Public-sector CIOs are under mounting pressure to modernize, streamline and secure their organizations' IT operations, and no issues loom larger than guarding against cyber threats and the transition to the cloud.
In a recent survey, state CIOs named "security and risk management" as their chief priority for 2016, followed by developing a framework for implementing cloud services.
That security ranks at the top is hardly a surprise -- NASCIO, the association of state CIOs that conducted the survey, says that members have named security strategies their most pressing priority for the past three years.
In too many state governments, cybersecurity is still seen primarily as a technical issue, the province of the IT department, separate and distinct from the business side of the operation, according to Doug Robinson, NASCIO's executive director.
In the corporate world, particularly in the aftermath of high-profile breaches at household-name companies like Target and Home Depot, cybersecurity has commonly been elevated as a subject of discussion in the boardroom. Not so in the typical state government, says Robinson.
"Those same conversations unfortunately are not taking place as much as they should in the cabinet level and the governor's office," he says. "There's just not enough communication and conversation about this as a risk."
The challenge for state CIOs on security, Robinson explains, is "making it clear to public officials and appropriators that this is a business issue."
After security, state CIOs ranked questions around how state governments should adopt a cloud strategy a close second as a priority for 2016.
Certainly security issues are in play there, as well, though the greater challenge CIOs face in moving ahead with a cloud initiative is a procurement system that is oriented around technology that is owned and operated in-house, with the accounting skewed toward a capital expenditure, rather than operating expenses, according to Robinson.
However, despite some of those logistical and cultural challenges, the discussion of cloud computing in state governments has generally moved from a question of if to one of when and how.
"I don't think there's much of a debate that cloud is in their future," Robinson says.
He explains that that process is very fluid, however, with states typically moving lightweight, commodity applications like email to the cloud, but still hesitant to embrace the fully outsourced, public-cloud model.
"For the most part, I'd say most of the clouds today are private clouds, meaning they're hosted by the CIO organization," Robinson says.
But that's beginning to change, as well, as more state CIOs warm to the idea that they don't have to be the ones to deliver every service and application the organization uses.
Sign up for CIO Asia eNewsletters.