There have been quite a few headlines lately about the current challenges facing Virginia's government technology infrastructure. From this IEEE Spectrum article, to Computerworld in the USA to the United Kingdom's version of the Computerworld Magazine, the situation has been covered globally in the mainstream and technology press.  Virginia Governor Bob McDonnell has even announced an independent review of the recent "unacceptable" computer outage.   

For the past few weeks, many technology professionals around the country have quietly been watching and hoping for the best for our colleagues in Richmond, Virginia. Despite online criticism, technology leaders in other governments recognize the potential ramifications for all of us. Several of us believe that technology and security pros in government need to do some infrastructure-searching and ask: could a similar failure happen on my network? This is one of those "moments in time" when technology professionals need to take a step back and ponder those nebulous "what ifs."

Honest technology veterans not only recognize that such outages can happen, we have lived through several mini-crisis situations. Over the past two weeks, I've received calls and e-mails from respected colleagues around the country with comments such as: "We recently had a major outage as well... that almost caused a similar (widespread) impact. We were very fortunate that.... (some good thing happened)."  Somehow, in each case, they pulled through and stayed below the public radar.

Or, as the Washington Post stated in a quote of an Arizona technology analyst named Robin Harris: "People in the industry are watching ... as this unfolds. There's a lot of 'there but for the grace of God go I' kind of thinking."

No, we don't have insider details regarding what happened in VA.  In fact, as I write this blog, I know little more than what's available from public reports. (Our team will be getting briefings from related technology vendors this week, but those discussions will be under a non-disclosure.)

But before we get to potential action steps for the rest of us, let's put this situation into historical context.  From Y2K to 9/11 to the Northeast blackout of 2003 to spreading viruses to malware attacks to lost or stolen laptops, technology leaders are constantly being asked to prepare for and react to unexpected emergencies. Other times, the technology doesn't work as expected. Email fails - even for Google. Mission-critical systems can't communicate, or networks go down in strange ways. Tech leaders worry about losing backup tapes containing sensitive information. Insider threats, such as this incident in San Francisco in 2008, can get out of control.

No doubt, government technology shops know these things. We have onsite and offsite backups, DR plans, real-time redundancy, alternative systems, business recovery plans and more. We've dealt with weather emergencies and the aftermath of 9/11. We prepare with exercises like Cyberstorm I, II & III. We test our processes and procedures to prove we can respond and recover. 

We've all been audited, and we respond with new approaches that are foolproof - until the functions don't work as advertised in a crisis. Perhaps the scenario that was tested is not the one that occurs. Which leads us back to that tough question - what about my government's technology infrastructure? We think about vendors and products. Where are our biggest weaknesses? How can we mitigate those risks and/or prepare for the unknown?   

Don't get me wrong. Following ITIL and building good DR plans are very important and we can (and need to) continue to improve in these areas. And yet we still know that unexpected things do happen. How will your team respond? Who will they call? What is done in the first few minutes is often very important in how the recovery effort will proceed for the following days and/or weeks.

So here are five things to ponder before technology fails:

1)      Think people, process and technology. Are the DR plans workable? Has your staff been trained to execute quickly? We have found that people issues are the hardest to prepare for and resolve. In addition, emergencies generally go bad when two or three of these are involved in an incident - and not just a single failure of technology or a human error.

2)      Communication is the key in a crisis. Answer this: Who will your team members call and when? What will they say? Just like the fire department: How fast can the team respond? Also, proper expectations need to be set regarding recovery, or the trust will disappear between partners. Is the front-line ready?

3)      Look for the gray areas in DR and business continuity plans. In Michigan, we've found that technical staff are often uncomfortable making the call to go to backups or pull the trigger on major recovery efforts. Techies tend to try to fix the problem themselves and not tell anyone. If you get management involved to quickly escalate issues, additional resources with a wider view of the problem can often remediate the issue before it spreads. Looking back, gray areas in our plans have hurt us. After the fact, we play "Monday morning quarterback" and realize we should have brought in vendor expertise earlier or gone to "Plan B" faster.

4)      You can never outsource the responsibility. Where does the buck stop? No matter how good our vendor partners are, the government will always answer to the public when business functions are not available. Build a joint team and practice together with contract partners, but remember who will own the end-to-end result. Know the boundaries of contracts and test plans across those boundaries. Be accountable.

5)      Practice makes perfect - almost. Run drills, conduct tabletop exercises, talk about lessons learned from previous incidents, share stories, ask "what if" questions. Test scenarios. I like this quote from Vince Lombardi:  "Practice does not make perfect. Only perfect practice makes perfect."

Despite our best efforts, bad things will continue to happen to our technology infrastructures. It is part of our job to help staff prepare for those situations. Like a respected football coach with a talented team and a good game plan that goes bad for any number of reasons, we need to be flexible enough to adjust and still win the ballgame. Or perhaps, after a tough loss, we need to bounce back and salvage the season.  

Virginia's government technology team may have done everything properly and yet still be confronted with this difficult situation. We will know more details soon enough. And yet, they are known around the country as an excellent technology program with a respected reputation for excellence and leadership. This fact alone should cause each of us to pause and take notice.

Regardless of the outcome, they are also respected partners in government who have shared best practices with other states at National Association of CIOs (NASCIO) conferences. I am sure Virginia will bounce back and grow stronger through this.  

For the rest of us, as we get ready to come together for the annual NASCIO conference in Miami at the end of this month, many will be thinking about Virginia's experience. We have entered a new decade where hardware, software, security, centralized data centers, cloud computing, mobile devices and more must work together. The complexity will be a challenge for every state and local government as we strive for increased efficiency.

 Therefore, we need to be looking internally and asking (one more time): If technology fails, now what?

I'd appreciate hearing your views on this situation or on similar challenges in your government technology program.

Everyone's talking about Intel's pending acquisition of McAfee for $7.7 billion. The list of questions is long. Did they pay too much - or too little? Is this the beginning of a new trend or a one-off acquisition? What does this say about the security industry and/or about the state of cyber security in general? What will the impact be for government technology professionals? What can we learn from this action? Bottom line, why did Intel do it?

Leslie Fiering, research VP at Gartner, told SC Magazine, "The goal is to collect and develop IP that can go directly to silicon and bring security down to the hardware level. The embedded security will run outside the OS with a broad variety of software developer hooks. It is highly unlikely that Intel will make any of these proprietary or in any way specific to McAfee.... Bringing security down to the hardware level is particularly critical at a time when exploits at the OS level are getting more sophisticated on PCs and mobile OSs are still highly immature in the security arena."

Renee James, Intel's senior vice president of software and services, told USA Today, "It's true in mobile solutions that we will have more enhanced security hardware, It is an accurate assumption that in the mobile devices market we will be doing integration into the chip."

Rich Mogull from Securosis.com had a very interesting perspective. He said that Intel bought McAfee for three reasons:

1)      The name - "Yes, they could have bought some dinky startup or even a mid-sized firm for a fraction of what they paid for McAfee, but no one would know who they were. Within the security world there are a handful or two of household names; but when you span government, business, and consumers the only names are the guys that sell the most cardboard boxes at Costco and Wal-Mart: Synamtec and McAfee...."

2)      Virtualization and Cloud Computing - "There are some very significant long term issues with assuring the security of the hardware/software interface in cloud computing. Q: How can you secure and monitor a hypervisor with other software running on the same hardware? A: You can't. How do you know your VM is even booting within a trusted environment?"

3)      Mobile Computing - "Meaning mobile phones, not laptops. There are billions more of these devices in the world than general purpose computers, and opportunities to embed more security into the platforms."

So what does this mean for government? I'm staying out of the analysis of how this will affect medium-term products, pricing and competition with Symantec, Trend Micro and other security companies. However, it does underline three trends that express the central importance of cyber security for the next decade.

1)       Cyber security is still hot - and getting hotter. This reality may seem obvious, but recent Gartner surveys of priorities from CIOs has seen security drop to the bottom half of the top ten list. A few years back, security was the #1 issue. To illustrate this point, here's another 2010 priority list - from a different source. The same trend can be seen in the 2010 NASCIO list of top State CIO priorities - with security at #6.

However, a deeper look at these lists and the technologies reveal that security is an important component of all the items at the top of these lists - in areas such as virtualization and data center consolidation. The fact is that technology leaders are demanding that security be built-in for these solutions and projects. In many ways, security has evolved into something new.

2)      More specifically, this cyber security trend is heading up and down at the same time. In the second decade of the 21^st century, security will be moving into "the cloud" (or cloud computing) and into mobile devices that are getting smaller and more powerful. It remains to be seen if Intel can be successful with building effective security into their chips in the same way that anti-lock brakes and air-bags are getting safety built into newer cars. It is pretty clear that Intel (and others) want to try and build more security into the chip sets. Security is becoming more of a "must-have" and less of an "optional extra" in order for new technology offerings to succeed.  

3)      Prepare for more acquisitions and an evolving landscape in the security space. Over the past few years, Symantec and McAfee have been buying smaller security companies on a regular basis and filling in holes in their offerings. This trend will continue, but now even bigger companies (like Intel) are buying the largest security companies (like McAfee). Will other large communications and/or technology companies buy security companies? Will the likes of AT&T, Microsoft, Google, IBM, HP, EMC, AMD and/or others keep buying into this space? Probably - in fact this is already happening with smaller security companies. A blog on Symantec's website asked if Symantec would be bought next?    

These are interesting (and exciting) times. I certainly did not see this pending acquisition coming. Nevertheless, it looks like more change is coming. Hold on to your seat belts.

What are your thoughts on this pending Intel purchase of McAfee?

  Are recent announcements of product offerings from Google, Microsoft and others going to fundamentally change government technology service delivery?  Has the long foretold government paradigm shift now begun? Will we look back at 2010 as the pivotal year? Or, is this just another over-hyped tech story?

Lately, I am thinking that the answer may well be yes - we are witnessing a fundamental shift in technology service delivery for government. However, I think the full transformation could take up to a decade (or more) to complete.

In my opinion, the tech giants are starting in the email and office suite space and will succeed in making these commodity purchases for governments over the next few years. Meanwhile, more complex applications and mission-critical data will be moving into "government clouds" which are private and more secure. Bottom line, we have started down this new "yellow brick road" but certainly have a ways to go to arrive at the "Emerald City."    

   There are many people saying that recent announcements are game-changers. Here's a quick rundown on several interesting articles and related research on this cloud topic:

InfoWorld:  Google removes cloud security barrier for government

ZDNet: The federal cloud: Another Microsoft vs. Google battleground

eWeek:  Cloud Computing: Google Apps Leads Microsoft in Federal Cloud Race: 10 Reasons Why It Matters

Government Technology Magazine recently did this story on the Google certifications for government.   I have also written several blogs and other articles on Cloud Computing security issues and offered recommendations to government technology executives on the cloud. A few months back, CIO.gov released the Federal CIO Council's report on the "State of Public Sector Cloud Computing."

Last week, the Digital Daily pointed to recent implementation challenges in LA, in this article Cloud Computing: Good Enough for Government? Microsoft told us back in February that FISMA-compliant cloud offerings are coming this year. I expect to see those offerings over the next few months, which will mean that they will match Google's FISMA-compliant offerings - with a similar price. These offerings also ensure that data is stored in the USA to help us with potential legal issues.

