« August 25, 2003 | Main | August 27, 2003 »
August 26, 2003
Western CIO Summit: Data Exchange
Des Vincent, the CIO of Northern Ireland, is the first speaker on the data exchange panel. I'm enjoying listening to him very much. He's discussing the COINS system that linked vehicle information from both public and private sources in NI. Not surprisingly, the politics was the most difficult part. He mentioned that there were over 200 databases in NI that contained names and addresses of citizens. I'm intrigued that, coincidentally, its almost exactly the same number as we founds in Utah.
Mark Blatchford, from the Social Security Administration, is presenting information about the eVital project and its predecessor pilot: EVVE. EVVE was a pilot project with eight states that provided SSA with an electronic way to match vital record data. Since SSA didn't want to be a repository of vital record data, all they got back from a request to a state was a green or red light. The project worked on XML and through a hub. One of the big challenges to this program was the financial aspect. States have become dependent on the revenue that is driven through the SSA requiring citizens to present a certified copy of their vital records when they talk to the SSA. Now that the SSA is going direct, they're not likely to pay the same amount for a data query that states could charge each citizen for getting a certified copy of their records.
02:16 PM | Recommend This | Print This
Western CIO Summit: Enterprise Architectures
One of the panels is on Enterprise Architectures. The panel consists of:
- Curtis Wolf, CIO, North Dakota
- Val Oveson, CIO, Utah
- Robb Stoddard, CIO, Alberta
- Moira Gerety, CIO, new Mexico
- Bob Haycock, Manager, FEAPMO
Curtis is talking about North Dakota's Enterprise architecture program. They have made a lot of progress, although Curtis says its been sidetracked a little by agency angst over a legislatively mandated centralization of many IT functions, including email, database, and server administration. Curtis believes that the EA process would have eventually led to the same conclusions and done so in a way that wasn't so upsetting to the business. I think he's right. I've always believed that more centralized administration of IT functions is a fact of life that will happen and its much better for an IT organization to decide on their own how that should happen than it is to wait for someone else to decide for you.
Val is describing Utah's governance structure, put in place by the Governor last August, that uses the Cabinet as the IT project portfolio managers and a dotted line organization between the CIO's office and the CIOs in each agency that . Still, he says uncertain related to governance is the hardest question in putting an EA into place (every other CIO on the panel shakes their heads). Vision in Utah is clear. Application development is moving forward (witness eRep, for example). Infrastructure consolidation has not happened because the required political capital isn't available. Val also mentioned the new strategic plan and the hard work that went into it by agencies. This strategic plan does an excellent job of outlining seven great goals for eGovenrment in Utah and listing objectives for each one. As always, the proof will be in the implementation, but getting the governance done is a greate start.
Moira is one of the new CIOs who came into office from last year's election cycle. Her background is private sector. Its clear as you hear her speak that she's got an aggressive new Governor who's ready to make some changes. This translates into a desire to move money from IT into programs, in this case. This leads to less emphasis on technical architectures. She makes a case for open source and open systems. Architecture is impacted by procurement. Being new, she's concentrated on the governance issue and working toward a sub-cabinet group of agency CIO's. They are focused in three main areas of state functions: client services, resource management, and government operations.
Robb started off talking about the creation of Alberta SuperNet, a network that connects every school, library, health facility, and government office. This gave Robb a wide area network that allowed him to ask the agencies: how would you do business if bandwidth and storage were not an issue. The natural outcome in many cases was more consolidation. Robb views his role as defining the rules and creating the rulebook (the EA) and playing the part of referee as the agencies "play the game." Interestingly, after getting a governance model in place, Alberta started with a data architecture. This is unusual, but also a good way to promote data sharing. Its hard to do because executives want to fund "programs" not data.
Bob, as director of the Federal EA Program Management Office and, given OMB's mandate that new money won't go to programs without an EA, is in much demand. He's responsible for directing the development and implementation o the Federal EA. There are four primary objectives:
- identity opportunities to leverage technology and alleviate redundancy. or to highlight were agency overlap limits the value of IT investments.
- establish "line of sight" contribution of IT to mission and program performance.
- facilitate horizontal (cross-Federal) and vertical (Federal, State, and Local) integration of IT resources.
- support a more citizen-centered, customer-focused government that maximizes IT investments to better achieve mission outcomes.
11:31 AM | Recommend This | Print This
Western CIO Summit: eAuthentication Panel
I'm at the Western CIO Summit in Park City. My panel on eAuthentication was the first one this morning. Also on the panel were Glenn Miller of the University of North Dakota's NDGRO program, Steve Timchak, the eAuthentication program manager at the GSA, and Chuck Chamberlain who does business development for the US Postal Service. Steve talked about the eAuthentication initiative and provided some clarifying information about what it is and what it isn't. Essentially, eAuthenticaion is a policy decision point (PDP) for the federal government.
Chuck talked about the US Postal Service's In-Person Proofing and Electronic Postmark initiatives. Both of these are quite interesting. In-person proofing allows a private company to create an electronic form that can be printed and taken to the local post office for in-person authentication against a physical ID. This is perfect for certificate authorities and other who need strong proof that the certificate is being issued to the right person. Electronic postmark is exactly what you'd think it is. Chuck mentioned that this will be part of Microsoft Word soon so that you can get an electronic postmark on a Word document before you email it off to someone.
My role was to be controversial (a role I had no trouble fitting myself for). My talk was about the proper role for government in digital identity. I've put my slides online along with a paper that discusses my points in more detail. In short, my primary thesis is that government has played an important foundational role in identity in the physical world, but has abdicated its role in the digital world, hoping that private interests will somehow fill the gap. I generated plenty of comments, both pro and con. That was the point: raise some awareness.
10:30 AM | Recommend This | Print This
Managing Blackberrys and Other PDAs
In a tale that reminds us that IT organizations still haven't come to grips with the management of PDAs and other palm-sized computers, this Wired magazine article reports that the Blackberry of a former Morgan Stanley VP, chuck full of all sorts of corporate information, was recently purchased on eBay for $16. The VP had left the company several months earlier and the IT department failed to wipe it clean. Naturally, they want to make it his fault. Quoting from the article:
"We trust employees with a lot of sensitive information; that's why we have these procedures in place. Someone who is in mergers and acquisitions and is a vice president should be very aware of his responsibilities," [said Morgan Stanley's Quintero]. But Korn/Ferry's Steinbock said, "If they were vigorously wanting to protect their intellectual property, I would hardly think that's enough. "Since it's information that would harm them, not him, it's perplexing that they wouldn't be more aggressive about retrieving that information and follow up with him. The company obviously doesn't have controls in place to take care of its own intellectual property, and that's really their fault," she said. In fact, the VP said that when the company closed his e-mail account on his last day of work, he thought any data on the BlackBerry would be deleted remotely by the server. "I just assumed it was all taken care of," he said.
The BlackBerry belonged to the executive because Morgan Stanley has them buy their own. This policy seems shortsighted. Sure, the company saves a few bucks, but it makes it much harder to control the information. Furthermore, the IT department will never be able to get its arms around a collection of incompatible devices. Companies need to manage their IT and the data, not the employees.
I've heard companies brag about things like "zero-day start" where an employee is up and running with all the accounts, permissions, gear, etc. that they need to do their job the first day they show up. How many companies are good at turning everything off? I still had an email address over a month after I left the State of Utah (which gave the conspiracy theorists something to worry about). I'm sure if I'd checked, I still had access to all kinds of data as well. Not that I'm picking on Utah--they just happen to be my most recent experience. As I've said this sort of thing is common.