Tech Survey of States Highlights Growth of Data-Driven Services
In 2022, leading states are breaking down information silos and assessing the data for more informed decision-making, and elevating efforts to keep all this data secure in a challenging cybersecurity environment.
“Human-centered design” became a guiding principle for states striving to make their digital services as user-focused and -friendly as possible. Minnesota enshrined the principle in its Modernization Playbook, Michigan hosted training sessions on the concept, and North Carolina elevated the citizen perspective by recruiting 1,000 residents to user-test its state website redesign. CIO Alan Fuller said Utah’s been seeking to improve processes based on customer feedback, rather than just getting “state employees to sit around in the room and think to themselves how to improve.”
States have also taken a hard look at the data they collect, working to glean more insights while preserving security and privacy. Data-driven analysis has powered efforts to address some of residents’ most pressing needs, with Georgia’s Broadband Availability Map detailing access gaps with address-level specificity and Minnesota’s data visualization tool revealing where vaccination clinics were most needed.
Ohio, too, dedicatedly advanced data-driven decision-making, building out its cross-agency data platform and inaugurating a chief data officer. New positions also launched in Utah and North Carolina, with both hiring privacy officers — efforts that officials said, respectively, can deepen resident trust and improve cybersecurity.
Cybersecurity remained top of mind, with states confronting precedent-setting incidents like SolarWinds and Log4j and everyday threats like ransomware and fraud. States rallied against threats and refined their approaches with lessons learned. Michigan’s experience with SolarWinds inspired process changes that helped it quickly assess third-party risks in the face of Log4j, while Ohio developed an analytics solution to combat fraudulent unemployment payments.
As they continue to harness digital tools to serve and safeguard their residents, many of this year’s leading states are doing so under new IT leadership. Georgia, Michigan, North Carolina, Ohio and Utah all introduced new CIOs since the 2020 Digital States Survey, while Minnesota’s CIO returns for another high score.
Georgia is making big moves, transitioning its data center to the cloud.
This change will mean quicker service delivery, greater transparency, improved security and more innovation, said Shawnzia Thomas, state CIO and director of the Georgia Technology Authority (GTA).
Agencies have their pick of AWS or Azure, and GTA is overseeing the transition. At the same time, GTA is training up agencies’ staff in relevant skills through a “cloud campus” program — an initiative that will supplement GTA’s limited pool of cloud specialists while giving agencies more ownership.
Georgia brought on its first-ever chief cloud officer to support this effort. GTA has also been working to build up its base of cloud-savvy talent, by revamping job descriptions to emphasize cloud skills and recruiting at technical colleges, Thomas said.
GTA aims to convince college students to start their careers in the public sector, even if they later leave for private-sector salaries. Some eventually return, seeking the fulfillment of public service.
“Many people come back — they like that feeling of giving, of serving. [So] we want to make sure they get a taste of the public sector first, before they go out to the private sector for more money,” Thomas said.
Another major initiative was the launch of the Georgia Data Analytics Center, which pulls together data from across state government, enabling more analysis and making information accessible to agencies, legislators, academics and researchers.
“Georgia is keen on being a state of transparency, so putting this data out there for all to see is something that we’ve always wanted to do,” Thomas said.
The state itself is digging into data to make its websites more user-friendly. An analytics dashboard about visitors’ webpage interactions is helping uncover likely pain points, and data about call center requests adds more insights into residents’ needs.
Data also fuels Georgia’s nationally recognized Broadband Availability Map.
“We have the best map in the U.S., where it’s specific down to the address level, which gives us better visibility into where unserved areas are and that’s what we really want to home in on,” Thomas said. Georgia’s discovered not only unmet needs in rural areas, but also in major cities like Atlanta.
Michigan, meanwhile, has been emphasizing cybersecurity.
“In cybersecurity, we never want to rest on our laurels and say, ‘Oh, we did such a great job last year that we don’t need to continue to focus on that,’” said CIO Laura Clark. “We need to continue to stay on pace with the current practices and work really hard to protect Michigan’s resident data and systems that we’re entrusted with. That [work] will continue and ... being a dual-hatted CISO and CIO, [that] will continue to be a passion and a driver for me.”
In recent years, that energy drove developments that make the state more fleet-footed in response to software supply chain risks. When news of the SolarWinds attack broke, IT members manually pored through third-party contracts and records to pin down vendors’ contact information, so the team could communicate over the impacts, risks and mitigation efforts.
After that labor-intensive experience, the team improved the process by pulling vendor details into its Governance, Risk and Compliance tool. Thanks to this, they were able to quickly connect with vendors when the Log4j vulnerability emerged.
