The following article recently appeared on the Web site of the National Association of State Chief Information Officers (NASCIO) as part of their continuing effort to stay abreast of the IT activities of individual states. As one of a series of interviews with state CIOs, Kentucky CIO Mark Rutledge discusses some of Kentucky's IT challenges and priorities. The article is republished in Techlines with the permission of NASCIO.
NASCIO CIO Spotlight
Kentucky Chief Information Officer and Commissioner of the Commonwealth Office of Technology (COT)
NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?
Rutledge: Nothing new here, it is always going to be protecting digital assets. One of my first actions as CIO was to establish the Chief Information Security Officer position as a direct report to the state CIO. Their role will aid in establishing security policies, best practices and compliance across the enterprise. We have all worked on ways to achieve acceptable levels of risk on the infrastructure but I believe our greatest threats could be from the number of ways data could be exploited due to the growing number of personal computing devices available for our users. It is impossible for any organization’s security practices to keep pace with the evolving number of devices and the user communities’ infatuation with the gadget of the week. We should all take a much more disciplined approach to the adoption of new technology. PDAs and personal storage devices have transformed their image from being called geeky to fashionable, which has accelerated adoption and become one of the new ways to measure social status. The market for security solutions is lagging way behind device availability. Therefore, I believe we should be very rigid in our examination of the business requirements justifying their need, standardizing our equipment and controlling end-users' ability to connect personal computing devices to their workstations. It's always challenging when you limit the controls of a user's personal computer, but we have to perform due diligence and with proper communications you can be successful.
NASCIO: What advice would you give to other state CIOs as being the most important elements of securing state IT infrastructure and protecting the privacy of citizens’ personal information?
Rutledge: Do not place all your attention on the technology hype cycles or become inundated with the risks of the day as that landscape will be ever changing. I believe educating our workforce and our community about the importance of security and how to recognize security threats may be the best approach to securing confidential information. We need to transition security awareness for our employees into formal training programs. These programs can educate them on the risks and make them aware of their responsibilities when they are handling sensitive data. Along with education come accountability, we need to make people accountable for their actions when violating the organizations security policies and practices. The education process should not end with the workforce, but be a collaborative project by the state CIO’s office, Adult Education, Homeland Security and the Attorney General to provide information to the public on how to protect sensitive and confidential data.
NASCIO: As CIO, how have you optimized your state’s IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to consolidation and shared services, and data center consolidation strategies and business justification?
Rutledge: Kentucky has realized the benefit of shared services for several years now and the cornerstone of that successful story has been our electronic messaging service. The commonwealth’s e-mail system has been referenced and modeled many times over by other government organizations. This successful endeavor coupled with economic hardships challenged us to find new opportunities to apply the same principles to other technologies. The logical next step was to consolidate common services across all the executive branch agencies and we targeted services such as desktop computing, storage and telecommunications. Our goal was to administer those services to their full potential including staffing, operations and procurement. This project has brought efficiencies through economies of scale and in return allows the agencies to use those monies for unfunded projects. At the end of the day, we have raised the level of service internally and provided more value to our constituents, which is a win on all fronts.
NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?
Rutledge: Our most recent success is the Mutual Aid and Interoperability project, which received the NASCIO Business Continuity Award. The project produced a network for public safety that provides multiple communication channels dedicated to mutual aid for federal, state and local agencies during the time of emergencies. As great as that accomplishment is, we are most proud of the unity exhibited by the state and local project members conducting themselves as one body of government for the betterment of the commonwealth. It's one of those moments that helps define your career because you successfully worked across jurisdictional boundaries for a common good and if anyone needs a project model on how to achieve success when dealing with multiple political interests then look no further because this is the prototype.
NASCIO: On Nov. 9, COT's Office of Enterprise Policy and Project Management held the first in a series of lectures on the Information Technology Infrastructure Library (ITIL) and IT Service Management. The event was co-sponsored by the ITIL Government Interest Group (GIG), an organization of Kentucky state agencies formed to promote ITIL education and IT Service Management within Kentucky state government. What do you see as the main benefits of ITIL and IT Service Management for Kentucky’s state agencies?
Rutledge: ITIL is our foundation for providing enterprise IT services to government agencies across the commonwealth. The most visible benefits have been in our transition from our dependency on people to process. The results have been favorable, we have realized consistency in our service delivery model, met customer expectations, and transitioned from a change notice practice to a change management process. Service management shifts the focus from technology to the business users’ perspective and making sure that we provide technology solutions to help with their mission. The business of technology is the business of the agencies using our services, not technology of itself.
NASCIO: Please describe some of the major IT projects and initiatives that Kentucky plans to undertake over the next one to three years.
Rutledge: Gov. Fletcher’s biennium budget funded more IT projects than any other time in our history. So opportunities abound, but some of the ones that we feel are most rewarding and challenging could be the Kentucky Education Network, the Data Architecture project, the new Human Resource application and the Comprehensive Tax System. The education community has embarked on the Kentucky Education Network (KEN), which is a collaborative initiative amongst all of the education community including K-12 and higher education to create a logical network that can track the student’s educational experience from cradle to grave. Comprehensive Tax is an effort to take a consolidated view of tax collection and utilize a service-oriented architecture (SOA) that is driven by a business rules engine to provide agility responding to the ever-changing tax laws. The Data Architecture project is an effort to standardize all elements of data to enable the sharing of data across the enterprise in a secure manner. This effort hopes to improve decision making, speed application development and reduce costs, ensure data integrity, provide a standard data framework and reduce duplication of data. This project has unlimited potential to the commonwealth, but will present challenges as data is every organization's crown jewel. Lastly, continue to improve on our Public Safety project, which includes working on the Kentucky Emergency Warning System's (KEWS) analog-to-digital transition and bringing new technologies such as Voice over Internet Protocol (VoIP), video and other services to law enforcement and the other members of our public safety community.
The original article may be found on NASCIO's Web site: