IT environment.  The portfolio aids in
            the identification of enterprise initiatives based on an analysis of the enterprise portfolio
            as a whole. Category groups supported identifying shared initiatives at the service and
            infrastructure level.

Consolidating Utility Services. OET is leading an enterprise-wide effort to consolidate those services that the state considers to be "utility services," such as networking and email, that every agency needs to use but does not need to manage and maintain independently.

How is OET's progress?
Standards IT Purchasing. In 2006 -- the inaugural year of the program -- the IT Standards and Resource Management program set standard configurations for, among other products, all state desktop computers and all servers, negotiating advantageous pricing for these models. The special pricing was made available to all government entities in the state.

Portfolio Management.
In January 2007, as part of the biennial budget development process, OET released the enterprise IT portfolio, the first comprehensive view of the scope and breadth of the state's IT resources. The following table represents highlights of a baseline upon which future compliance may be assessed.
 

Some images © 2003 www.clipart.com