The Fantastic thing about the Beast: Why the Pandemic and Cybersecurity Can Really Enhance Procurement and IT Collaboration

For greater than a decade, IT executives have cited cybersecurity as their primary concern. Each the CompTIA Public Expertise Institute (PTI) and the Nationwide Affiliation of State Info Officers (NASCIO) monitor key developments in IT administration, coverage, governance and operational points affecting state and native governments. Solely not too long ago has “procurement” entered the area of the highest 10 issues – and it was about time. Lately I’ve had the pleasure of talking at varied occasions for buying staff and for a buying cooperative. What I realized from these experiences was that buying managers have a real want to be taught extra in regards to the IT enterprise. Equally, IT executives described their relationship with procurement as considerably blended, typically blaming outdated procedures and never people. Each side have expressed the necessity for better understanding and cooperation. As everyone knows, IT is kind of specialised, and aside from laptops and associated tools, the remainder is much from being labeled as a ‘commodity merchandise’.

The pandemic (the beast) was arguably the vital and important catalyst for change. By no means within the historical past of public administration has the IT assist of cities and counties needed to transfer to an outdoor workforce, whereas persevering with to serve the residents in such a short while. Guidelines have been circumvented to permit for the most important shift to distant working. Tons of of 1000’s of laptops, screens, cameras and headsets needed to be bought in report time. Much less apparent was the huge acquisition of VPN networks, collaboration software program and cybersecurity monitoring tools. The pandemic pressured everybody to work and transfer in methods and speeds by no means thought potential. The pandemic pressured native governments to speed up plans for presidency digitization. A lot of what was thought-about non permanent is now largely preserved and can seemingly stay.

As extra authorities staff have been pressured to work remotely, cybercriminals tried (typically efficiently) to use the brand new distant workforce panorama. Not solely did ransomware assaults enhance, however we additionally heard of a brand new sort of assault referred to as a “supply-chain” assault, the place a cybercriminal would hack right into a vendor’s buyer database in order that when updates have been pushed, additionally they did. with malicious malware.

The 2022 CompTIA Public Expertise Institute (PTI) State of Metropolis and County IT Nationwide Survey put procurement within the high 10 for the primary time; stating the necessity to “streamline procurement processes”. In comparison with the opposite priorities of the annual survey, there’s a robust want for buying selections past cybersecurity, equivalent to IT modernization, techniques integration, extra digital companies for residents and at last migrating techniques/functions to the cloud. Whereas NASCIO’s annual CIO Prime 10 priorities do not straight level to procurement, procurement is listed of their fourth precedence below Cloud Providers: “cloud technique; choice of service and deployment fashions; scalable and elastic companies; governance; service administration; safety; privateness; procurement.” “

Through the years, cloud companies have grown in each performance and definition itself. At present, a rising variety of state and native governments are more and more transferring their operations to each cloud and managed service suppliers. It’s typically troublesome for each IT and procurement managers to evaluate the companies of such suppliers. The federal procurement market can depend on FedRamp for cloud security-related assurances by means of vendor certifications. Till not too long ago, state and native governments have been ignored of the method when tons of of 1000’s of smaller regional and native service suppliers grew to become ineligible below the FedRamp laws. Considerably new to the scene is StateRamp, a non-profit group whose mission is to supply certifications to such native gamers. As StateRamp evolves, state and native governments may have a much-needed instrument to raised entry their buying selections in the case of cloud and managed companies with a give attention to cybersecurity.

Including to the urgency of the difficulty, the Cybersecurity and Infrastructure Safety Company (CISA) not too long ago launched a worldwide and nationwide advisory targeted on defending managed service suppliers and clients, typically state and native governments. One of many 5 suggestions is: “Understanding and proactively managing provide chain dangers in safety, authorized and procurement teams, utilizing threat assessments to establish and prioritize useful resource allocation.”

Current occasions have led to an enormous change in the way in which we use, purchase and function data expertise. The record of extra buying selections to be made in relation to the acquisition of IT tools and techniques, each {hardware} and software program selections, ought to be seen by means of varied lenses equivalent to authorized, cyber, financing, threat evaluation, compatibility, assist and coaching, to call only a few. The pandemic, together with a rise in cybersecurity calls for, has created a brand new method ahead the place procurement has developed right into a staff sport, resulting in stronger data expertise for all state and native governments particularly and making the method safer. and made it simpler. And that is the fantastic thing about this beastly pandemic.

dr. Alan R. Shark has been the vice chairman of the general public sector and government director of the CompTIA Public Expertise Institute (PTI) in Washington, DC since 2004. He’s a fellow of the Nationwide Academy for Public Administration and chairman of the Standing Panel on Expertise Management. He’s an affiliate professor on the Schar Faculty of Coverage and Authorities, George Mason College, and is a course developer/teacher on the Rutgers College Middle for Authorities Providers. dr. Shark’s thought management actions embrace keynote audio system, running a blog and the fortnightly podcast sharkbytes† He’s additionally the creator or co-author of greater than 12 books, together with the nationally acknowledged textbook “Expertise and Public Administration” and “CIO Management for Cities and Counties.”

This text initially appeared within the June 2022 situation of: Public Procurement

Leave a Comment

A note to our visitors

This website has updated its privacy policy in compliance with changes to European Union data protection law, for all members globally. We’ve also updated our Privacy Policy to give you more information about your rights and responsibilities with respect to your privacy and personal information. Please read this to review the updates about which cookies we use and what information we collect on our site. By continuing to use this site, you are agreeing to our updated privacy policy.