(One side note of caution: true FISMA compliance requires much more that just secure hosting by Google or Microsoft or others. It requires end-to-end security which includes our databases, PCs as well as office environment policies, procedures and even training. I worry a bit that these "compliant answers" are somewhat over-hyped in that government officials who may not know any better will think that they "done" with security if they just use one of these FISMA compliant services.)    

For more technical details on this topic, you can also read this PC Magazine blog entitled: The Changing Cloud Platforms: Amazon, Google, Microsoft, and More

 Meanwhile IBM and smaller companies like Secure-24 are focusing on private cloud offerings. The International Business Times highlighted IBM's offerings, but almost every tech company I speak with now has one or more cloud offerings.  

So what can readers do to learn more? I like these six questions that Accenture recommends IT Executives ask regarding cloud computing. (Click on the recommendations and conclusions boxes when you get to this website.)

My view is that as we see even greater pressure to cut costs in 2011 and beyond, all of us will incorporate elements of these new cloud computing services into our offerings, if you don't already have them implemented. There's is no doubt that government technology execs will also need to improve their contract monitoring and vendor management skills in this new online world.

What are your thoughts on these new, improved "cloud offerings" in government?

"We need your help to stop online thieves."

 This surprising message from many banks to their customer base is becoming more popular as online bank robbers are getting more sophisticated, patient and dangerous. Gone are the days when marketing brochures insisted that online accounts were just as safe as traditional banking with a teller. The new message seems to be: "We're in this battle together, so can you please lend a hand?"

 USA Today's headline entitled: Banks seek customers' help to stop online thieves offered a fairly bleak assessment of current abilities to stop the bad guys - unless we all work together.

"Cyberattacks against individual online accounts have become so sophisticated and pervasive that the American Bankers Association (ABA) is now asking consumers to 'partner' with banks to keep cyberrobbers in check.

The banking industry wants consumers to monitor their online accounts for unauthorized transactions on a "continuous, almost daily, basis," says Doug Johnson, the ABA's vice president of risk-management policy. "

The article goes on to offer a scary story to illustrate the point that this has become the new normal in online banking. With 80% of US households now participating in online banking, this issue is very serious. More than that, this call to share the security load is a 90-degree turn, in my opinion. A decade ago, banks and other financial institutions insisted that the online risks were as low (or lower) than conducting your bank transactions at branch offices - with the convenience of staying at home and not waiting in line. 

So does this issue affect government? Absolutely! Here's how.

Cybersecurity experts in government have been working with our banking partners for years regarding technology and processes for securing online transactions. We attend many of the same meetings and security conferences. We work with the same vendors. The banking industry has generally been leading cybersecurity activities, and they have often offered the way forward for online government. Bottom line, we are all in the same boat as partners. 

 I have seen several respected colleagues go back and forth between these two communities, such as Greg Garcia who went from US Cyber Czar at the Department of Homeland Security (DHS) to a senior executive position at the Bank of America working on identity management and cybersecurity. Other banking colleagues participate on the same panels at security and technology conferences such as RSA and GovTech South Africa.      

Beyond security community interaction, we all know that more government transactions go online every day - involving citizens, businesses and other governments. For efficiency and customer service reasons, e-government has been hot for a decade and continues to get hotter in tough budget times. This trend is only accelerating online as services ranging from tax preparation for businesses to camp ground reservations for families are placed on the Internet. These services offered are the vital backbone for government technology professionals, and the scope of this issue is rapidly expanding.

 So should governments follow the leading of banks? I predict that this will happen over time. In order to ensure the integrity of our online government processes, we will need to work end-to-end to secure online transactions. This means that consumers and providers will need to get involved. [One side note, many governments have offered end-user training for citizens, schools, businesses and more for years - such as Michigan's cybersecurity training.]

How fast will this new trend develop? What will be the next step(s)? How far will the banks go in counting on customers to help? Will government online transactions move to two factor authentication like European banks did years ago?

  I'm not sure, but I think that our colleagues at US banks will continue to show us the way - since they are in the hottest part of this cyber battle. I do think that we'll be hearing more lines like "All Aboard!" when it comes to securing online transactions. So yes, it's back to training our children and neighbors.

What are your thoughts on this topic?

Earlier this week I received an email from an out of state friend and respected colleague who I haven't heard from in a while. He got straight to the point. "I just discovered that I'm only three hops away on LinkedIn from one of the suspected Russian spies. But guess what, you're even closer. You're only two hops away."

 Put in the other terms, my (real life) friend was telling me that I was linked (had a connection which is similar to a "friend" on Facebook) to someone who had an online connection to one of the alleged spies. 

I immediately checked out my friend's facts. It was true. I had accepted an invitation last year to connect to a person who was in one of the security groups that I was also in. At the time, this individual wanted to make me aware of several "hot job openings" for senior executives in my field. That contact never went anywhere, but now I was kind of "guilty by association." I presume that many others are in the same boat, since the recruiter has thousands of LinkedIn connections.

This is not the first time something like this has happened to me. But the previous time, I was a bit more culpable. Once I gave an upbeat LinkedIn recommendation to a colleague that I knew well and liked as a person. This government staff member did good work and had a good reputation - until he committed a crime and went to jail. (It turned out that I didn't know him as well as I thought.) I quickly learned that I could undo (withdrawal) my online recommendation for this person, and I did so.

 As I researched "the good, the bad and the ugly of social networks" further, I found out that many HR professionals and lawyers have suggested that online recommendations are a bad idea in the first place. That is, recommendations are not recommended, for a variety of reasons. Even when there are no negative employee/boss situations that arise, some bloggers suggest that these recommendations can be seriously flawed - due to conflicts of interest. Some managers may even recommend staff so that they are more likely to leave.

So here I am on 4^th of July weekend, wondering if I should stop accepting LinkedIn invitations. Should I change my social networking habits? Should I stop connecting to other professionals online? I meet many people at conferences and often try to establish a connection with them on LinkedIn within the next month. Does this still make sense?

After more research, I've also discovered that LinkedIn has even clamped down on super connected users. Most experts say that quality matters more than quantity. And yet, I have always used LinkedIn as a good substitute for keeping track of business cards which can become out of date. Using LinkedIn, I can easily keep track of friends and colleagues that I worked with in England, back in Maryland and even former State of Michigan employees who move one.  This pattern has served me well, and best of all, my database of contacts updates itself with the latest contact information automatically.

What conclusion did I reach?  Should I fear being "guilty by association" online? Should I encourage others to stop using these social networking tools?  I've decided to march on - with a few minor modifications.

Why? If you're not guilty there is nothing to fear.  I think a consistent "middle of the road" approach still makes sense. As long as we don't go overboard with these tools, they can help us to become more productive, well-informed and (yes) connected.  They can even lead to new opportunities - like joining interesting online groups, speaking at conferences or writing for magazines.

Sure, we need to to keep an eye on how things evolve to protect our professional online reputation and our virtual integrity. But let's not throw the baby out with the bathwater. I say keep using social networking tools like LinkedIn, when supported by company or government policies.

Meanwhile you can ask me to connect online - but I might say no or hit that archive button.

How about you? Have any stories you can share about online "friends" or "connections" gone bad?

In a unanimous decision last week, the US Supreme Court rejected the privacy claims of an employee who was texting using employer-provided equipment.  According to the Washington Times,

"The ruling essentially maintains the status quo of allowing employers to implement policies preventing employees from using company communication equipment for personal use.

But Bart Lazar, an intellectual-property lawyer whose expertise includes privacy and security involving electronic communications, said the narrowness of the ruling leaves open scenarios in which employees could keep private communications made on company equipment."

The ruling was widely covered by both newspapers and technology magazines. Here are a few examples:

LA Times - Supreme Court rules in favor of California police chief who read employee's texts

Southern CA Public Radio - No sexting on the job!: Supreme Court upholds search of text messages at work in City of Ontario v. Quon  

Computerworld - Supreme Court ruling lets employers view worker text messages with reason

USA Today - Justices  uphold  search  of  officer's  texts

Washington Post - Supreme Court rules on employer monitoring of cellphone, computer conversations

For other similar topics and stories, you can visit the Electronic Privacy Information Center (EPIC).

So what does this Supreme Court ruling mean for government technology executives today? In my view, this ruling is very important, since it reconfirms the status quo in a unanimous decision - which is pretty unusual for the Supreme Court. This (admittedly narrow) ruling is unlikely to be overturned anytime soon. So here are a few suggestions:

1)             Go back and check your acceptable use policy. Do you specifically declare that state and/or local employees and contractors have no presumption of privacy when working on government networks (with government - issued technology)?

2)              Is the policy clearly explained and available to all employees? What training is in place?

3)             Do you use a splash screen which lists the policy as employees are logging onto the network?

In Michigan, we are currently updating many of our policies for social networking and other new online situations. However, our acceptable use policy has contained these three basic elements (listed above) since at least 2003. But while we have further to go over the next year in modifying our policies and training, it seems to me that every state and local government needs to reaffirm these basics policy elements right now.  The federal government should do the same as well.

What are your thoughts on this new ruling - which reaffirms the status quo on workplace privacy?

Imagine this:  "A motorist still at the office can use a cell phone to remotely start his car or truck, adjust the temperature, confirm the vehicle is locked, detect an intruder, check the fuel level and make sure the tires are properly inflated.

Later, if the gas tank is running low, a couple of taps on the phone's screen locates a gas station and downloads directions, so the navigation system is programmed and ready when the driver reaches the car parked blocks away."

This is the vision articulated by Delphi Holdings LLP and described in this recent Detroit News article entitled: Key fob morphs into high-tech wonder. The idea: turn that device on your key chain that unlocks your car into a conduit between your smart phone and your car.

 While Bluetooth technology is popular today, consumers want even more integration in the future - allowing internet access and exchange of data to mobile apps.

While expensive cars have similar (or even more advanced) features available now, this new technology may be made available for less expensive cars at a much lower price. 

So what does all of this have to do with government technology? Check out this article on some of the latest advances in RFID asset tracking with key fobs. Here's an excerpt: "This active key fob RFID tag which is well suited for personnel tracking and access control application, vehicle identification, or for use in applications where keys need to be tracked, such as in prisons, hospitals and government offices."

It will certainly be interesting to see how this market develops. What is not in doubt is the power of mobile devices when they interface with smart phones and more. The Bill Gates prediction a few years back, in which everything in the home and work is connected to a network which communicates with our car and more, certainly seems to be coming true.

The question that government technology professionals need to ask is not whether we will be integrating our government apps with key fobs and smart phones, but how will we do it. We need to watching these trends and not building new stovepipe solutions that will be unique islands that won't work with commercial off-the-shelf devices.

So how many government apps will we eventually connect to your personal key fob? I'm not sure yet, but I suspect we'll find our sooner rather than later.

What are your thoughts on smart key fobs?    

