Monday, September 1, 2014

BIT Technology Review Process 101

For most of us, negotiating contracts and reading legal language rank at about the same level as hitting our thumb with a hammer--twice.  Luckily for you and your agency, you do not have to because BIT has staff to do that for you. Your agency Point of Contact (or POC) can help with appropriate technical contract language.   

When beginning the technology review process for the first time, you may get the sense that it is complicated. It can be, but that is because the information and technology industry is complicated and changes rapidly. Signing a contract or making a significant purchase without the support of BIT may seem like a good idea at purchase time because the process may move faster with just you and a smiling salesperson in the room. However, unless you have a solid understanding of current technology trends, what may seem like a harmless contract agreement can result in expensive surprises for you, your business and ultimately the citizens of this state. 

The most important thing you can do to make the process as painless as possible is to engage your BIT POC before you publish a Request for Proposal (RFP), ask for bids, or in any other way ask for a price quote from a vendor. When you show a vendor the applicable terms that apply at the same time you ask for costing, more often than not they will accept the terms up-front to get your business. In those few cases where they won’t accept the terms, they will generally minimize their objections to just a few items. Contact your BIT POC to arrange a technician-to-technician discussion to work out the details on valid cost information and IT-related legal terms. 

Items BIT takes into consideration for you during the technology review process:

  • Disaster Recovery (DR)
  • Continuity of Operations (COOP)
  • High availability computing (HA)
  • Hypervisors (the cloud)
  • Physical hardware limitations (cores, processors, MSUs, sockets)
  • Network protocols
  • Security controls, risks, scans, threats and defenses
  • Patch cycles and processes
  • Licensing considerations
  • Audit requirements

Each section of the contract has clauses for specific purposes. The terms in the HIPAA section apply only to those terms recommended by the federal government in all contracts associated with HIPAA systems or data. The terms in the Hosting section apply when an outside vendor hosts your system rather than using the existing state infrastructure. The terms in the federal tax information section only apply to projects involving federal tax information.


You do not need to engage your BIT POC when:

  • Making a technology purchase off an existing state contract.
  • The system you are buying is for a single desktop license for a one-person application. In these cases, a moratorium request is processed.
Often vendors will resist clauses that hold them accountable or that grant you the ability to determine whether they are handling your data, and our citizens’ data, in a responsible manner. We have found nationally known vendors who, on close inspection, were putting their clients’ private data at risk due to poor security standards. We have also had vendors who, after several years, have come back to the state and attempted to levy fines and fees made possible due to weaknesses in contract language. 
      
The bottom line is that if a vendor resists the clauses contained in the technology template, it raises a red flag and must be investigated.  Red flags reveal significant business risks that you need to understand in order to make an informed buying decision. A vendor may have legitimate business reasons to object to any of the clauses or other contract language, and if that is the case, a meeting can be held with the vendor and your IT advocates at BIT to help determine that and weigh out other solutions. 

The BIT POCs are here to help you through the technology review process; whether it is documenting a Memorandum of Understanding (MOU), working together on a contract, drafting and finalizing a Request for Proposal (RFP) or reviewing a Purchase Order. Our staff can assist with the review of technology purchases to allow for fiscal responsibility in keeping costs as low as possible and helping to maintain a secure and reliable avenue for the State of South Dakota's technology needs.

Friday, August 29, 2014

#SDintheField: A New GFP Campaign

For those born before 1970, the “#” symbol is called the pound sign. To the Facebookers, Instagrammers and tweeps, the “#” is called a hashtag. A hashtag is a word or phrase preceded by “#” and used within a message to identify a keyword or topic of interest; which facilitates a search for it across multiple social networking platforms like Facebook, Instagram and Twitter. It is a way to use social media to gather responses for a certain message and to create a community of like-minded messages or individuals.

GFP has a new digital campaign underway right now using #SDintheField to encourage folks like you and other hunters, anglers, trappers and outdoor enthusiasts to share their South Dakota field experiences through photos or videos on Facebook, Twitter, Instagram or all three.

