CIO Roundtable Reveals State, University Leaders Thinking on Network Security

The federal government may be following our every virtual move, but the state governments of Nevada and Washington, as well as the University of Nevada at Las Vegas, are surprisingly open in the freedom they grant users on their networks, while still ensuring that important data on those networks is secured.

That is the impression this writer got from the CIO Roundtable at today’s ITEXPO (News - Alert) in Las Vegas. The event featured David Gustafson, CIO for the State of Nevada; Bill Schrier, OCIO of the State of Washington; and Lori Temple, vice provost for IT at UNLV.

UNLV has virtually no restrictions on where users on its network can go on the Internet, said Temple, adding that prostitution in Nevada is legal, and that people at the university study prostitution, so even that kind of content needs to be easily accessible to the school’s community.

“If you dial things down too far, you just stifle innovation,” she said, and that’s not just the case with education.

Speaking of innovation, there is some application creation happening even by government employees, said Schrier. For example, a police officer has created a mug shot application that allows officers to more easily compare mug shots; a firefighter wrote a Google (News - Alert) Glass app to help with driver navigation; and the City of Philadelphia is encouraging city employees to create apps and introduce them within 90 days.

So where are these government IT leaders when it comes to thinking about, and creating strategies and policies related to, security?

Temple said her team focuses on securing the applications available on the network. She added that her group is also “working feverishly” on identity management, to ensure only people who are supposed to be on the system are on it, and to ensure they only see what they are supposed to see.

The ability to give different stakeholders within government access to select information – and only that information for which they are authorized – is also key, agreed Schrier. For example, you want EMTs to be able to access your medical records if you have a heart attack, but the water department should not have access to it.

Gustafson said that a few years ago his team was really struggling with how to secure its network, which bad guys were trying to get access to frequently. Ultimately, he said, he realized that securing the network as he wanted to unrealistic. So, instead, his team focused its efforts on protecting the data and assets that it, as a state entity, is required to hold in the community trust.

“My first and foremost priority is to secure the data at all cost,” he said. “So I had to change my thinking.”