The National Association of State CIOs (NASCIO) Midyear Conference for 2010 was held during the last week of April in Baltimore.  The attendance was the highest ever for a NASCIO Midyear Conference, and I was impressed with the content, speakers and overall agenda. This blog briefly covers some of the highlights from my perspective.

On Tuesday afternoon, a pre-conference session on Identity Management was held. We heard updates on ongoing activities in several states, Washington DC and federal agencies, and we discussed the upcoming draft document entitled: The National Strategy for Secure Online Transactions.  If you're looking for more information on this new national strategy, here's another article on this topic. The discussion and break-out sessions were excellent. This issue is sure to be a hot topic in coming months, so stay tuned for more updates on this pivotal aspect of digital government. (I plan to spend more time blogging on this topic later this summer.)

 The Weds afternoon members-only session began with a presentation by Federal CIO Vivek Kundra.  Here's an excerpt from the NASCIO website:

"Kundra challenged the CIOs to identify two areas where states and the federal government can collaborate on addressing challenges in information technology. Federal and state government spends billions a year annually on technology. With limited resources in federal and state government to carry out critical and non-critical services, we must work together in a state-federal IT partnership to find solutions and tools to get the maximum return on investment from information technology."

After Mr. Kundra, we heard from the Director of the US CERT, Randy Vickers. Mr. Vickers, who recently moved from "Acting Director" to become the formal US CERT Director, did a very nice job of articulating the various priorities that DHS is working on right now within the National Cyber Security Division (NCSD) and within a variety of public sector and private sector committees and working groups. The importance of fusion centers, the opportunity for more state CIOs to obtain security clearances, and pilot programs on cyber security, were just a few of the topics Randy mentioned.

The opening session on Thursday morning was perhaps my favorite session. The topic was: "Perspectives from Great Leaders: Visionaries, Role Models and Innovators." The moderator was Peter Harkness, founder and publisher emeritus, Governing. The speakers were Martha Dorris, Deputy Associate Administrator, Office of Citizen Services, US General Services Administration, Phyllis Kahn, Representative, State of Minnesota and Bill Purcell, Lecturer in Public Policy and the Director of the Institute of Politics, Kennedy School of Government, Harvard University.

Here were some interesting topics/comments that were discussed by this excellent panel:

·         Leaders understand where the organization is, where they need to go, and what the gaps are. They execute and deliver results.

·         Leaders act as a "heat shield."

·         Leaders are respected - but less fear used as a technique (than in earlier generations).

·         Leaders are on point and bring everyone home safe.

·         The debt crisis is the most predictable crisis we have ever faced.

·         Great quote: "I have friends on both sides of that issue and I'm with my friends."

·         Unhelpful techniques include concepts like "year of the child." (So next year we won't care about children?)

Other great sessions included Howard Schmidt's lunchtime keynote, new developments in wireless broadband, breakout sessions on topics like cloud computing and discussions on smart strategies with tight budgets.

Overall, I found the mid-year conference to be extremely valuable. The networking with colleagues from around the country was great, and the interaction amongst the states during the working sessions provided a unique opportunity. The federal government sent several high-level executives that clearly want to partner with the states in new and exciting ways.

The upcoming elections this fall have also focused everyone's attention in several ways. CIOs are asking what can be accomplished in the next six months that will show meaningful and lasting results. Many leaders within NASCIO are predicting that we will see many new CIOs by this time next year, so a big focus in the hallways was preparing for fall transitions and for new administrations in state capitals beginning in January. Some speakers predicted that CIO influence will also continue to rise.

If you are a state IT exec and missed the conference and/or you are thinking about the rest of 2010, I urge you to attend the NASCIO Annual Conference this fall. The investment in time and resources is well worth it. In fact, I find that I always get much more out of these NASCIO events than I put in.

If you were in Baltimore, I'd love to hear your thoughts on the NASCIO 2010 Midyear Conference.   Please leave comments below.   

There's been some tough press lately for cloud computing. Recent conferences on the topic have turned more negative as very high expectations are slow to be met.

Computerworld Magazine described this rising frustration in a recent article which highlighted comments from the recent SaaScon conference. Here's a short excerpt:

"Cloud computing users are shifting their focus from what the cloud offers to what it lacks. What it offers is clear, such as the ability to rapidly scale and provision, but the list of what it's missing seems to be growing by the day....

Judging from interviews with individual attendees and comments made during panel discussions here at the SaaScon conference, it's clear that there's a need for industry agreements."

Meanwhile, Network World offered this debate entitled Cloud: Ready or Not? The two experts essentially agree that cloud computing technologies will become big business, but both points of view list near-term problems with cloud adoption.

For more on this topic, there are plenty of other articles listing the cloud computing challenges in 2010 and beyond. The National Association of State CIOs (NASCIO) is highlighting cloud computing in a breakout session at their mid-year conference in Baltimore with a session entitled Cloud Computing and State Government: What is the Forecast.  There are even some free webinars with public sector panelists, including yours truly, describing what they are currently doing in their state with cloud computing.  I also wrote this recent article on the topic: Is Cloud Computing More Secure?   

But the point of this blog is that the next steps in this critical cloud debate are occurring. The conversation is heating up on many fronts and inside many different industries - including government.

Experts say that group change requires four stages: forming, storming, norming and performing. It seems to me that technology evolution often goes through similar stages. If so, we are now in the "storming" stage, in my opinion.

What are your thoughts on cloud computing?  

iPad fever is here! On a weekend that celebrates Easter, the NCAA Final Four and record warm temperatures over half the country, everyone seems to be talking about the latest must-have, cool-tool the Apple iPad.

Just in case, you haven't seen it on TV or noticed any long lines out in front of Apple stores, the iPad has been covered by news outlets and technology magazines for several months. So if you can't beat them, join them. (Hence this blog on what it means for technology staff who need to adjust to this new normal.)

Maybe you were one of the thousands standing in line around the world to get an iPad. You've got to get your hands on this latest technology toy, which I must admit seems very attractive. Maybe you're even reading this blog right now on an iPad?

Or perhaps you're thinking: "Here we go again." Let's talk about that.

Government professionals, especially infrastructure staff, are struggling globally with truly implementing this concept of enterprise technology standards.  Yes, there are plenty of good government technical architecture examples to look at such as these websites in North Carolina or Minnesota.  But I'm referring to the problem that companies like Gartner and Unisys call the Consumerization of IT.

So here are some basic facts:

·         Technology professionals around the world decided long ago that standardization can save dollars. Consolidation and efficient use of technology is difficult if there are hundreds or thousands of different types of hardware and software all over the enterprise that needs to be supported.

·         Governments at all levels issue and follow numerous standards and policies.

·         Most governments issue contracts which standardize on the desktop and mobile technologies which employees can purchase for work.

·         Many employees want something different than what's available. New iPads may fall into this category (at least for a time).

·         Government technology staff, and especially security staff, struggle with being labeled as the disablers when they deliver the bad news to staff.  "You can't have the latest innovative technology!" (Not good.)

·         Government often lags industry in adoption of new technology. This can be either perceived or real. Making the case for new technologies such as iPads can be difficult and/or take time to build an ROI. However, private sector firms struggle with these same issues.

·         Employees often bring their personal devices to work and plug them in causing a variety of security, data synchronization  or other problems.

·         Trends like "bring your own pc to work" are slow to be adopted in governments.

What's a technology manager to do? This certainly appears to be a Win-Lose proposition, at least for now. (We're the losers either way). I've know a few people that just opened things up to whatever people wanted. While they were short-term heroes, they no longer work for those companies or government offices.

Truthfully, I don't have any easy answers for you. There seem to be so many new cool technology gadgets coming out all the time. Will we ever keep up? I honestly doubt it.

I have seen answers in some circles which ban everything in sight, but those only seem to be accepted by staff when secret clearances are involved. (If you lose your clearance in the DoD, you're out of a job.)

The other extreme is just: "Trust me or I won't tell anybody." However, I don't see that working very well in the long run either.

Computer industry answers seem to either be company-specific or not very practical. Oftentimes you hear - "just buy all my products and you'll be fine." Excuse me, please go back and read the first part again. Your product is not the one that my customers are waiting in line for at this moment.  

I'd love to hear your thoughts and experiences. How is your government dealing with all the new toys - from smart phones to iPads? Anyone wait in line over the past week at an Apple store? Plan on bringing the iPad to work? Inquiring minds want to know.

I was jogging on my treadmill when I saw the breaking news on ABC - Moscow subway bombing just occurred. It was Monday morning, March 29, and I stared at my television in disbelief. My wife walked in the room as I pointed to the TV, "That's the same metro station that we were in four weeks ago. That's just a few blocks from Red Square."

After I watched the horrible scenes, I felt the same shock that I've felt several times since 9/11/2001. Those feelings hit me when I watched the coverage of the bombs going off on the London underground and after the trains were bombed in Spain. "That could have easily been us. We were just there!"

Why Were We in Moscow?

Back last fall, I had been invited by IDC Russia to be the morning keynote speaker at their IT Security Roadshow 2010 in Moscow. They asked me to speak on cyber crime, identity theft and online trends in protecting businesses and governments globally. The audience was primarily Russian businesses, and their list of sponsors was largely the same technology companies that we are familiar with in the USA.

Still, I was initially very skeptical about going. As a former NSA employee back in the 80s and someone who still works with law enforcement agencies in Washington DC, I was nervous about their intentions and safety in the land of our former Cold War enemies.  But as I asked more and more questions of the IDC conference organizers, I became reassured. In addition, respected colleagues from agencies in Washington DC and Michigan encouraged me to go. Others even pointed to the upcoming EastWest Institute sponsored: Worldwide Cybersecurity Summit in Dallas as an example of how we need to foster new cross-border partnerships to fight the bad guys online. 

So after getting the necessary permissions and visas, my wife and I decided to turn the trip into a European vacation and wedding anniversary time away in Moscow and Rome. Our plan: three days in Moscow, followed by four days in Rome - while our in-laws watched our kids.

When we first arrived, it was a bit awkward. Our bags didn't make the connection from Germany to Russia, and we were stuck at the airport for several extra hours. Later, we almost missed our ride to the hotel since our driver was hard to find in the crowd, and he didn't speak English.

Still, we had a wonderful time sightseeing, and our Russian hosts were warm and friendly. Our college-age tour guide in Moscow spoke great English, and she took us to all the famous sites in Moscow - arriving by their Metro (subway). As we walked around the city, it was hard for me to believe that I was vacationing in Moscow in March. Our favorite tour was inside Saint Basil's Cathedral.  The food was ok. (As you'd expect, the meals were much better in Rome.)

 The IDC conference itself ran smoothly on Wednesday morning. The facility was a Holiday Inn with excellent technology and everything you expect to see at US technology events. I was amazed at their mastery of so many languages and especially near-perfect English. They had a translator who listened to my words in English and rebroadcast the speech simultaneously in Russian to those who wore iPod-like devices that they were given at the door. (Questions at the end were translated into English for me using a similar device.) I was intrigued to find out that the same translator regularly works with former United Kingdom Prime Minister Tony Blair.