#SDintheField is more than a bragging board. It is a way to continue the openness and conversation with digital citizens and to encourage them to share their memories with GFP and other like-minded folks.

So what might #SDintheField mean to you and others?
  • Is it a family pic before the traditional pheasant hunt on opening day? 
  • Is it a smile from a young hunter who just passed their HuntSAFE course? 
  • Is it a dog’s intent gaze into the sky?
  • Is it sitting in an ice-shack on your favorite slough, ice fishing with your dad?  
  • Or is it a selfie with a monster muley or a limit of greenheads? Because those images are great to share as well.

These are all reasons why we spend time in the field. Be thinking about what photos or videos you can share the next time you are in the field. As you post, be sure to use #SDintheField . You can see your pictures and other’s here: https://tagboard.com/sdinthefield or on the GFP website at http://gfp.sd.gov/agency/sdinthefield.aspx.

Thursday, August 28, 2014

#1 Corporate Network Password- Password Strength

Short, simple passwords may be easier to remember, but they're also easier for hackers to crack. Use strong passwords on all your accounts that include a minimum of eight characters and a mix of special symbols, letters, and numbers. Developing good password practices will help keep your personal information and identity more secure.

Create strong passwords—yes, we hear that all the time, but would it catch your attention if you knew that over half of 626,718 hashed passwords could be cracked in a few minutes.

The passwords were collected during Trustwave pen tests of corporate environments in 2013 and part of 2014. Most of those came from “Active Directory environments and included Windows LAN Manager (LM)- and NT LAN Manager (NTLM)-based passwords.” Regarding keywords in passwords, people loved using the name of their kids and dogs. 12,042 contained a top 100 baby boy name; 9,224 passwords were from the top 100 dog names; and 8,035 passwords contained a top 100 baby girl name.

The researchers had cracked 576,533, nearly 92%, of the total 626,718 passwords after only 31 days!

Below are the top 10 passwords Trustwave cracked from corporate environments.

Trustwave
 
Keep this in mind when creating your new password: Mixing in uppercase and lowercase letters with numbers and special characters won’t always make a more secure password--try increasing the number of characters in the password.

Tuesday, August 26, 2014

Jim Hagen Named State Tourism Director of the Year

Jim Hagen,
Sourth Dakota Secretary of Tourism
Each year the U.S. Travel Association and the National Council of State Tourism Directors nominate three people to be in the running for the State Tourism Director of the Year. Jim Hagen, South Dakota Secretary of Tourism was nominated as one of this year's three finalists. The STDOTY award is given to the professional whose leadership has led to the measurable improvement of his or her state's travel and tourism profile.

On Monday, Hagen won the "Outstanding State Tourism Director" award in front of more than 600 of his peers at the ESTO conference in Louisville, KY.

"South Dakota understands that travel dollars are an essential contributor to the state economy," said U.S. Travel Association President and CEO Roger Dow. "The competitive tourism marketplace demands that states invest in effective, efficient promotion, and this award demonstrates that Jim Hagen is running a program that has the highest respect of his peers."

Hagen is the first South Dakotan to receive the award in the last 20 years (Susan Edwards, 1994). We’re fortunate to have such an enthusiastic and driven leader for our Tourism Department. Congratulations, Jim!

Thursday, August 21, 2014

30 Years of Service: The Evolution of State I/T by Jim Edman

Jim Edman
Deputy Commissioner- BIT
Most folks come to state government employment seeking ‘a couple of years’ experience’ and visions to move on to the bright lights and greener pastures of the private sector.  My goals were no different, but I soon discovered that CDP \ IPS \ IS \ BIT and the community of Pierre provided opportunities too good to pass up.

