Feds want enterprise IT aligned with the business of government
Managing enterprise IT the government way
For some time, the Washington politico tide surrounding technology has risen, resulting in the “all-that’s-digital-is-mine-or-monitored” proposals lofted by Congress and federal agencies in today’s economically dragging security state.
What initially led me to believe that the administration wants technology aligned with the business of government were the Office of Management and Budget’s appointments of Mark Forman as Associate Director of IT and E-Government and Norman Lorentz as CTO. The two are overseeing an intense business process gap and redundancy analysis of major civilian agencies — and hold control of agencies’ IT budget purse strings. Add the appointment of integration task minister Steve Cooper as the Homeland Defense’s CIO, and it’s clear the administration understands the importance of IT.
But understanding what technology can do for the government is leading to some misunderstandings about what corporate IT should do for government policy. Feds want businesses’ technology aligned with their security and policy goals.
Take, for instance, the increasing number of bills introduced last year by the 107th Congress that included terms near and dear to the chief technologist’s heart. According to GalleryWatch, 284 bills included the term “privacy,” 37 included CTO or CIO, 18 included cybersecurity, and 12 included encryption.
Don’t expect members of the nascent 108th Congress to be outdone by their 107th counterparts.
The 1996 HIPAA is an IT bull’s-eye law that drove a mini IT and service buying spree, and married policy with the health care CTO’s budget. More interesting are the laws and regulations imposed on accounting or business management, which the CTO’s office must also abide by. Gartner estimates that 10 percent of the enterprise IT budget currently goes to compliance with federal regulations, with that percentage varying by industry classification and company size. Due to upfront costs, HIPAA compliance may impact an even higher percentage.
Look at the post-Enron Sarbanes-Oxley Act (S-O). Under S-O, publicly held companies must preserve certain documents or prevent the destruction of records that could be germane to litigation. The thrust of this for the CEO — and thus the CTO and his budget — is the answer to the question “What did the CEO know and when?” This impacts storage, records, and documents. Keeping the final draft of a memo may not be good enough to meet new legal standards. The enterprise will need to keep and retrieve previous versions. It’s not an IT bill, but it hits IT hard.
The SEC has spent and will spend considerable time enacting the rules that interpret and enforce S-O. The agency has also proposed that publicly held corporations file certain SEC documents electronically (See www.regulations.gov.) — a minor step, but one that chief technologists need to pay attention to nonetheless.
Lest CTOs think this only affects the information-intensive financial services industry, security issues have also impacted supply-chain management by the U.S. Customs Service. As of December 2002, stringent cargo reporting requires that all container manifests for U.S.-bound locations be sent electronically to Customs 24 hours before vessel departure. Look for Customs to establish standards for security and integrity of containers and cargo through the transport chain.
The increasing government attention to IT complexities, and technology’s corporate and social impact hits directly on the chief technologist’s office and budget — taking dollars away from R&D and forcing more into maintenance and mandatory projects. Are the administration and Congress so enamored of the potential for security lock-downs and defensive data-mining that they plan to turn the party of big business into the party of big technology managers?