At the end of my session, the questions that the audience asked were almost identical to the questions I typically receive at US events or at a conference I spoke at on vacation last year in South Africa. These were businessmen and women who were dealing with the same cyber problems, budget cuts and personnel challenges as most of us. They described their online threats and computer problems in terms which were very familiar. Their #1 security vulnerability (by at least 3 to 1 in a show of hands) was company insider threats. Yes, they were worried about their own employees' behavior.  

My only complaint (not really) from Moscow was the pictures they posted on their website after the event. (I assure you, I was not disco dancing.) Either the photographer was shooting from strange angles, or I'm much more acrobatic than I realize. You can click on the translate button at the top of the page to read the captions. (Notice how the other speakers look so reserved compared to me.)

After the event, we had a very nice lunch with the conference organizers before leaving for the airport. Their descriptions of the online challenges facing businesses in Russia made me feel as if we could have been in another large US or European city. My wife and I truly enjoyed the experience. We returned home safely to Michigan, eight days after we left. I didn't plan to be writing a blog describing the trip - until the bombs went off last Monday.

 So what's my point? We live in a small world that knows no borders when it comes to crime. As IT professionals, we understand the fact that the Internet is global, and we can be attacked from anywhere on the planet at any time of day or night. We discuss threats we face from Russia, Nigeria, South Africa and everywhere else, but there are potential partners in those countries that want to help in the fight against malware and online crime.

 Indeed, several of the professionals I spoke with at the conference fear cyber attacks from the USA and China. That's all the more reason for us to work together, when it makes practical sense, with their criminal justice organizations and other "good guys" to stop the cyber criminals in every culture.

Don't get me wrong. I'm a loyal, flag-waving American who loves baseball, hotdogs, apple pie and Fords. My family enjoys living in Michigan, and I have minimal desire to move to Russia or South Africa. (However, they were both wonderful places to visit on vacation.) Nor did my slide deck or side conversations break any new ground regarding cutting-edge cyberspace protections, identity theft or malware sources overseas.

I also realize that I don't know these people very well. Just as in the USA, I would need to build more trust with specific individuals and organizations before collaborating on complex projects. It's true that there may have even been some bad apples in the room while I was speaking.

New Partnership Opportunities

Still, I sense a common cause amongst technology professionals around the world who want to fight cyber crime together on a global basis.  I don't think I'm naïve in wanting to partner where it makes pragmatic sense. Yes, I realize that our countries have different interests in many economic, political and military areas. We don't agree on a long list of items.

And yet, we're all fighting terrorists (in both cyberspace and our physical world). In fact, New York, Washington DC, Atlanta and other global cities tightened subway security after the bombs went off in Moscow. We need to fight all forms of crime together. We need to build global partners, and many US technology companies have offices in world-wide cities including Moscow.

 I made several new professional contacts and even "online friends" in Europe. More than that, the bombs going off in the Moscow Metro (killing dozens of innocent people) made me think even deeper about this question: who are our 21^st century enemies?  

Right now, I'm feeling Moscow's pain. I'm praying for their people. That could have been me in the news.   

I'd love to hear your thoughts on this topic - feel free to leave comment below.

 In my twenty-five years as a security and technology professional, I have never seen so many hot headlines around technology issues. Whether you are reading the papers, watching TV or surfing the web, the tech headlines are almost rivaling March Madness and the Health Care stories. Let's jump right in:

Google Pulls Out of China:  Of course, this is the hottest story out there right now, with daily updates. The stakes are high on so many fronts, and all aspects of this story are being reported by many sources. Here are a few perspectives: 

ComputerWorld articles and blogs ranged from announcing that Google stopped censoring in China to asking questions like: Does Google really need to be 'in' China at all.

Newsweek described the situation as An Unstoppable Force Meeting an Immoveable Object.

Here's an excerpt:  "Google's bottom line won't be greatly harmed in the short term, as only an estimated 1 to 2 percent of the company's revenues currently come from China. But if Google departs China for good, the losses are incalculable. With 400 million Web users and climbing, China is far from a fully tapped market. Baidu, Google's biggest Chinese rival, today has roughly 65 percent market share, and will now lengthen its lead even more."

The Washington Post focused early on the Google users who worried that they might lose an engine of progress.  However, some reported that the Chinese Internet users would not care much.  

Others are speculating on what comes next, which will likely be a pattern for many months to come.

Changing subjects, many people are talking about a CIO.com article which declares that we'll all be working for tech vendors one day (soon).  While this is another take on outsourcing and the commoditization of IT, the topic is not new. (I said something similar over 18 months ago in an article on cloud computing.)  And yet, it seems to be popular right now, so I encourage you to read the article.

Lastly, the Wall Street Journal is reporting that the U.S. Aims to Bolster Overseas Fight Against Cybercrime (WSJ). Here's the first paragraph:

The alleged Chinese cyber attacks on Google have spurred proposals at the State Department and on Capitol Hill to establish an ambassador-level cybersecurity post and to tie foreign aid to a country's ability to police cybercrime.

 Why cover three topics quickly like this? Mainly to give you a view into what I read over the past few days, but also to show how the world is a-changing - and technology is at the center.

What are your thoughts on these headlines?  

 What's all the Buzz about? No, I'm not referring to the Olympics, an uptick in the economy or even springtime bees. Google has a new social network service called Buzz. What makes this a bit different is the linkage with Gmail and other Google products. The Internet is full of analysis of Buzz -v- Facebook, so I won't go there.

 I haven't tried the product yet, although I have seen it pop up within my personal Gmail account. In fact, I wasn't even going to blog about this topic, until some interesting developments around privacy emerged last week. My view is that state and local IT officials can learn from this rollout.

  To get an initial sense of the issues, read this USA Today article. Here's an excerpt:

"Buzz lets Gmail subscribers create profiles, like Facebook, and send Internet-wide blog postings, like Twitter. One issue of concern is a feature called "auto follow" that automatically sets up people you e-mail and chat with the most as followers of your Buzz postings."

The central questions revolve around "opt-in" versus "opt-out" features. That is, what happens automatically? Does everyone who has a Gmail account instantly start getting Buzz updates on their friend's lives? For users who may mix work and family contacts, will they start seeing pictures of work colleagues on vacation?

 More than that, what becomes searchable online? I am not taking any sides on these questions, only pointing out the potential good and not so good potential outcomes.  

 So why should state and local technology professionals care? Besides the implications on personal accounts, I think this trend has several implications for us. Here are a few things to consider:

1) Several governments have implemented (or are considering) Google's email and other office applications. How will Buzz fit into that strategy (on not)? This could be a good thing or a problem.

2) For all of us, social networking continues to grow. There are still those who have policies that say "ban social networks" like MySpace and Facebook at the office.  This is not going to last in the long run. We need to manage the situation both now and in the future with policies and enforcement. Practically speaking, some may be blocking Facebook but allowing personal Gmail accounts. That distinction just got more blurry. Check those filters.

3)  Examine the privacy implications for using this Buzz service at home and work. What are your settings? Should sharing certain information be turned off?

4) Lastly (for now), we can learn from the reaction of Google in rolling out Buzz. As we roll out Intranet and Internet portals, internal social networking sites, or other apps, we need to make sure that we understand how these apps link together (or not) from an "opt-in" perspective. Don't assume that users will like all of these automatic connections. While some people will certainly benefit and like the additional functionality, we need to address the cultural issues surrounding perceived (and real) privacy and security changes.

 Meanwhile, I'm going to get my hands dirty find out what all the Buzz is about (for myself).  

 This is not your grandfather's winter games. Every Olympic city makes major investments in technology, security and infrastructure in the 21st Century, and the Vancouver Winter Games are no exception.  The Olympic Cauldron will be lit on February 12, 2010. And yet, the hard work began immediately after Canada was selected to host the 2010 Winter Olympics back in 2004.

Want some examples?

1)      Technology companies are certainly talking about their unique role in these Games.  Green technology is a central element. Check out this Canadian website on technology related to the Olympics.

2)      Stopping terrorism is essential. One article back in 2005 estimated that the security budget would be about $177 million with a 50-50 split between the federal and provincial governments, but USA Today called actual security spending to be closer to $1 billion. More than 1000 security cameras are in place for the Winter Olympics.

3)      Infrastructure development has been important. There are plenty of stories online about the people behind the scenes who make the Olympic Games happen. There are also stories about the technology being used. If you look hard enough, you'll find just about every big IT company is involved in some way. One example is Sun, but AT&T and others are right there as well.

4)      The economic development aspects and wider role of the Olympics can be seen in YouTube videos like this one.

5)      The role of the city mayors and Vancouver Government overall has been a huge part of this story.

Bottom line, this is big business. Just like the involvement of the South African Government in preparing for the 2010 World Cup in June, the Vancouver Olympic Games required an incredible investment in everything that we do in government technology every day. The difference is the scale, and the number of people watching.

So when you watch that beautiful opening or closing ceremony, when the US Hockey Team is skating to victory or those international downhill skiers fly past your TV screen, remember the technology and security infrastructure that made it all possible.   

Let the games begin...

Now that Oracle's acquisition of Sun has been approved by the European Commission, what's next? That is, what does this merger mean for government technology leaders around the country?

Some readers may be thinking that this is old news, but this major deal has been on hold since April 2009 due to competition concerns.  The merger now looks certain to go through in the next few months or sooner.  

This is a very important announcement for the technology industry since:

"Oracle chief executive Larry Ellison said in September that the delay was breeding customer uncertainty, causing Sun to lose $100 million a month as companies held off purchases. The panel had threatened to block the deal due to fears that Oracle might be able to eliminate MySQL as a competitor."

Going back to the analysis of the announcement last year, Oracle was deemed to be getting a bargain for $7.4 Billion. Experts reported that Oracle, "Ends up acquiring MySQL, the upstart database that has been viewed as Oracle's Achilles' heel." Now we know that Oracle will not only keep MySQL, but they will boost investment in MySQL's open-source licensing platform.

Om Malik, from gigaom.com, wrote this on the merger after to speaking to "inside" sources:

• "The deal could mean trouble for Sybase, which has a lot of customers on Solaris.
• It could prove challenging for non-database users of Solaris, for it's not clear how Oracle will treat Solaris.
• It's good news for Java, as two major corporate giants will be supporting it and will be forced to play nice with each other.
• Oracle will keep MySQL going mostly because it can act as a funnel for further business opportunities."

 Mr. Malik goes on to quote Miko Matsumura, VP and deputy CTO at Software AG, who had a contrarian take on the merger. He predicts it will be a disaster, with thousands of layoffs.

The Linux Journal posed an open-ended question to readers about the acquisition, and here's what they said about what's next back in April 2009.

Fast-forward back to today, and ask the same question. What are we likely to see as the 2010 progresses? Check out this internal Sun memo from their CEO that was obtained by CNET.com. The theme:  Beat IBM, which comes from the first letter from the first seven paragraphs.

Meanwhile, Oracle announced their plans for Sun last month, and here's a bit of what zdnet.com  reported:

"Ellison also gave some insight to his Sun strategy. In a nutshell, he's staying out of the high-volume, low margin game that IBM and HP play. Simply put, Ellison is taking Sun upmarket with hardware-software devices like the Exadata database machine. Exadata has been a hit, said Oracle executives, who noted that orders have tripled sequentially and the biggest problem right now is manufacturing enough systems.

