Thursday, March 12, 2015 -
3:30pm to 5:00pm

Location Details: 

Pioneer Room

600 E. Boulevard Ave., Bismarck, ND

Meeting Notice

The State Information Technology Advisory Committee of North Dakota will be holding a special meeting. In the event that any or all of the members of the governing body participate in the meeting by telephone or video, a speakerphone or monitor will be available at the location noted above.

At the time this notice is being prepared, the governing body expects the agenda of its meeting to include the following topics:

Meeting Schedule

Time Topic Presenter
3:30 Welcome / Opening Comments Mike Ressler
3:35 Enterprise Architecture Update Jeff Quast
3:45 Cyber Security Insurance Tag Anderson
3:55 Mobile Applications Demo Eli Cornell
4:20 Vendor Application Hosting - ITD Services / Fees Dan Sipes
4:40

Large Project Reporting

Veteran's Home - Electronic Medical System

Adjutant General - State Records Mgmt System

Justin Data

Justin Data

Mike Lynk

4:55 Open Discussion / Closing Comments Mike Ressler

Meeting Recap

Enterprise Architecture:

Enterprise Architecture has transitioned to a new model; referred to as “EA 2.0.” The new framework is made up of four architecture teams (Application, Data, Security, and Technology) and the Information Technology Coordinators Council (ITCC).  Governance is no longer structured hierarchically. Instead, all participants at all levels have an opportunity to participate in surveys at every decision point. The results are used as input to the CIO for establishing standards.

Cyber Insurance:

Cyber Insurance is typically used to offset costs incurred from a catastrophic data breach. The first step is to determine what protection is needed. The existing Risk Management Fund already covers third-party damages to citizens resulting from negligence within state government. Beyond that, agencies are exploring coverage to assist in meeting first party obligations and expenses including costs to send notices, provide credit monitoring and/or credit repair services, perform system forensic work, establish a help desk, or recoup costs associated with the loss of proprietary data.

Options include procuring a policy externally or self-funding  some type of coverage internally within state government, possibly through Risk Management. Historically, self-funding insurance has been cost effective for the state.  However, it would require legislative authority to establish a self-retention fund and any centralized purchase of insurance by Risk Management would require spending authority within the OMB budget bill.

Mobile Application Development:

Applications on mobile devices are typically delivered in two ways. (1) Mobile web; a web browser as a client. (2) Mobile app; a stand-alone client downloaded from the application store. Google Android (46%) and Apple iOS (51%) dominate the U.S. market. In recent years, ITD has been developing websites using Responsive Design, which allows websites to resize and reorganize based on the user’s screen size. Today, more mobile users are consuming services from applications (85%) than from websites (15%). In designing mobile application, two approaches are used; (1) Hybrid Mobile: A single codebase for multiple platforms (2) Native Mobile: A codebase targeted specifically for a particular operating system.

ITD is supporting both Responsive Design and Hybrid Mobile. We are also evaluating existing websites/applications for mobile candidates and identifying business cases that leverage device features such as camera, geolocation, push notifications, and local storage.

Vendor Application Hosting:

ITD has not historically rushed into cloud services because of the state’s investment in secure and cost-effective on-site hosting services. Today, more and more vendors are only offering “software-as-a-service” options. Therefore, ITD is accelerating preparations to leverage strategic cloud solutions.

Identity is one of the first areas to address when moving to the cloud.  ND utilizes a single Active Directory to manage authentication and authorization. To maintain a strong security posture, ITD is committed to integrating the state’s Active Directory with cloud services. 

Understanding risk is another area that requires due diligence. A structured risk assessment will be conducted prior to moving an application to the cloud in order to evaluate the implications on architecture, security, data, and strategy.

ITD plans to broker cloud services. This will help to maintain an inventory of cloud services, manage risk, ensure consistent contract terms, identify key integration points, and promote common standards. Rates for brokering will likely be assessed using a percentage of the cloud service cost; with minimum and maximum caps defined.

Where noted, the discussion of some of the above topics may be held in executive session rather than during the portion of the meeting that is open to the public. If this is a regular meeting, additional topics may be discussed. If this is a special or emergency meeting, the governing body's discussion will be limited to the topics and executive sessions listed above.
Date of Notice: 
February 25, 2015
Notice Provided By: 
Jeff Quast, 701 328-1993
Attachments: 
PDF icon sitac-20150312-presentation.pdfPDF icon sitac-20150312-mobileoverviewv5.pdfPDF icon sitac-20150312-minutes.pdf