In 1984, David Zolnowsky hired me out of USD as a new programmer / analyst.  I was integrated into many good projects which provided opportunities to learn Natural, Adabas, Cobol, SAS & other technologies. Our unit had 8 green screen monochrome terminals in a glass room we all shared and used to create and test our programs.  Soon we had our own dumb terminals on our desks & eventually those were replaced with leading-edge AT&T dual-floppy 6300’s on a token ring network with an emulation card.  Livin’ large!  Flow charts came from a template, pencil & lots of erasing.  Later I had the opportunity to move to the “network group” during the “Great Email Meltdown of 1990” resulting from the upgrade from Network Courier to Microsoft Mail 1.0.  Even in 1990, only after a couple of years of use, e-mail had become a mission-critical application.

Network expansion over the past 30 years has been astronomical.  Agency and our backbone networks began as Token Ring 4Mbps & 16Mbps ‘rings’ built with thick Type 1 cabling. It was my first exposure to something called a “hermaphroditic connector” (use the Google machine for that one…). Wide area network technology has become much simpler and more efficient.  9600 baud SNA networks just couldn’t accomplish much—56Kbps digital circuits weren’t much faster.  T1s and ATM (asynchronous transfer mode) technology provided a revolutionary advancement but just whetted clients’ appetite for more. Wide area Ethernet made connecting offices much more efficient but more importantly it allowed our clients to use technology to a far greater advantage.

It seems all great advances are accompanied by setbacks.  The advent of the Internet brought the invention of viruses, malware and cybercrime.  The role of Chief Security Officer is a daily challenge.  Today BIT cyber security staff invests an incredible amount of effort to protect confidential information entrusted to state agencies on a daily basis.  This is a very difficult endeavor because security is not convenient.  Passwords, controls, specific configuration limits, policies all infringe on one’s “individual rights”.  Remember though, sometimes the greater good of the organization needs to outweigh those of the individual.

I’ve been fortunate to work on many exciting projects over the years.
• Consolidating I/T from across the departments into a single organization and the birth of BIT in 1995 – 1996 allowed for improved in efficiencies in state government.  That project provided a foundation for the many technologies introduced subsequent to consolidation.  South Dakota was far, far ahead of the other 49 states with this effort to consolidate agency staff from their own “kingdoms” to an “enterprise” organization.  Difficult times but great folks stepped up and tackled the challenges.  One never forgets watching one consultant fire another consultant on the spot. ‘We just don’t need your help anymore.’   
• Consolidated networking, a single email system, migrating to TCP\IP, standards for hardware and software, distributed pc support, development standards, a single active directory domain, security, etc. are all enterprise (state wide) technologies we take for granted.  Many states today still struggle with those technologies.  We’ve been through those challenges and have become a far better customer service organization because of them; state government is tremendously more efficient because of the visions of a few individuals.   
• Network migration projects define their own story.  SNA multi-dropped 9.6 circuits  56K / T1 point – point - T1 frame relay & ATM – DS3 & OC3 ATM  Ethernet of 10, 100, 1000 & 10,000.  Each an era with migrations of different equipment but all with the common denominator of more speed for the clients. 
• Our K12 technology exceeds that of any other state in the country and I had the great pleasure of working with this project from the ground up.  Starting with inmates wiring the schools in the mid-1990’s, through linking all of them together in 1999 – 2000 to build the Digital Dakota Network (DDN) provided South Dakota K12 schools a technology infrastructure unprecedented in any state government at the time. The premise of the DDN was (and continues to be) to provide technology services that can be aggregated and relieve the local school district of that financial and technological burden.  The Department of Education and Dakota State University (DSU) have been great partners in this endeavor. Today we have a statewide student information system, managed high speed networking, professional security expertise, a help desk, support expertise available to the schools, web hosting, virtual schools, etc.  All of this began with the goal of connecting schools to the Internet and providing teachers with a safe and secure email box.  Because we continue to strive to improve services, 15 years later this continues to be a great success story.   
• One of the greatest networking projects was the Research, Education & Economic Development (REED) Network, a 10Gbps network connecting state government, public higher education institutions, research centers, and national research networks. Built on-time and within-budget, it is a network that will continue to serve state government, higher education and the private sector far into the future. 
• Today we take the Internet and specifically high-speed Internet for granted.  In 1993, we started with a 56Kbps link through DSU.  (Your home cable modem or DSL circuit dwarves that speed today).  Web sites & online transaction are commonplace today.  Then newsgroups delivered content and Netscape was our 1st browser.  The web hasn’t always been popular though—many agencies were reluctant to post information.  There was a significantly different definition to the term “open government” a few years ago.  Fortunately, the phenomena of ‘technology inertia’ was strong enough to convince folks to move on.  As one consultant famously said in 1996 - “That Internet thing is a fad.  It won’t last”.  Today our Internet capacity is at 10 Gbps.  10,000,000,000 vs. 56,000.   That’s a heckuva fad.  
• Wireless and mobility is incredible.  Our kids these days take for granted being able to drive the road & have access to games, movies, etc.  The future in this area is going to be huge.  Technology efficiencies in this area are going to make the services we offer to our constituents far more convenient not to mention the quality of life enhancements we’ll witness. 
 