The future of Sun will rest with high-value systems, said Ellison, who added the computer industry is focused on selling components instead of complete packages."

No doubt, these are interesting times. I can't help but think back to my earliest memories of Sun. I remember buying and playing with a Sun Sparcstation 1 when I was at NSA in the late 1980s.  Over the next decade, we configured hundreds of Sun boxes.

Now, as the Sun CEO stated to his employees:  "Sun is a brand, Oracle is your company."

I've never worked at Sun, but along with thousands of employees, I'll have a hard time getting used to that distinction.

What are your thoughts on this merger?

The world-wide media was full of stories this week regarding the Google situation in China. Articles ranged from the Global Implications of Google's Stand to a new perspective on Global Net Intrigue. There is no denying that this is a potential Internet game-changer in many ways that go way beyond just security and hacking challenges we all face over the next decade.

 But I"d like to point out a few related issues that may not be immediately evident. For example, what implications might this announcement have for cloud computing and/or Offshore Outsourcing?

I found it very interesting that Google immediately defended cloud computing after the attacks. This defense seemed almost too quick. Check out this quote:

 "(Google Chief Legal Officer David) Drummond said the attack on Google's corporate infrastructure resulted in the theft of intellectual property from Google, though he declined to specify what the hackers stole. 
  

However, he also said the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routinely accessed by third parties. Drummond stressed that these accounts were compromised through phishing scams or malware, not through holes in Google's computing infrastructure. This is a key point.

Google's hosts data from search, Gmail and other collaboration programs that comprise Google Apps for millions of consumers on thousands of servers in data centers all over the world as part of a cloud computing model. When a Google user triggers a request from his or her computer, it speeds to these servers, looking for a response."

 The article goes on to quote Drummand as he defended the Google security controls as well as cloud computing as a whole. And yet, it seems to me that his answers may be too narrow. A wider question remains around the laws, practices and policies of global governments.

 That is, what if a law in another country changes or conflict with a cloud company's policies and procedures. Or, what if laws are not enforced or followed? Might a major investment be lost? What legal recourse will a company or local or state government have if a nation state decides to not play by their own rules?

It seems to me that this China situation has huge implications for cloud computing globally and locally for states. Put in another way, how does the legal framework of a country impact cloud computing?

 I heard a lecture once by a defense expert who said something to the effect that intentions can change overnight, but capabilities take many years to deploy. He was speaking about aircraft carriers and tanks, but I think that same quote applies to cloud infrastructure overseas - as we have just witnessed in China.

What are your thoughts on this topic? 

The Federal Communications Commission (FCC) Chairman Julius Genachowski has asked congressional leaders for more time to deliver the much anticipated National Broadband Plan, now due Feb. 17. According to Government Computer News (GCN), Genachowski said that,"this extension will not affect the FCC's budget for the National Broadband Plan, which was mandated as part of the National Recovery Act, and asked that it be accepted March 17."

 This entire process, which was kicked off last April, has taken much longer than orginally anticipated. The plan is an important driver for the nation's economic recovery. State and local governments have been very engaged in this broadband planning process, and many state planners are waiting eagerly for the final plan which will provide more guidance. Here's another excerpt from the GCN article:

"The goals are to ensure access to broadband capability for all Americans, provide a detailed strategy for affordability and adoption of broadband and to maximize utilization of broadband and craft a strategy for using broadband to achieve national purposes. Under the plan, grants will be provided by the Agriculture Department's Rural Utilities Service and the Commerce Department's National Telecommunications and Information Administration." 

 The commission invited broad public participation in developing the plan, and this summer launched a blog called Blogband, to chronicle development of the plan and invite comment. It also launched a Twitter channel to report progress on the National Broadband Plan." 

 State and local governments have been eagerly waiting to find out who will receive grants in their state. State-specific plans will depend upon national decisions.

Meanwhile, in a related development, the Federal Trade Commission (FTC) has announced that they are examining cloud computing's privacy and security implications for consumers. The FTC wants its findings to be considered as the FCC formulates the National Broadband Plan.

Information Week ran a story on this topic, and here is an interesting quote:

"[T]he ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," wrote FTC attorney David C. Vladeck in a letter to FCC Secretary Marlene H. Dortch. 

One interesting note: the timing of the upcoming FTC roundtable discussions on the implications of cloud security and privacy, the last of which is scheduled for March 17, does not work with the February release schedule for the National Broadband Plan. So what does this mean?

 I agree with Thomas Claburn of Information Week that, "The letter appears to be a reminder to the FCC, as it comes up with a broadband framework for the U.S., to save a place at the table for the FTC."

What are your thoughts on the National Broadband Plan and/or your views on how the plan relates to cloud computing?    

What's around the corner for 2010? What new invention will be the next iPhone, iPod or blackberry? Are there any hot tech topics that CTOs need to be considering for their infrastructure budgets? Just as important for technology professionals, what Christmas presents might be showing up at a government office near you?

Over the holidays I was reading about upcoming innovations and technology predictions for the new year and beyond. Along the way, I came across a new term called "vooks."

 I thought to myself: What's a vook? So I googled it and typed, "articles on vooks."  Google came back with: "Did you mean: articles on books?" My Microsoft Word program didn't do much better - putting a red line under the word and offering suggestions like "look, took and cook."

My daughter thought vooks might be creatures from outerspace or aliens in the movie Avatar - which she reminded me that we need to see soon.

But a vook is a hybrid between a video and a book. Scrolling down further from my Google search, you will come across these somewhat recent articles:

Curling Up with Hybrid Books, Videos Included (excerpt from New York Times)

"... In the age of the iPhone, Kindle and YouTube, the notion of the book is becoming increasingly elastic as publishers mash together text, video and Web features in a scramble to keep readers interested in an archaic form of entertainment."

Vook Publishes Sherlock Holmes Classics and Offers Hundreds of Thousands of Copies to Schools and Libraries in the United States and United Kingdom (excerpt from www.earthtimes.org )

"The Sherlock Holmes Experience vook is a revolutionary new way to read the exploits of Arthur Conan Doyle's legendary character, Sherlock Holmes. The vook enhances these timeless stories with videos that delve into the history and legend surrounding Holmes. The videos annotate the text, giving readers a better picture of the times and the ability to pick out details and historical facts that help readers further immerse themselves in the mysteries. Additionally, key terms are hyperlinked throughout the vook to let readers explore sites on the Web related to the plot without having to lose their place in the story. The vook will be available as an application on the iPhone and the browser-based Vook Reader."

What is a Vook and will it change how you read? (Excerpt from Entertainment Weekly)

"Is this the first hole in the dam for our traditional definition of what books are? Can a single medium continue to exist alone in this increasingly multimedia world, or will reading inevitably end up looking less like Gutenberg and more like Google?"

Where does a vook come from? Well, from vook.com, of course. Vook is also a company started in 2008.  (No, I have no financial interest or any other relationship with them.) Their front pages announces: "Make a new you in 2010." 

OK, so why is a government CTO writing about vooks in an infrastructure blog? Great question. A few things (and trends) to consider:

1) One complaint that I hear from our customers is that we are not thinking about their apps, the future, what's next, and building infrastructure to support it. We're too worried (and busy) solving current issues and not looking at strategic directions for government.    

2) Here's another great example of the new media world we live in where video, the Internet, text and just about everything end users do with technology, are merging together. Yes, we've seen similar things before with mashups - but vooks, or some variation thereof, may become a new killer app for select customers.

3) Think about future training opportunities at work and possibilities for K-12 and higher education.

4) More directly, this technology has major implications for network connectivity for governments, Internet access speeds, and more. I know many state and local governments that block all video, and that strategy will only work for so long.

5) As an author, I'm interested in books, new forms of writing, interpersonal communication and this cool, trendy topic. 

Bottom line - Watch out, the vooks are coming!     

One more thing - when I told my wife Priscilla about this new term "vook" she sighed. "Where have all the book lovers gone?"   She's not the only one asking that question.

 As we approach a new decade in 2010, my mind instinctively goes back in time and scans the past decade.

 My thoughts easily jump back to ten years ago as we prepared for Y2K and the new millennium. I recall the fear and excitement as we watched the local, national and international news on New Year's Eve to see if computer programs would crash and send the world into chaos. Our government technology teams spent over three years preparing for that night, and I remember the relief when all went well.

 Events seemed to seesaw back and forth over the past ten years. After Y2K came the contested Presidential election of 2000 - with "hanging chads" and plenty of resulting technological challenges.

 Next came 9/11/01. Who can forget where they were on 911? I was in the Romney building in downtown Lansing, Michigan. Our team was building the first Michigan.gov portal, which would bring together state websites in new ways and provide one face of government to citizens. I was shocked as I watched the second plane hit the World Trade Center on live TV.

But these events are more than just sad memories or interesting History Channel topics. These true stories helped to shape who we are in government today. After September 11^th, government priorities changed. The Department of Homeland Security was established in Washington DC. I went back to focusing on computer security at work.     

Meanwhile the Internet was taking off. Everyone was going online as never before. Families installed wireless networks in homes, MySpace and then Facebook became huge, and Google became a verb. Check out these fascinating statistics from CNET on average web usage growth over the past fifteen years.  

Along with the good came the bad. The increase in cyber crime and identity theft started attracting attention. The growth in malware became exponential.  

In my opinion, the growth of Internet use is the most important technology story of the decade.  Yes, there are many sub-trends, such as the Apple iPod, blackberries, and more. But the Internet is changing so many aspects of society. Taking a peek into the future, I suspect virtual worlds and avatars are going to continue that trend into the next decade.

I could go on and on regarding events this decade. The historic election of Barack Obama, our "great recession" and the many events of 2009 will certainly be remembered decades from now.  New pushes towards infrastructure projects such as rural broadband, health IT and cloud computing are certainly changing government now and will shape our future.     

But my point in this blog is to encourage you to look back as you look forward.  Aristotle said, "If you would understand anything, observe its beginning and its development."

So I encourage you to take a few minutes and visit the "Wayback Machine" online. This Internet archive will take you back to what various websites looked like on different days. Scroll down and look at the coverage of various significant events.   

 This has been a remarkable first decade of the 21^st century.  What new technology has made the biggest impact to government in your opinion?  

Wireless Local Area Networks (LANs) have been around for years, but how can state and local governments manage wireless networks efficiently and effectively from an enterprise perspective? Assuming continued technology changes with budget challenges, what governance strategies can help balance security requirements while ensuring adoption and ease of use?  

Rhea Linn, who is our wireless LAN project manager for the Michigan Department of Information Technology's Office of Telecommunication, wrote an excellent article on this topic for State Tech Magazine. The article is offered as a best practice for wireless security and safeguarding wireless LANs.

Here is a brief excerpt:

"Our improved solution has helped us to achieve the following:

·         Improved wireless security that matches or exceeds our wired standards;

·         Enterprise standards and service capability;

·         WAN/wireless integration that allows us to provide a WLAN for wide area customers;

·         Integrated wireline and wireless policies and practices that provide a seamless logon experience; and

·         Affordable, cost-effective service.

