Since launching the IT Optimization program in fiscal year 2012, DAS OIT and agencies have successfully centralized IT infrastructure and established a common direction for our IT community. Through IT Optimization efforts, we have documented savings of over $162 million dollars. As a result, DAS OIT and agencies refocused IT spending on things that make Ohio a better place to live and do business. The state spend has “flipped” from spending less than 19 cents of every IT dollar on public facing services and systems to more than 59 cents of every IT dollar spent. This is a result of migrating 90% of our infrastructure to the cloud and increasing adoption of shared services, such as enterprise VoIP (50,000+ profiles), email, mainframe services, and the engagement of local government and higher education in co-location services in the state’s data center. We continue to achieve great things together – because it takes all of us, working together and in concert, to continue to make the difference that we are making for Ohio and our citizens.
We have come a long way… but there is more to do! As infrastructure consolidation will successfully complete in early FY19, IT Optimization is evolving to ensure continuous improvement in enterprise application service offerings, legacy systems modernization, and next-generation business models.
Ohio is positioning as a national leader for a digital future that includes intelligent automation, autonomous and connected vehicles, machine learning and robotic process automation, digital citizen engagement and paperless processes. The central organization is structured to reduce complexity and bureaucracy, increase the use of shared IT applications and services, and support advanced BI and data analytics, while strengthening IT strategic planning, and governance functions.
The progress we have made over the last seven+ years is tremendous and could not have been achieved without your hard work and support. We need to build on this momentum to continue to increase efficiencies, improve service, reduce complexity, and realize savings.
Ohio’s IT Optimization has laid a foundation for success. DAS OIT and agencies will continue their work on the following three priorities:
Additional details regarding Ohio’s three year IT strategy are outlined within the “Ohio IT Strategy: January 2016” document, which is available on this IT Optimization Website (Resources Tab/Strategic Resources).
Enterprise Email DMARC Cloud Services RFP Awarded - 3.15.2019
The Department of Administrative Services (DAS) awarded the Enterprise Email Domain-based Message Authentication, Reporting and Conformance (DMARC) Cloud Services request for proposals (RFP) to Valimail. As a result of this RFP award, DAS OIT plans to minimize and, if possible, eliminate the state’s exposure to email phishing attacks and their evolutions and refinements.
The state believes that the implementation of the DMARC will further fortify the state’s defenses. At a high-level, the DMARC service must:
Additional details are available in Valimail’s recent news release. If you have questions regarding this effort, please contact the DAS Office of Information Security and Privacy at 1-614-644-9391 or firstname.lastname@example.org.
Ohio Cybersecurity Efforts in the News - 3.8.2019
Government Technology and StateScoop recently released articles regarding the introduction of Senate Bill 52. The bill, sponsored by Senator Theresa Gavarone, is supported by Ohio Secretary of State Frank LaRose as well as Maj. Gen. John Harris Jr., the Ohio adjutant general, and Mr. Mark Bell. If passed, the legislation would enable the creation of the Ohio Cyber Reserve, a civilian force consisting of IT security experts, to assist with state and local cybersecurity issues. The Adjutant General's Office would oversee the group of civilian professionals.
In addition, the bill would secure the funding to establish a chief information security officer position at the Ohio Secretary of State's Office. The position would be responsible for developing cybersecurity plans to further safeguard systems involved in the voting process.
Additional details are available in Government Technology’s, “Ohio Elections Chief Backs Cyberdefense Legislation,” article and StateScoop’s, “Ohio Cybersecurity Bill Focuses on Election Security, Civilian Response Group,” article.
A Platform for the People: How OCTF’s Website was Transformed - 3.1.2019
Analytics features are becoming increasingly valuable to state agencies that want to better understand their customers, and more importantly, determine what information they need to position front and center to better serve their customers. The Ohio Children’s Trust Fund (OCTF) recently partnered with the Ohio Digital Experience (ODX) to re-platform their website on ODX’s Portal Builder. Portal Builder capabilities are delivering greater customer insights, making delivery of important news and information to OCTF’s constituents more efficient and effective
Nicole Sillaman, Program Manager at OCTF, highlighted the impact of ODX Portal Builder’s analytics features, stating, “When I looked at the dashboard and saw the key words people were searching for, they were things I wouldn’t even have imagined.” The ability to analyze this information has helped OCTF provide more relevant content to their customers. Since the release of their new website, OCTF has received, “glowing praise from constituents, a few unsolicited donations and no negative feedback,” according to Sillaman.
As customers’ appetites for relevant and personalized content continues to grow, Sillaman believes that, “sharing content will provide even more value. The more agencies that onboard to ODX, the easier that sharing content becomes.” OCTF and the Ohio Department of Health (ODH) are leveraging Portal Builder’s shared content capability to increase the reach and impact of important website content related to infant mortality, safe sleeping habits, and other topics of common interest to their organizations’ respective customers.