The people within BIT are the glue that keeps the states technology services humming.  Usually it runs pretty smoothly – sometimes Mr. Murphy shows up and there are times where we invite him due to our own sloppiness, but most of the time he comes on his own accord.   I like to remind staff that we earn our money when problems occur.  It takes far greater expertise to troubleshoot and fix a problem than to configure and turn something on.  There have been and are some incredibly sharp people within BIT.  The Development, Data Center, SD Public Broadcasting and Telecommunications divisions have very talented and motivated individuals.  It is impressive to reminisce on the talent that has gone through BIT over the years—certainly Fortune 500 levels.  I have had the privilege of working with many states across the country and we don’t need to take a backseat to any of them.  South Dakotans are very humble and modest, but we are also talented and creative AND we can compete on many levels.

As Commissioner Z fondly and regularly reminds me… The 1st 30 years were relatively easy; the next 15 will be the real challenge!

-Jim

Tuesday, August 19, 2014

State Champions: Brian Oakland



Brian Oakland receiving the Championship plaque
Over the weekend, men traveled to Rapid City to participate in the Rec 1 Division of the Men’s Slow-pitch State Softball Tournament West. This division was built by the 30 teams who were competing for the title. The double-elimination tournament ran through the weekend with the championship game scheduled for 2:00 on Sunday.  The Bauman Lumber team of Pierre, led by Brian Oakland, played through Saturday and Sunday. Oakland works for BIT within the Data Center as a web server administrator and has been playing softball for 26 years! After leaving the tournament winless the last two years, Oakland’s team was sitting undefeated heading into the championship game this year. Bauman Lumber was facing a team from Spearfish called 99-Problems for the title (the same team they beat during morning games 10-3). The rain started just after the coin toss for the championship game. When the rain finally finished, major field maintenance was needed to clear the puddles away. At 4:30 the championship game finally began. Bauman Lumber took the lead early and stayed solid throughout with a final score of 12-0, taking the title of champions!

Great job Bauman Lumber, more specifically Brian Oakland—we are proud of your accomplishments and leadership skills inside and outside of BIT!

Wednesday, August 13, 2014

Attention State Agencies: New Devices


 

BIT Support Services would like to stress to all state agencies that agencies and/or users should not un-pack and setup devices themselves. By attempting to setup devices without our assistance could cause some unwanted issues. It is important to remember that HP has many pre-loaded apps that the State does not support. One of these applications is a security applet that automatically sets a BIOS password on portable devices. If the agency and/or user were to set a BIOS password on their portable device and forget it down the road, BIT cannot guarantee that we will be able to remove the password - even with assistance from Hewlett Packard. If the password cannot be removed, there is a slight possibility that the unit will not be able to properly configured, thus it would not have the ability to function on the network. Another important aspect to remember is that the unit will not have all the necessary state applications if set up without the assistance of BIT.

Once again, BIT Support Services would like to advise all state agencies and users to contact BIT when receiving a new device. Please do not un-pack and setup devices without the proper assistance. If you have any questions about un-packing or setting up devices, please contact the BIT Help Desk (773-HELP) for assistance with obtaining the proper work request.