So far, 16 state offices throughout Michigan have WLAN services -- 13 in the Lansing Metropolitan Area Network, where the largest number of state employees are concentrated. We also have wide area WLAN implementation in three counties, and APs are installed and awaiting a security decision in five other counties."

Rhea goes on to describe such topics as the specific technology we used, the guest access process for visitors, the policies required and governance involved. You can read more details about this project by downloading this PDF from the National Association of State CIO's (NASCIOs) award web site.   

A few observations:

1)      Getting the right balance for any infrastructure project between security and ease of use is usually difficult, and wireless networks are not an exception. Speaking from personal experience, there are almost always different perspectives from the networking staff and the security staff - even if they are in the same organization. The battles can get difficult and even nasty at times.

Back in 2004 when I was Michigan's CISO, I was even in the "no wireless" in government camp. I quoted many experts from the National Security Agency (NSA) and other three letter agencies who said that wireless networks were simply not able to be protected. My boss at the time was Teri Takai, now California's CIO. She challenged us to deploy "secure wireless" following private sector advice from companies like Dow Chemical or the Big Three automakers.   

Teri was right. With fast food restaurants and millions of other now offering free wireless access, governments needed to offer workable solutions to our clients and visitors.

I give Rhea and the others who worked on this wireless LAN project credit, because they stuck with it and had the perseverance to get the project working and widely deployed. I have spoken with many people from governments around the country that gave up on secure wireless projects out of frustration.

2)      Effective governance and a good billing model are essential. I like Rhea's list of lessons learned. She is so right on each of her points regarding policy, processes and technology. We tested, and tested, and tested. We modified our approach several times. Wireless LAN service offerings require constant tweaking.

3)      Finally, you need the right staff to get the job done. Proper execution of a good plan should not be assumed. Many things can set a technology team off track. I am thankful for Rhea, the others in MDIT Telecom who worked on this important effort, other infrastructure staff who helped and our Office of Enterprise Security (OES) staff. While the battles got bruising at times, the proof is in the pudding, and the end product works well.  

What are your thoughts or questions on implementing wireless LANs in governments?

 Are deeper budget cuts coming for struggling state and local governments? After a year filled with tough news regarding furlough days and more belt tightening, technology executives across the nation are pondering that question. Even as good news was announced yesterday regarding the unemployment rate falling to 10% in November, the holiday season remains focused on plans for 2010.

Stateline.org ran an article entitled: After furloughs, states mull permanent cuts. Here's an excerpt:

"Moving from furloughs of state employees to more permanent downsizing, states are girding for the deepest workforce cuts yet when they hammer out their fiscal 2011 budgets next year. In preparation, many are taking stock of every position in state government to determine what effect job cuts and the possible elimination of whole departments will have on revenues, expenses and the quality of government services."

The report goes on to list state by state cuts already implemented in 2009 (fiscal year 2010).

We all know that tax revenues lag economic recovery, so how long will the budget cutting last? Some are predicting that state revenues will be down for several more years, leading to significant changes ahead for government IT departments. Cutting corners will no longer do. We need to be transforming state technology workforces.

 What is Michigan doing? One activity has been offsite scenario planning - based on various budget levels and assumptions. The February 2010 issue of Public CIO Magazine will have an article by me that describes this activity in detail.

So what are you doing in your state or local government regarding budget cuts and/or resource allocation? How are you setting technology priorities and determining core business functions and services in these tough times? I'd love to hear some stories that you can share.

 Technology directors around the nation were watching the weekend news very closely for events regarding online sales on Black Friday (the day after Thanksgiving). No, I'm not referring to economic activity or potential impact on our nation's economy. After the troubles experienced by Walmart and others in 2008, many stores offered more doorbuster deals online.  

 The initial news was mixed, but bad for some portals. Here are a few related stories:

On Black Friday Leading Retail Web Sites Slow Way Down, Reports Keynote Systems

Staples Down on Black Friday

Yes, it's been a rough weekend for some of the leading retail web portals, and public sector infrastructure professionals, as well as other technology staff, should pay close attention. This issue absolutely impacts everyone who uses the Internet, whether in the public or private sector.

 Beyond up or down status and overall slowness for major websites, more serious issues surfaced for some. Here's a comment regarding Staples online portal (from the article above).

"AJ says:

I ordered one of the BF $399 HP laptop from their website this morning. I got through checkout, completed the transaction (the credit card was processed), got an order # showing the HP laptop, and 3.5 hours later I got an Email saying that my order was canceled because they were out of stock.

Thank you for choosing Staples. We apologize for the inconvenience but the following product you were trying to order is sold out.

832349 HP DV6-1334US LAPTOP

This was part of our Thanksgiving Holiday 2009 Early Bird Specials and is subject to the following conditions:
* While Supplies Last.
* Unable to Back Order, as this product will not be re-stocked.
* Unable to provide comparable product at special pricing." 

 This same exact problem happened to me at the Staples website on Friday morning when I was ordering a product.

Why is this so significant? Because they actually took orders during the "doorbuster" hours, and they were unable to fulfill those orders - despite taking credit cards and sending confirmation emails. Customers who called with questions faced a long wait at call center help lines.

 In "geek speak," they were taking order via batch processing without the real-time processing of those orders based upon inventory. Customers assumed that the laptop deals were being processed and shipped, only to receive disappointing emails later in the afternoon. Clearly, their infrastructure or end-to-end process couldn't handle the load.

 The lessons here are numerous. I am sure that web "experts" tested these portal sites and associated software many times prior to Black Friday, and yet they failed. These errors will cost retailers significant dollars as well as hurt customer trust.

 The closest thing to Black Friday in the public sector may be tax day on April 15. When I was the senior technology executive for the initial www.Michigan.gov launch back in 2001, we faced huge surges in web usuage on tax day.

 And now, retailors (and government networks) face Cyber Monday. I expect that "door buster" deals will continue to create problems for web portals, as long as deals are limited by time or number of available items. Public sector technology officials need to take note as they offer online services.

What are your thoughts on this topic? Any Black Friday stories to share?         

The National Association of State CIOs (NASCIO) has again polled state CIOs to determine what's hot and what's not as we head into 2010. Here's my take on their survey results.

 Government Technology Magazine summarized the results into two categories. The top three in each category are: 

A. Priority Strategies, Management Processes and Solutions 

1. Budget and cost control: managing budget reduction, strategies for savings, reducing or avoiding costs, activity-based costing
2. Consolidation: centralizing, consolidating services, operations, resources, infrastructure, data centers
3. Shared services: business models, sharing resources, services, infrastructure, independent of organizational structure

B. Priority Technologies, Applications and Tools

1. Virtualization (storage, computing, data center, servers, applications)
2. Networking, voice and data communications, unified communications 
3. Document/content/records/e-mail management (repository, archiving, digital preservation) 

 I am not surprised by budget issues leading the list. That almost goes without saying during these difficult economic times. Consolidation and shared services are also pretty obvious choices, with the cost control and efficiency being the major themes for CIOs right now. We need to work together to do more more with less, and partnering with others can certainly help. 

What surprises me most from the "A" list is that security dropped to #6. Expect that to change next year. I fully expect security to rise back to the top three as Web 2.0 and cloud computing strategies try to battle with the inevitable threats that will surface from cost cutting.

The other surprise from list A is that infrastructure was #8. If you look at the top items on list B, they are infrastructure items like virtualization and networking. I can't quite figure that one out. List B also shows a drop for identity management from 2009, which will eventually need to be addressed in building more end-to-end trust and for moving forward with ambitious cloud computing plans.

The overall trend is "follow the money." Federal stimulus dollars are raising items like broadband to a new level of importance. Governments across the nation are looking at grant opportunities as well as making the most out of investments that they have already made.

In summary, I have a hard time arguing with any of the items on either list, based upon our economic realities. Michigan's list is similar, with a few exceptions like consolidation - which we've already tackled.

What are your thoughts? Do these priorities match your plans for 2010?

Lockheed Martin and thirteen other leading technology providers announced the formation of a new cyber security technology alliance yesterday. The announcement took place in Gaithersburg, Maryland. The event coincided with the opening of the new Lockheed Martin NexGen Cyber Innovation and Technology Center. 

According to Government Computer News, "the new NexGen facility will be able to tap into the defense center's data feeds, or simulate government agency computing environments, and test various approaches to mitigate cyberattacks.... The new center also features dedicated distributed cloud computing and virtualization capabilities. Those capabilities would permit an agency to simulate a network under attack and test various responses. For instance, analysts could replicate an operating network and freeze it on a second virtual location, in order to study the nature of the attack, while still supporting the primary network."

 The companies participating in the Cyber Security Alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC Corp. and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware. 

According to the Lockheed Martin press release, this new center will help our nation deal with 21st century technology infrastructure challenges. "We face significant known and unknown threats to our critical infrastructure," said Charles Croom, Vice President, Cyber Security Solutions, Lockheed Martin Information Systems & Global Services. "We not only need solid defenses but also the right technologies to predict and prevent future threats. Innovation and collaboration are key to ensuring mission resilience and securing cyberspace."

 Why do I highlight this announcement? I believe that these types of technology alliances are essential to address our growing threats in cyberspace. The "bad guys" continue to get better, and state and local governments have few if any dollars to invest in testing and research to properly secure new virtualization and cloud computing security challenges. Governments need the private sector to step up and offer these types of testbeds.

 As we move forward, issues around identity management, end-to-end trust and cloud security will need to be tested in complex scenarios that state and local government networks will simply not be able to simulate properly. This alliance is a great step towards offering integrated solutions that governments can buy off the shelf.

What are your thoughts?

 The National Association of State Chief Information Officers (NASCIO) released their list of best practices at their annual conference in Austin, Texas last week. I think the entire list of submissions deserves more attention by federal, state and local technology pros. The list of best practice recipients, as well as the other finalists in each category, can be found at the NASCIO award web site.  

 In my opinion, the list of thirty top submissions (three in each of the ten categories) should become required reading for government technology professionals nationwide. No, I'm not talking about the summaries, but the full (six page) write-ups. These projects offer the right mix of people, process and technology innovation which is essential to program success.

 From enhanced drivers licenses to electronic disease surveillance systems to state portal widgets, the business return on investments are impressive. As I read these documents, I can't help being impressed by both the creativity and effectiveness of these IT teams. I urge you to take the time and at least look at the list and pass the write-ups along to the right staff within your organization.

What are your thoughts on these state best practices?

The University of Michigan released a report today rating and ranking 104 federal government websites in terms of how well the satisfy citizens. The report is the well-known quarterly American Customer Satisfaction Index (ACSI) E-Government Index. Each of the 104 websites is given a score on the Index's 100-point scale.

The report shows that satisfaction with e-gov is at an all-time high, had the greatest quarter-over-quarter increase since the study was founded 6 years ago, and that many individual government websites are outperforming private sector stalwarts like Amazon and Google in terms of customer satisfaction.

 "The increase in e-government satisfaction also brings government more into pace with the private sector. While the e-government aggregate (75.2) still significantly trails private sector industries like portals and search engines (83) and e-retail (82), e-gov outperforms the online news and information industry aggregate (74), online brokerage and investment (74), and just edges out the online travel industry (75)."