“We could be a lot more expedited in reaching out to our third parties,” Clark said. “… Anytime there’s a cyber event, we always try to look at process improvement and see if there is a way that we can be more effective and efficient next time. So, it’s that continuous improvement kind of mentality that we have here.”
Enabling a hybrid workforce as well as recruiting and retaining cyber talent has been another key focus. Michigan responded with everything from developing paid college internships to help with recruiting to keeping current staff engaged via opportunities to learn and use “leading edge” technologies.
The state also took a human-centered design approach to redesigning its MILogin service, producing a tool that was more user-friendly and which required less customer support from staff. New software development processes also help IT staff catch and correct potential code vulnerabilities early on.
Michigan continues to push ahead on these issues and is currently working to hire 19 more full-time cyber employees. IT is also assessing the state’s setup for any gaps or modernization needs as Michigan moves toward adopting a zero-trust framework.
Minnesota has been embracing human-centered design as it rolls out and upgrades services.
“One of the principles that’s really important to us is just understanding and having an empathetic view toward the impact that technology may have on people,” CIO Tarek Tomes said.
The principle is included in Minnesota’s Modernization Playbook and influenced efforts to streamline the state’s benefits portal last year. Applicants were interviewed about how the tool could be improved, and their responses guided a revamp that ultimately trimmed application times down from one hour to roughly 10 minutes.
“There are very few things we can do in government that are more important than really fulfilling the needs that people come to us with in a way that gives them back time,” Tomes said.
Minnesota’s efforts to provide critical supports have also been bolstered by new data visualization tools and a focus on data-based decision-making. This helped the state understand where and how to provide COVID-19 vaccination opportunities to reach all residents, Tomes explained.
Ready access to detailed information “gave us this instantaneous ability to pivot to provide, or stand up, more vaccination clinics,” he said. “It was a really critical part of saving lives throughout Minnesota in a way that was data-informed.”
IT underpins other support services, including a new process that automatically enrolls Medicaid-eligible children for free and reduced lunch, resulting in 100,000 more children getting fed. Other projects disbursed unemployment benefits during the pandemic — often faster than other states, Tomes said — and enabled pandemic frontline workers to digitally apply for benefits. The latter project had to handle 1.5 million applications, while also maintaining cybersecurity and fraud protections.
Many initiatives have been underpinned by strong partnerships. The Technology Advisory Council develops long-term strategic recommendations and includes state, legislative, local government and private-sector members. That diverse participation helps lead to cohesive plans that extend beyond the state’s executive branch, Tomes said.
A relatively new Legislative Commission on Cybersecurity also gives IT members an avenue for discussing important — but sensitive — cybersecurity matters with legislators to help inform their policies.
“It includes an opportunity for us to brief them behind closed doors … and that opportunity to have those conversations is really important,” Tomes said.
North Carolina has racked up several “first-in-the-nation” moves, including launching an Office of Digital Equity and Literacy. It works with the Broadband Infrastructure Office to expand broadband availability and affordability, device access, and digital know-how.
When CIO Jim Weaver joined the state, “[Gov. Cooper] made it very clear that our No. 1 priority for the agency was broadband,” Weaver said.
Answering that call has included providing grants that incentivize infrastructure construction in underserved areas, raising awareness of broadband discount programs among low-income residents, and providing digital literacy training.
Broadband efforts also home in on equity gaps, with Weaver noting that 76 percent of white North Carolinian households had high-speed Internet subscriptions in 2021, compared to just 58 percent of Native American households. The state aims to raise all groups to the same level.
“The governor ... has challenged us by January 2025 to get that number up to 80 percent across all racial subdivisions,” Weaver said. Another goal: connecting all households with school-aged children.
North Carolina also set precedents in cybersecurity, becoming the first state to prohibit government entities from paying or negotiating with ransomware perpetrators. Weaver said ransomware attempts have since declined, but that it’s difficult to know how deeply the law influenced that. The state also formalized its Joint Cybersecurity Task Force — a cross-agency, cross-government body that supports incident response and preparation — and hired its first chief privacy officer, who has been working to build a privacy framework and program.
North Carolina is also looking to break down data silos among agencies to uncover insights that can inform state modernization efforts and decision-making. For example, connecting data from criminal justice, human services, public health and education programs may reveal information about children’s outcomes, Weaver said. Making such work possible requires first ensuring each data set’s security and privacy needs are met and creating a common dictionary of terms so entities understand how to accurately interpret each other’s data.
