The US National Association of State Chief Information Officers (NASCIO) released its set of State CIO Top Ten Policy and Technology Priorities for 2023 back in December 2022. I’d like to examine these priorities now as they relate to developing, delivering, and securing the applications and APIs that help make state and local governments run — as well as how the complexity of hybrid and multicloud environments factors into the priorities.
1. Cybersecurity and Risk Management
Over time, infrastructure has become significantly more complex and distributed. Most enterprises, including state and local governments, are managing hybrid and multicloud environments. By exposing more touchpoints, these more complex environments create an expanded threat landscape. State and local governments face intense pressure to continue improving applications and APIs.
This fast pace of innovation opens up the potential for vulnerabilities and security issues and necessitates protecting those applications and APIs. Thus, it is no surprise that cybersecurity and risk management are this year’s top priority.
2. Digital Government / Digital Services
Now, more than ever, state and local governments are tasked with providing digital services to their citizens. Ensuring that services are provided to the appropriate and intended individuals is of the utmost importance. So is ensuring that digital services give citizens the best possible experience. This requires simplifying and optimizing how environments in which we deploy our applications and APIs are managed, as well as having those environments perform properly. Simplifying complexity improves security by removing the potential for human error, as does ensuring that APIs are served to the right citizens in a timely manner.
3. Workforce
New environments require new skills. As state and local government infrastructures have evolved, so have the skills required to manage, operate, maintain, and secure them. Thus, training the workforce and equipping it for today’s challenges — including securing hybrid and multicloud environments and detecting, analyzing, and responding to security incidents wherever they occur, even in one or more cloud environments.
4. Legacy Modernization
The migration of some applications and APIs to hybrid and multicloud environments has become an integral part of legacy modernization. As states and local governments go through these modernization efforts, their cloud strategy has been and will remain an important piece of the overall picture. Environments will need to be properly secured as they are modernized, regardless of where those environments reside.
5. Identity and Access Management
Applications and APIs connect to (and potentially expose) back-end systems and data. In many cases, they are also the public face of the enterprise. As such, properly controlling access to applications and APIs is a significant challenge for any enterprise, including state and local governments. While identity and access management (IAM) is a broad topic, it definitely does have specific applicability to applications and APIs running in hybrid and multicloud environments.
6. Cloud Services
As noted above in point 4, cloud strategy has been and will remain an important piece of the overall picture within state and local governments. Citizens have grown to expect services to be delivered quickly and efficiently. They have also grown to expect significant innovation. This has necessitated that state and local governments move quickly and adapt. This nimbleness is a key component of any cloud strategy, and an organization’s cloud security efforts need to be equally nimble.
7. Consolidation / Optimization
Simplifying and optimizing the management, operations, maintenance, and security of a variety of environments remains an important priority. There are two main reasons for this. In many enterprises, there are entire teams dedicated to operating and maintaining infrastructure, development, security, and other technology stacks at each different environment. As the number of environments grows, this approach does not scale (it is an n-squared problem, for those who enjoy algorithms).
In addition to this, as the saying goes: complexity is the enemy of security. The complexity that hybrid and multicloud environments introduce makes it difficult to universally and consistently apply security policy. It also opens up the potential for human error and oversights that can lead to vulnerabilities. Simplifying this complexity by consolidating and centralizing the management of different environments becomes a necessity.
8. Data and Information Management
Properly securing APIs, which expose back-end systems and data, is an essential piece of protecting data. API security includes a variety of important topics, including ensuring APIs conform to security policy and schema requirements.
While API security is a big focus area, so is API discovery. After all, if an API is not known, it can’t be properly inventoried, managed, and secured. When thinking about data and information management, it is important to consider the security of APIs as an important part of that.
9. Broadband / Wireless Connectivity
Part of providing services to citizens involves bringing state and local networks closer to the constituents. Efforts to improve broadband and wireless connectivity have a lot of moving parts, and cloud and edge environments play a role in these efforts. Protecting those networks from unauthorized access is paramount to security.
10. Customer Relationship Management
Citizens have come to expect that state and local governments will provide services within acceptable timeframes. This requires serving applications and APIs quickly and efficiently. Service-level agreements (SLAs) will need to be met. A well-designed cloud security strategy is an essential part of achieving these goals and properly managing the relationship with citizens.
In Short: Applications Are Key
State and local government CIOs and their teams face no shortage of challenges. Generally, there are more issues needing attention than there are resources to do them. As such, simplifying the management, operations, maintenance, and security of complex environments becomes key.
In the era of hybrid and multicloud environments, state and local governments will generally see good return on investments into more efficiently and effectively developing, delivering, and securing the applications and APIs that help make state and local governments run.