Minnesota’s move to centralized IT makes room for cyber

Minnesota’s move to a centralized information technology operation represents a once-in-a-career opportunity for state Chief Information Security Officer Chris Buse: He has the chance to architect the state’s cybersecurity development.

Previously in Minnesota, IT operations were spread out and siloed in various agencies and departments. Now, the state’s IT agency, MN.IT, has begun moving to a centralized environment, where the IT agency has more authority over how IT operates.

“One of the things we’re really focusing on is kind of back-to-basics, bread-and-butter activities,” Buse told StateScoop in April at the National Association of State Chief Information Officers midyear conference. “There really are a lot of basic blocking and tackling functions.”

The department is working on an initiative to bring all state server hosting into a single managed environment. Alongside the hosting effort, Buse said the department is looking to consolidate its active directory into a single service desk and consolidate the way the state delivers virtualized desktops across the state.

But for Buse, the centralization efforts provide a unique opportunity to include cybersecurity in every stage of the IT agency’s centralization strategy.

“We’re kind of jumping on the opportunity right now,” Buse said. “It’s giving me an opportunity to finally get security right for the government as a whole, and it’s a really golden opportunity to bake security into all the government services from the onset. I don’t see very many opportunities in the future to get security right from the get go.”

Buse also said the agency worked earlier this year to put together a plan for how the state can deliver cybersecurity services to the 78 organizations in the state’s executive branch.

“We’re carving out security around major lines of service,” Buse said. “We figured out the new delivery model for those services and the essence of the plan is horizontal consolidation where that approach is most appropriate.”

In addition to intergovernmental security reorganization, Buse, who sits on the executive team of the Multi-State Information Sharing and Analysis Center, said collaboration between federal, state and local governments on cybersecurity often gives his team actionable intelligence on what the state should be addressing in the cyber arena.

“It’s more than just the theory of people getting together and talking about things in meetings,” Buse said. “We get probably 20 to 30 pieces of actionable intelligence every day that we use to help us assess and find and fix problems in our security environment.”