The beauty of the beast: Why the pandemic & cybersecurity might actually improve procurement and IT collaboration

For nicely around 10 years, IT supervisors have mentioned cybersecurity as their selection one problem. Both of those the CompTIA Public Technology Institute (PTI) and the Nationwide Affiliation of Point out Facts Officers (NASCIO) have been monitoring top traits in IT management, policy, governance and operational troubles as they relate to state and regional governing administration. Only not too long ago has “procurement” entered the leading 10 problems domain—and it is about time. In excess of the past various yrs, I have had the pleasure to talk in advance of a number of procurement officer events, as perfectly as a buying cooperative. What I figured out from these experiences was that obtaining supervisors have a authentic wish to master far more about the IT organization. Also, IT professionals explained their connection with procurement as fairly combined, often blaming outdated strategies, not persons. Equally sides have voiced the need for higher knowledge and cooperation. As we all know IT is really specialised, and apart from laptops and associated tools, the rest is considerably from getting labeled as a “commodity merchandise.”

The pandemic (the beast) may have been the vital and crucial catalyst for change. Under no circumstances in the record of public administration has metropolis and county IT aid experienced to pivot to a distant workforce even though continuing to serve citizens in these a quick period of time in time. Policies have been aspect-stepped to make the terrific change to distant do the job feasible. Hundreds of 1000’s of laptops, monitors, cameras and headsets had to be acquired in report time. A lot less noticeable was the substantial procurement of VPN networks, collaboration software and cybersecurity monitoring units. The pandemic pressured every person to run and move in approaches and velocity not assumed possible. The pandemic compelled regional governments to speed up strategies for the digitalization of govt. Substantially of what had been considered short-term has now mostly been taken care of and is most very likely listed here to stay.

As far more government employees have been compelled to work remotely, cyber criminals sought (typically efficiently) to exploit the new remote workforce landscape. Not only did ransomware assaults raise, but we also learned of a new sort of assault referred to as a “supply-chain” attack in which a cybercriminal would hack a vendor’s purchaser databases so that when updates have been pushed out, so as well was destructive malware.

The 2022 CompTIA Public Engineering Institute (PTI) State of City and County IT Nationwide Study had procurement enter its best 10 house for the initially time mentioning the require to “streamline procurement procedures.” When when compared to the other priorities on the once-a-year survey, there is a lot of require for purchasing choices that go further than cybersecurity, this kind of as IT modernization, technique integration, elevated digital providers for citizens, and lastly, migrating programs/purposes to the cloud. When NASCIO’s Yearly CIO Major 10 Priorities does not point out procurement specifically, procurement is pointed out in their fourth precedence less than Cloud Services—“cloud tactic variety of provider and deployment products scalable and elastic providers governance support management safety privacy procurement.”

In excess of the yrs, cloud solutions have developed in functionality as well as in the definition alone. Nowadays, an increasing quantity of condition and local governments are going far more and additional of their operations to cloud effectively as managed company suppliers. For IT and procurement administrators alike, it is usually tricky to evaluate the expert services made available by these types of distributors. The federal procurement marketplace can lean on FedRamp for cloud-protection connected assurances through vendor certifications. Until lately condition and neighborhood governments were left out of the system when hundreds of thousands of lesser regional and regional provider suppliers did not qualify underneath FedRamp laws. Fairly new to the scene is StateRamp, a nonprofit group whose mission is to supply certifications for this sort of nearby players. As StateRamp evolves, state and local governments will have a significantly-wanted tool to superior entry their paying for conclusions when it arrives to cloud and managed companies with a target on cybersecurity.

Adding to the immediacy of the trouble, the Cybersecurity and Infrastructure Protection Company (CISA) has lately issued a world wide and nation-wide advisory aimed at safeguarding managed services vendors and customers—often state and area governments. Among the five recommendations is to “Understand and proactively handle source chain hazard across security, legal, and procurement teams, working with possibility assessments to establish and prioritize the allocation of resources.”

The latest functions have caused a massive change in how we use, procure and operate details technological innovation. The listing of supplemental obtaining selections that must be produced with regards to the obtain of IT products and programs, both of those hardware and application choices will have to have to be viewed by means of several lenses these kinds of as lawful, cyber, financing, risk evaluation, compatibility, guidance and instruction, to name just a handful of. The pandemic, along with an maximize in cybersecurity necessities, has produced a new route ahead wherever procurement has evolved into a staff activity, ensuing in much better info engineering for all condition and area governments in distinct and creating the system additional protected and effective. And which is the natural beauty of this beastly pandemic.

Dr. Alan R. Shark is the vice president general public sector and government director of the CompTIA General public Technologies Institute (PTI) in Washington, D.C., because 2004. He is a fellow of the Countrywide Academy for Community Administration and chair of the Standing Panel on Technologies Management. He is as associate professor for the Schar College of Coverage and Government, George Mason University, and is course developer/instructor at Rutgers College Middle for Govt Products and services. Dr. Shark’s imagined leadership functions contain keynote talking, running a blog and the bi-weekly podcast Sharkbytes. He also is the writer or co-author of more than 12 guides including the nationally recognized textbook “Technology and Community Administration,” as properly as “CIO Management for Cities and Counties.”

This report originally appeared in the June 2022 concern of Authorities Procurement.