Business View Magazine - Sept 2023

12 BUSINESS VIEW MAGAZINE VOLUME 10, ISSUE 9 had procurement enter its top 10 space for the first time; mentioning the need to “streamline procurement processes.” When compared to the other priorities on the annual survey, there is plenty of need for purchasing decisions that go beyond cybersecurity, such as IT modernization, system integration, increased digital services for citizens, and finally, migrating systems/ applications to the cloud. While NASCIO’s Annual CIO Top 10 Priorities doesn’t point out procurement directly, procurement is mentioned in their fourth priority under Cloud Services—“cloud strategy; selection of service and deployment models; scalable and elastic services; governance; service management; security; privacy; procurement.” Over the years, cloud services have grown in functionality as well as in the definition itself. Today, an expanding number of state and local governments are moving more and more of their operations to cloud well as managed service providers. For IT and procurement managers alike, it is often difficult to assess the services offered by such vendors. The federal procurement market can lean on FedRamp for cloud-security related assurances through vendor certifications. Until recently state and local governments were left out of the process when hundreds of thousands of smaller regional and local service providers did not qualify under FedRamp regulations. Somewhat new to the scene is StateRamp, a nonprofit organization whose mission is to provide certifications for such local players. As StateRamp evolves, state and local governments will have a much-needed tool to better access their purchasing decisions when it comes to cloud and managed services with a focus on cybersecurity. Adding to the immediacy of the problem, the Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a global and nation-wide advisory aimed at protecting managed service providers and customers—often state and local governments. Among the five recommendations is to “Understand and proactively manage supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources.” Recent events have caused a massive change in how we use, procure and operate information technology. The list of supplemental purchasing decisions that must be made regarding the purchase of IT equipment and systems, both hardware and software decisions will need to be viewed through various lenses such as legal, cyber, financing, risk assessment, compatibility, support and training, to name just a few. The pandemic, along with an increase in cybersecurity requirements, has created a new path forward where procurement has evolved into a team sport, resulting in stronger information technology for all state and local governments in particular and making the process more secure and effective. And that’s the beauty of this beastly pandemic.