“I can go back to my days in Human Services, where it took [us] six hours to define the word ‘recipient,’” Weaver said. “… Depending upon what program you were focused on, ‘recipient’ meant something totally different.”
On a broader level, the IT department is trying to change how government delivers digital services, moving away from siloed, agency-by-agency approaches to instead create more seamless, user-friendly experiences.
“Our strategic plan does not talk about agencies — it talks about North Carolinians,” Weaver said. “So, everything we do, especially as we start talking about digital transformation, is, ’What’s in the best interest of a North Carolinian?’ and not necessarily looking at how services are provided by an agency online.”
Data analytics and management are front and center for Ohio.
The state has piloted a program letting agencies without chief data officers consult with a shared one and named its first state CDO, selecting the deputy director of the InnovateOhio Platform (IOP).
That platform has evolved since the last Digital States Survey and featured 760 data sets by April 2022, up from 500 in summer 2020. All agencies were obligated to shift their platforms onto IOP and share data with it, in an effort to improve data management and analysis and create a common user experience across government.
Early in the pandemic, IOP worked with the state Department of Health to launch a public information dashboard where residents could learn their vaccine eligibility statuses and locate and schedule with providers. That initiative also gave other agencies a demonstration in how collaborations with IOP could advance their missions, CIO Katrina Flory said.
“[That] really showed the power of the platform and gave [agencies] confidence — like, ‘Oh, yeah, this does work. Look at what they did for Health,’” Flory said.
Still further data efforts expanded the DataOhio Portal, where researchers and other residents can now access more than 297 government data sets.
Ohio also promoted its single-sign on service, OH|ID, which grew to more than 5 million users. Capabilities enabling agencies to, on their own, integrate OH|ID into smaller applications and to invite customers to create OH|ID accounts have helped drive up usage. Ohio’s unemployment benefits and digital driver’s license renewal systems both adopted OH|ID for greater security, thanks in part to multifactor authentication features.
Ohio also doubled down on addressing its broadband equity gaps, including expanding the Broadband Office with a team member dedicated to digital inclusion, Flory said. The state also looked beyond just building out infrastructure to also address needs for devices, hot spots and affordable rates.
“We focused a lot on … making sure that school-aged children have devices,” Flory said. “Maybe previously the idea would have been to make sure that they had access at home. Well, they might not always be at home. Depending on what’s going on, you might have to spend today at your aunt’s house … so making sure they have the devices [and] have access wherever they are has been important.”
Like other states when COVID-19 first hit, Utah’s IT team had to rapidly go remote while simultaneously supporting a newly remote customer base and launching many digital services. Tools for activities like vaccine tracking and unemployment claim fraud prevention helped deliver strong health and financial outcomes.
“We ultimately, as a state, came through very successfully with some of the lowest death rates and some of the highest economic outcomes,” said CIO Alan Fuller.
That wasn’t the only major transition facing IT. The building housing Utah’s data center was slated for demolition, forcing the team to move all its equipment and operations.
In 11 months, IT decommissioned, shifted to the cloud or physically transported more than 2,000 servers and more than 3,300 pieces of equipment. It also modernized, upgrading 10GB Internet to 100GBs and re-platforming systems. Transitioning more services to the cloud has also improved performance and positioned the state to use new technologies like AI, said Chief Technology Officer Dave Fletcher.
“We didn’t have any major breakdowns or anything throughout that move,” Fletcher said. “We’re maintaining hundreds and hundreds of services to citizens; we’re maintaining 1,600 applications supporting state agency operations. All of that continued pretty seamlessly throughout the entire move. So, I think that’s the big one [accomplishment], especially over the last year, is that successful move and what it implies.”
Data-driven customer service is increasingly top-of-mind, and IT has been featuring feedback-gathering tools on state websites to learn directly from users about their experiences, Fuller said. So far, these efforts have been implemented agency-by-agency, but Fuller hopes to expand it across government and across channels, helping the team learn, for example, what motivates residents to seek in-person services over online options and how improvements could answer these needs.
Utah is also emphasizing privacy and reconsidering what data it truly needs to collect, Fuller said. Supporting that work is a Personal Privacy Oversight Commission, which recommends privacy statutes, and new privacy officials. The state made the rare move of appointing not one but two privacy officers. One supports the executive branch, while the other focuses on local government, elected officials and other state entities.
Data privacy statements featured on state websites help to further foster residents’ trust, Fletcher said, and Fuller said the various initiatives have made privacy a regular part of agencies’ conversations when they consider how to share data.
For a complete breakdown of the Digital States survey results, read the full results here.
*The Center for Digital Government and Government Technology are divisions of e.Republic, Governing's parent company.