There’s no shortage of available technology to meet government’s most pressing human capital and finance needs. Today agencies have access to more applications than they can count, and it seems cloud computing is often touted as a viable option for improving business operations.
But where do you start? Is cloud the right fit? How do you approach people in government who are leery of cloud, and how do you find the right cloud partner?
These were just a few of the topics discussed at GovLoop’s State & Local Gov Innovators Virtual Summit. During the session “Finance and HR Get a Tech-Lift” attendees heard from Rich Schliep, Chief Information Security Officer and Network Manager at the Colorado Department of State, and Sherry Amos, Director of Market Development, Education & Government at Workday, a Software-as-a-Service provider for finance, human capital management and most recently student applications.
Schliep explained that state and local governments are under pressure to keep pace with customers’ demands, all while making cybersecurity a top priority. They have to decide if it makes more sense to spend money on in-house systems to provide common functions for HR or finance, or outsource that work to vendors that specialize in those areas.
But when it comes to adopting cloud services in government, concerns about security are often the biggest barrier. So how do you have a conversation around cloud when there are trust issues among your staff or even senior leaders?
Creating a Cloud Security Checklist
For Schliep, he uses cloud services but only if vendors can answer his questions and he is confident that they are more secure than his agency. “It really comes down to the data” and having the policies and practices in place to protect it, he said.
Amos advised agencies to start early and include the right people in the cloud conversation when considering cloud options for HR and finance. Before you undertake a formal procurement process, engage in market research and don’t be afraid to have vendors show you what they can do, she said.
“People tend to think if I have all of my solutions in my data center on-premise, it has got to be more secure than my data in the cloud,” Amos said. But that is not always the case. One of the biggest challenges agencies face is that the legacy systems that have cannot be retrofitted with modern-day security.
At Workday, for example, the company is independently audited and makes those audit results available to customers via a non-disclosure agreement. Workday also meets government and international security standards.
“Security is the lifeblood of our business,” Amos said. “Cloud is all we do.”
She suggested that agencies look for a company that is going to be a good partner. In terms of solutions, pick those that can be configured to meet your unique business processes. For the planning, recruiting, payroll and other solutions offered by Workday, all are available through a native cloud, not on-premise. That means customizing code is not an option, as is often the case with on-premise solutions.
For agencies considering cloud, Schliep shared his checklist that he reviews with potential vendors. The checklist covers every aspect before, during and after a cloud services is in use. Key questions include:
- How often are you audited?
- When issues are found will the agency be notified?
- Do you have physical security in place?
- Are there proper controls in place to ensure other tenants are unable to access agency data?
- Is there an incident response plan in place?
Schliep said agencies should always ask vendors how easy it is to get their data out of a cloud, and then they should test it to verify the vendor’s claims.
“It is critical that we have those checklists in place so that we can ask the right questions,” he said.