 The top score of 91 went to the Social Security Adminstration's (SSA's) retirement estimator. You can get to that website by going to www.ssa.gov/estimator

To download a free copy of the full report, please visit www.ForeSeeResults.com. To follow discussion about the report on Twitter, please visit #ACSI.

 What's the best strategy regarding upgrades to your desktop and netbook operating systems? Should governments move to Windows 7, Linux or wait for Google's new Chrome OS?

 Everyone is talking about Microsoft's recent launch of Windows 7. In describing the benefits of their new operating system, Microsoft CEO Steve Ballmer called Windows 7 "simpler, faster and more responsive" than Vista. Annoying prompts and frequent pop-ups have now been eliminated, and Windows 7 offers better security and fewer resources - actually running smoothly with less memory. Windows 7 can sleep and wake up faster, and if you are still running XP, the overall improvements that you experience will be even more significant. 

Analysis from around the world has been generally positive, with global experts proclaiming that Windows 7 is like Vista but good. Here's an interesting quote from the United Kingdom:

"All round, then, Windows 7 is generally good, and some Windows fans reckon it's better than Apple's Mac OS X. It's certainly easier to use than Mac OS X if you are already familiar with the Windows way of doing things. Also, Windows 7 - released to companies on August 6 - has so far proved to be a lot less buggy than Apple's Snow Leopard, which has even lost users' data....

Windows 7 is simply the best version of Windows you can get."   

 So what's a government technology manager to do at this point? Are you planning to upgrade?    USA Today's Byron Acohido writes that Despite Windows 7, Linux raps harder at company doors .

"IBM, whose Lotus Symphony programs work well on Linux, for years has pushed to get companies to dump Windows for Linux. More recently, Google has promoted Google Docs, a Microsoft Office-like suite of programs delivered over the Web. And Google's Android smartphone uses Linux technology....

Still, of the 655 information technology buyers recently surveyed by Forrester, 66% said they expect to move to Windows 7 computers. 'Users have historically voted for Windows above Linux," says Charles Smulders, tech industry analyst at Gartner.'"Information Week ran an article saying that Uncle Sam Mulls the Move to Windows 7, but despite the fact that many government agencies participated in the Windows 7 beta, the public sector is expected to trail the private sector in early adoption.

"Of federal IT managers with plans to move to Windows 7, 60% plan to make the move in six months or more.... Among the factors influencing Windows 7 adoption by federal agencies are the time required for management approvals and any related IT upgrades. According to Dell, 60% of federal agencies with Windows 7 migration plans will make the move as part of their normal PC and laptop refresh cycle...."

  The article goes on to describe current Microsoft deals. "Microsoft is ramping up its Windows 7 push in the public sector. It's offering 15% discounts on Windows 7 professional edition for small government customers, will host a Windows 7 and Windows Server 2008 R2 virtual event on Nov. 10, and is preparing a Windows 7 e-book for government customers."

  In Michigan, we are one of the governments still using XP desktops and laptops. Like many others, we have very few users of Vista. We have traditionally waited for service pack one to be released and/or to migrated to a new OS as a part of the PC and laptop refresh cycle. We have not made a decision regarding Windows 7 at this time. 

However, I do use Vista on my home (family-owned) desktop PCs and laptops. (With a family of six, we have two desktops and two laptops. One of my daughters also wants a new laptop for Christmas.) I plan to migrate one of our home laptops to Windows 7 to check it out. I'll let you know my thoughts over the holidays. 

So what are your thoughts and/or plans regarding on Windows 7?     

 It was Saturday morning, October 3, 2009, and I was trying to log into my gmail (Google mail) account about 7:45 AM (EST). After typing in the URL and hitting return, nothing happened. The screen froze. I tried Google search, and I got the same thing. What's going on? 

   I quickly tried Microsoft's Bing search, no problems. I also visited USAToday, the Detroit News, our State of Michigan portal and others. They all worked - and they were fast. I thought: "No, the Internet is not down and my home wireless network is working fine." 

   Over the next twenty minutes, I ran some more searches (using Bing) to try and trouble-shoot the problem from my end. I searched on "Is Google Down?"

  There were plenty of stories about how Google has gone down many times over the past couple of years. Here are some of the stories I read. Last year, eWeek ran this story. Later, ComputerWorld described a February 2009 outage, as well as another one in May 2009.

   More recently, Google apologized for September 2009 gmail outages.  Blogs popped up all over the place with Google analysis and even Google said the outages were a big deal. Some are now asking what these outages mean for cloud services.

 But none of these told me anything about my current situation. I searched some more...

I typed: "Is there a Google outage on October 3, 2009?" I couldn't find anything initially. I went back to Google by 9:05 AM, and everything worked. A few minutes later, I found that I was not alone. Check out this post: Google search is Down, Adsense, GMail...  This post said that everything was up by 5:18 AM, but I'm not sure what time zone this person was in.

The Google App Status Dashboard  listed no status for for 10/3/09 (as of 9:45 AM), so I don't know what their official stance is yet for this outage. However, there is no doubt that these outages are starting to rattle users. 

 I'm not sure where this is heading. It could become a serious PR issue for Google, if they don't get this outage situation fixed quickly. Can we rely on Google apps at work? It may also be a serious issue for their cloud services, if they can't provide uptime.

 Don't get me wrong. I am a Google-fan. Their service is free at home and very good overall - in my opinion. I use more of their apps all the time. I've viewed Google as unbeatable - like the old UCLA basketball team that won 88 games in a row over four seasons. The question is whether they are getting too big and can keep the winning-ways going.

Perhaps the expectations are too high for Google? I'm no longer so sure that they will dominate our Internet future in the long run. 

What are your thoughts? Are Google outages becoming a serious problem?

 I just returned from a nine day trip to South Africa where I was one of the keynote speakers during GovTech 2009 in Durban. To say that I was impressed with what is going on in Southern Africa would be an understatement, I was truly amazed by their global perspective and technology progress. The conference theme was "Doing ICT for the citizens," and most presenters provided clear, practical technology benefits to ordinary citizens. Speakers from the United Kingdom, Austria, Canada, Brazil, and numerous other countries offered their insights on best practices in Information, Communications, and Technology (ICT).  

 Initially, I was apprehensive about the long trip, but I was looking forward to a fun vacation with my daughter. (We went on a beautiful three day safaris after the conference.) But my expectations were exceeded by outstanding presentations which were a mixture of direct talk about hard issues like the supplier - CIO relationship, the realities of open source, and convergence in a customer-centric era.      

   The conference offered a wide variety of important topics and case studies that are well worth considering (and downloading the powerpoints). For example, the e-Government situation in South Korea was described in detail. Other helpful sessions included global best practices which was offered by friend and colleague Paul Taylor and perhaps even my session on what's hot and what's not around the world in cyber security or Seven security threats that governments face. 

  Besides the conference material, I found the GovTech 2009 hosts to be kind and helpful. They truly made the international guests feel welcome, and they "get it" when it comes to the people side of technology conferences.

  My recommendation: visit the GovTech 2009 conference website and download the powerpoint presentations that interest you. Videos of keynote sessions will become available soon, and I will point to those when I receive the link (in a future blog). In the meantime, I agree with the perspective: think globally, act locally. After my recent visit to Africa, it means a bit more than it did before.  

  EMC continues to lead IBM, Dell and HP in the external disk storage systems market, but worldwide revenue declined by 18.7% from the prior year's second quarter, according to the research firm IDC. eWeek.com broke down the storage sales by revenue percentage, with EMC grabbing 21.5% of the market, IBM had 14.9% and HP came in third with 11.4% of the market share. Dell and NetApp finished in a tie with under 10% of the market share each.     

  Here's an interesting quote:

"Liz Conner, an IDC research analyst in storage systems, said while the enterprise storage systems market continue to feel the impact of current economic conditions, posting its third straight year-over-year decline, certain "sweet spots" in the market continue to thrive. 'iSCSI SAN and FC SAN both showed strong year-over-year growth of 57.2 percent and 66.8 percent, respectively, in the entry level price bands ($0K-$14.99K) as customers continue to demand enterprise level network storage at a more economically friendly price point,' she noted."

  These latest statistics seem to confirm predicitions from earlier in the year (January) regarding a decline in the data-storage market. Back in May, vendors confirmed that weak sales were hitting revenues. And yet, the data storage market may be starting to see green-shoots.

 For government technology leaders, this is a great time to take a look at where you stand regarding your overall data storage situation. New technologies that use data deduplication can offer substantial benefit to your enterprise storage strategy. Each of the named vendors are rolling out new products and services that can help reduce cost. New products and pricing can be very attractive.

  In Michigan, we are looking at our overall data storage strategy and how we can move towards a new government cloud. We are virtualizing our servers, but also reducing the number of storage platforms with the use of data deduplication. We expect to save significant dollars over the coming year by taking a fresh look at our overall architecture and storage savings opportunities.

What are you doing regarding data storage?

 In a recent interview with Government Computer News (GCN), Federal CIO Vivek Kundra revealed some very interesting perspectives regarding the need to upgrade technology infrastructure, enterprise IT architectures, better procurement, and keys to building partnerships between governments and contractors.   The GCN interview offers a mixture of policy directions as well as pragmatic advice for technology leaders. I urge readers to pay attention.

Here are some highlights:

1) On infrastructure -  "...Why not look at some of these game-changing technologies, like cloud computing? ... What about a migration into a shared-services model? ... Do we really need to spend billions of dollars in data centers across the federal government? Do we really need to use up all this energy when we can do it in a lighter-weight way?..." 

2) On government / contractor relationships - "I believe that the partnerships will actually move to higher-value work. What I mean by that is that if you look at a lot of spending right now, we're not addressing some of the tough issues -- issues around re-engineering how these agencies work, rather than just going out and spending money on servers, routers and switches, and configuring them and upgrading them two years later...."  

3) On enterprise architectures - "It's meaningless to have architecture filed away in cabinets. You could have the best document that is just sitting somewhere, yet everyone else is moving forward and implementing a completely different model."  

 4) On better procurement - "...I think we need to simplify. The [GSA] storefront is one model. I don't necessarily think that we need wholesale transformation right away, though we should evolve toward that...."

Other interesting points included an emphasis on reengineering business processes. He rightly described true business transformation as requiring a new way of thinking and not the approaches followed 30-50 years ago.

I think the interview provides an excellent set of objectives and goals for the next few years within governments nationwide. His comment regarding enterprise architectures that are shelf-ware and not really followed shows some pragmatic insight into how things are sometimes done within government. That is, the implementers and the planners are working off of two different game plans and/or are not working together well.

 Overall, I believe that this was a very good interview. What are your thoughts?

Do you ever struggle with balancing work and family time? I certainly do. Turning off a Blackberry can be hard - even on vacation. No doubt, there's plenty of advice available that tends to go to one of the two extremes - totally unplug or stay connected 24 x 7. 