In the near future, OCTF is looking to use the ODX Portal Builder’s features to templatize and integrate their awareness campaign websites. Currently, each awareness campaign site is managed separately, with unique URLs that require individual maintenance and financing. Once these campaigns are brought into the ODX-hosted OCTF website, these templates will allow OCTF staff to build a complete awareness campaign more quickly, while reducing maintenance time and costs.
For questions related to onboarding to OH|ID and ODX, please contact Elizabeth Robinson at Elizabeth.Robinson@das.ohio.gov. For general inquiries, please contact the ODX mailbox at email@example.com.
Update on 9-1-1 Public Safety Answering Point Operations Rules Compliance - 2.22.2019
The Public Safety Answering Point (PSAP) Operations Rules address the minimum operations standards that must be adopted by all Ohio county PSAPs initially answering 9-1-1 calls from wireless devices (identified in OAC 5507-01 and approved by the JCARR in 2016).
To assist the counties, the Ohio 9-1-1 Program Office created a Support and Compliance Program. The Support and Compliance program was developed with the help of a focus “working” group, comprised of county 9-1-1 coordinators throughout the state. The focus group members made recommendations for rule compliance based on their experience and expertise in the field. In addition, education and training sessions were conducted to help counties prepare the required documentation.
Ohio 9-1-1 Support and Compliance Coordinator Sharon McMurray completed her assessments for calendar year 2018. During the implementation phase, which began in May 2018 and ran through the end of the year, there were no funding penalties attached to non-compliant status. For 2018, 60 counties achieved compliant status, 27 counties were non-compliant, and one county offered no submission to be evaluated.
The Ohio 9-1-1 Program Office expects that those counties that were not compliant with the PSAP Operations Rules in 2018 will be able to reach compliant status in 2019. Indeed, many of them may have already met the requirements for 2019 based on slight changes that needed to be made. Now that the implementation phase of the Support and Compliance Program has concluded and the operational phase has begun, continuing non-compliance in 2019 could lead to loss of funding.
For additional details, visit the Ohio 9-1-1 Program Office website.
Privileged Access Management Coming Soon to OH|ID Workforce - 2.15.2019
Privileged accounts are of particular interest to cyber criminals: the volume of compromised data resulting from a privileged account breach can greatly exceed the yield from a single user account breach.
The addition of Privileged Access Management (PAM) to OH|ID Workforce will further secure the state’s critical and sensitive data.
Privileged accounts offer users – typically system administrators - an elevated level of access to computers, servers, and business applications for the purpose of performing configuration changes, accessing sensitive data or managing user access itself. When privileged accounts fall prey to hacking, critical and sensitive information can be compromised, and can lead to erosion of trust and damage to an agency’s reputation.
In order to keep a close watch on activity conducted by privileged accounts that have access to sensitive data and information, the state is partnering with the Ohio Digital Experience (ODX) to implement Privileged Access Management (PAM). PAM technology supports proactive monitoring, updating and password protection for privileged accounts serving both customers and the state.
Without PAM, organizations have limited insight into how privileged accounts interact with systems, including when they log in and the information they access. “The addition of PAM to the State will be a huge win for security,” said State Chief Information Security Officer Russell Forsythe. “PAM provides increased management, awareness and enforcement over crucial account details and helps keep Ohioan’s data safe and secure.”
PAM gives customers the ability to provide administrators with verifiable and temporary access to privileged accounts, while still maintaining a high level of security. In order to acquire access to servers, the administrator logs into PAM and “checks out” a password for the account. After completing their task, the user checks the account back into PAM, at which time the password is automatically reset.
In addition, PAM’s access-logging feature allows the state’s security team near real-time access to all privileged accounts in the system. This sheds light on any suspicious or nefarious account activity in addition to giving the state an opportunity to monitor or deactivate any privileged accounts that have been dormant for a set period of time.
For questions related to onboarding to OH|ID and ODX, please contact Elizabeth.Robinson@das.ohio.gov. For general inquiries, please contact the ODX mailbox at firstname.lastname@example.org.
A newly created Technology Board will help to enhance enterprise IT alignment and ensure agency interests are represented within the IT governance process and duplicative activities are minimized. The board aligns agencies according to common purpose within five Lines of Business (LoB). Agency CIOs will be aligned by LoB to facilitate the discussion of opportunities, issues, and concerns within their partner agencies. We have selected five Line of Business Leads (LoB Leads) to drive long-term acceptance and sustainability of IT solutions that support the State’s objectives for IT Optimization. The LoB, their associated LoB Leads, and partner agencies are organized as follows:
IT Optimization FAQs
IT Optimization Information Center
IT Application Center
IT Enterprise Services portal
SUMS Resource Center
Central Payment System
IT Strategy and Investment Management
9-1-1 Program Office
Ohio Data Analytics
Research and Advisory
Shared Web Hosting
Telecommunications Contract Management
Ohio IT Statutes and Administrative Rules
Governor's IT-Related Orders and Directives
State of Ohio IT Policies
State of Ohio IT Standards
State of Ohio IT Bulletins
Enterprise IT Procedures
Enterprise IT Architecture Resources
Statewide Enterprise Buys
Next Generation Telephony Service
Major Project Oversight and Guidance