   So what's possibly wrong with unplugging for a week or two? The benefits seem obvious, and experts encourage leaders to unplug so that others can to. A vacation should be a time to recharge and get away to de-stress, and many bloggers (such as this one) chastise people for reading emails on vacation. One argument goes further and says that your team needs to feel empowered and know that you trust them.  Reading emails on vacation can even send the wrong message to your team.

However, not reading emails at all for 7-10 days can also cause issues. For one, you return to well over a thousand emails (at least in my case), and getting through them can require substantial time and energy once you return.  In addition, what about hot questions or emergency issues sent requiring a quick reply? Yes, you can use "out of office" replies directing senders to others, but I have avoided dozens of major problems and challenges by providing a quick reply to customers or external partners on important projects. 

On the other extreme, there is little doubt that you can ruin the vacation for your entire family if you trot around Disney World looking at you Blackberry all day.  You are probably sending unwanted messages to your loved ones, and your mind may be focused elsewhere. That is not a vacation. I have seen Blackberry addicts at little league baseball games, in lines at amusement parks, and even in the lobby of a church right before a wedding. In each case, the user looked as if the "other activity" was secondary to sending their "essential" message.

So what do I do? Over the years, I've developed some guidelines that seem to work well for my entire family. I certainly "over-text or email" sometimes, and I make mistakes. But allow me to illustrate a middle-of-the road approach.

This past week my family of six enjoyed a wonderful week next to a beautiful lake in Northern Michigan. I knew that our rented house had no Internet access, and I was told that cell coverage was spotty at best.  Yes, there was a landline phone in the house, but at ten cents a minute, I wasn't biting on that hook. My initial plan was to check into the office and catch-up on (only the most important) email two or three times during the week as part of planned visits to Mackinaw City and Mackinaw Island.

 After we arrived, unpacked the car, divided out the bedrooms and ran out onto the dock with the kids to explore, my Blackberry started to vibrate. "I guess it does work up here. This will require discipline. Back to the guidelines," I thought to myself.   I stuck to the guidelines, and in this case they worked well and provided plenty of needed rest.

So what are the guidelines? Every person and situation is different, but I try and follow a "one-hour rule."    Here's what that includes:

1. No more than one hour of email a day on vacation.
2. Keep number of "checking-in" times to a minimum. (No more than three times a day.)
3. Only respond to the most important (red) emails. Skip others or forward to another team member for response.
4. Never interrupt important activities with kids or my wife Priscilla. (For example: No checking my blackberry at dinner out or during a family game/movie, etc.)
5. Turn off my blackberry at other times. Reduce temptation to peek when hot emails or calls come in.
 

I know. I'm supposed to have this perfected by now, since I wrote a book called Virtual Integrity and a PCIO article on the Seven Habits of Online Integrity. (Habit #5 is balancing online and offline life.) But this is still a constant battle requiring regular adjustments. The key is aligning your real priorities with your actual activities. I also recommend getting input from your family and friends as to how you are actually doing.

I doubt if my one hour rule will work when I travel with my daughter to South Africa in September (on vacation) to speak at GovTech 2009 in Durban.  I doubt if my Blackberry will even connect, but I'll update you on how that turns out in a later blog.

Meanwhile, what's your approach to disconnecting? How do you deal with "family time?" Does your Blackberry, iPhone or web-enabled phone travel with you on vacation? Any tips to share?

I'd love to hear what works for you and what doesn't.

  Every few weeks I visit a few of the federal government technology websites like Government Computer News or Federal Computer Week to see what's hot in the federal government. Occasionally, the trends seem to be contradictory - like this past week.

  Take the popular topic of using social networks (like Facebook and Twitter) in government. One recent article was entitled: Security Issues May Lead DoD to ban use of social media. 

The next article seemed to offer another view: (Department of) State puts social networking to diplomatic use.  Here's a quote from that one:

"Want to know where Secretary of State Hillary Clinton is right now? A section of the State Department's Web site has details about where she is in the world (not surprisingly, she's often out of the country), where she has been recently and where she's off to next -- all highlighted on a Google map for easy viewing. At the time of this writing, she was traveling in India and Thailand, having just gotten back from Canada, Egypt and Iraq."

Here we go again. Is this a movie rerun? This seems like a repeat of the debate from two years ago. Remember this article: DOD asked to reevaluate social networking sites ban.

So why do I highlight this debate now? I certainly won't end the opposing views - and both sides have excellent arguments for and against the use of social networking in government. (I wrote a piece on this topic eighteen months ago at CSO Magazine - if you'd like to read more.)

 No, I see another trend developing with social media. I started thinking about this much more after a lunch discussion session at SecureWorld Houston in February. I am seeing companies and governments doing large (120 or even 180-degree) swings on this topic. I can't name names, but many of the execs I have been talking with used to be wide open to social networking and now ban the use. Others banned Facebook and other social media sites or even engaging "non-work-related friends," but they are now wide open and encourage this use. Each side has war stories as to why they changed. The good, bad and ugly justifications are actually pretty simplistic. Over time, I expect to see this situation level off, but it hasn't happened yet.

 So what am I predicting? We will continue to be deluged by positive and negative stories regarding social networking at work. There will be some very embarrassing situations revealed, as well as some excellent case studies showing why we need to expand the use of Facebook and Twitter at work.

Who is right? You tell me.

What are your thoughts?  

  After a revolt over cost, timelines and a host of other difficult issues, the original "Real ID" appears dead. Secretary Napolitano testified this past week on why changes were needed to create a new "PASS ID" which will be partially funded by the federal government. PASS ID stands for "Providing for Additional Security in States' Identification Act." Washingtontechnology.com described the differences in this plan.  

Calling it "Real ID Version 2," new legislation was introduced into Congress which would modify the Real ID Act of 2005. Implementation details from the original Real ID were opposed by many Governors, the National Governor's Association and numerous privacy activists.

Here's an excerpt from a Govtech.com article describing the National Governor's Association (NGA) position on this topic: 

   The NGA said in a release that PASS ID Act recommendations supported by the NGA included:

• Reducing costs by providing greater flexibility for states to meet federal requirements by eliminating fees associated with the use of existing databases and eliminating unnecessary requirements
• Eliminating the need to develop costly new data systems that raise significant privacy and cost concerns without increasing security
• Strengthening privacy protections by requiring procedures to prevent unauthorized access or sharing of information
• Allowing states to better use existing timetables to renew compliant drivers' licenses and identification cards.

But critics of PASS ID claim that this new "scaled back Real ID" won't solve many of our driver license fraud problems. The Washington Post reported:

    "The new plan keeps elements of Real ID, such as requiring a digital photograph, signature and machine-readable features such as a bar code. States also will still need to verify applicants' identities and legal status by checking federal immigration, Social Security and State Department databases.

But it eliminates demands for new databases -- linked through a national data hub -- that would allow all states to store and cross-check such information, and a requirement that motor vehicle departments verify birth certificates with originating agencies, a bid to fight identity theft.

...'The new plan would still let people get licenses with fake documents,' said Rep. F. James Sensenbrenner Jr. (R-Wis.), who authored the 2005 legislation." 

It remains to be seen if these modifications to Real ID become law. However, with state governments in difficult budget situations, there is no doubt that PASS ID, with federal funding, is a welcome sight for most cash-strapped states. The chances are very good that a similar new approach (with some modifications) will become the driver's license standard that is implemented across America.

What are your thoughts on PASS ID?

Growing up, I used to love to watch ABCs Wide World of Sports. I'll never forget that famous line from Jim McKay: "Travelling the world to bring you a constant variety of sports, the thrill of victory and the agony of defeat, the human drama of athletic competition - this has been ABCs Wide World of Sports." The words were always accompanied with pictures of successes like US Olympic hockey heroes as well as tragic failures such as a skier wiping-out while going down a scary mountain.  

In many ways, covering technology infrastructure is no less daunting than covering the global sports scene. I know that readers are inherently tech-savvy with access to an infinite number of channels. From USA Today's "Tech" section to Government Technology Magazine's News headlines to eWEEK.com's IT Infrastructure pages, there is way too much going on to even scratch the surface of what's happening globally.  

On top of that, I have a full-time day job as Michigan's CTO leading hundreds of technology staff and contractors within the Michigan Department of Information Technology's Infrastructure Services Administration. So when it comes to covering technology, I will definitely be picking and choosing where to engage and what to leave for others.

A quick glance at a recent front page from eWEEK.com's IT Infrastructure section illustrates the scope of what we face each day. First, there's a "Top IT Infrastructure Opinion" entitled: "What Will the Cybersecurity Act of 2009 Do to Your Job and Business." The next story, "Tools Measure Outside Air for Data Center Cooling," did not really excite me but was linked very creatively to "Green IT." Nice spin.  

The stories go on and on, from Obama Vows E-Health Records to Vets, to New Microsoft Windows Licensing Aids Desktop Virtualization, Report Says, to  Before Grid Hack Reports, NERC Advises Industry on Cyber Assets.  (Yep, the last one's back to the link between security and critical infrastructure.) I expect that my background will keep drawing me back to that security direction, but I'm going to try to leave that gig to my talented friend Mark Weatherford. Nevertheless, I've warned Mark that, at times, I may not be able to resist the cybersecurity temptation. 

So how will I decide what to write about? Mostly, I hope to cover the items that are hot (or not) at work within Michigan government. From stimulus spending to new views on federal/state/local cooperation, these are fascinating times. At the end of the day, I like to blog about what is intriguing or thought-provoking to me, as my previous security blog-followers know well from Securing GovSpace and Lohrmann on GovSpace.        

Since this is my first "Lohrmann on Infrastructure" blog, I'd like to look a bit closer at the parallels between blogging about sports and technology. Amazing technological advances have allowed the coverage of sports to change dramatically over the past 40+ years. All-sports TV channels like ESPN are widely available, and many popular events like "March Madness" (the Men's NCAA Basketball Championship) are made available for free on the Internet. Despite these advances, we still seek the same things when watching. Beyond following our alma mater, we become engaged as we learn about stories which offer "the thrill of victory and the agony of defeat" in sports or even other interesting stories covering the rest of life. 

My hope is that this new infrastructure blog can offer at least a small taste of those same elements regarding technology. Granted, the topics are not usually as exciting Kurt Warner's rise to Super Bowl stardom. I realize that I may not achieve this ambitious blogging goal. No doubt, many of the stories we cover in technology can be boring or seem like "just work."  

And yet, we all know that success comes when the people, our work processes and the right technology work together well. For most of us, the technology infrastructure we choose is only a part of our core activity, but our project management, technical architecture, network implementation or governance becomes central. If we can learn from others in the industry, we can be more effective. This includes learning from their successes and failures.   

So just as I am fascinated by the background pieces that are offered on athletes during the Olympics, I enjoy blogging most when I can analyze the deeper story behind the headline technology story. This approach isn't always possible, but it is my goal for Lohrmann on Infrastructure. While each blog can hopefully stand alone and be read as a one-off, I try to tell a wider story over time. To relate technology infrastructure headlines to our specific situations within government offices. Time will tell whether I am even remotely successful at this ambition while at the same time addressing the wide world of IT infrastructure.   

Finally, I'd like this to be a two-way dialogue. I truly hope you participate and offer your insights, ideas and suggestions. What's working at work, what's not and why?