February 13, 2013
By Samuel Greengard
The Aloha State is undergoing a digital transformation. CIO Sonny Bhagowalia offers his insights into the state’s award-winning approach.
In June 2011, Governor Neil Abercrombie named Sanjeev “Sonny” Bhagowalia Hawaii’s first chief information officer. Bhagowalia, a former deputy associate administrator at the U.S. General Services Administration (GSA) and CIO for several federal agencies, has worked tirelessly to transform the state into a digital leader. He revamped IT, streamlined services and technologies, and introduced a 12-year plan to modernize the state and drive economic gains through IT. In 2013, Bhagowalia received a prestigious Federal 100 Award for his accomplishments. The State and its Office of Information Management & Technology (OIMT) has also received a number of other IT awards. CIO Insight caught up with Bhagowalia and asked him to provide insights into Hawaii’s digital transformation.
CIO Insight: How does digital technology impact the State of Hawaii and how are you attempting to put it to maximum use?
Under the governor’s leadership, we have embraced a vision called “New Day in Hawaii.” We have three main goals. The first is to grow a sustainable economy in Hawaii. The second is to invest in the workforce, and the third is to transform government. As CIO, I’m focused primarily on the third objective. We are attempting to leapfrog into the 21st century and introduce digital government.
What challenges do you face in achieving business and IT goals?
We had to move from COBOL, green screens and mainframes—with 743 fragmented systems and 746 IT staff spread across 18 departments and 108 attached agencies. That was a massive challenge. We’re attempting to migrate to a world where everything is web and mobile enabled. There are now 101 online services available at Hawaii.gov. We provide about 220 business functions across 36 lines of business in Hawaii. Of course, this creates new security and privacy risks.
How are you approaching this digital transformation, particularly in the mobile arena?
There must be a balance between the convenience of obtaining information and building strong security. We are looking at an explosion of data information and types of media, but we’re also seeing a growing recognition that mobile devices are at the center of IT. According to Cisco, one trillion devices will be connected to the Internet by the end of this year versus 35 billion about two years ago. Forty-five percent of the computing devices will be tablets and data will grow by 800 percent in the next five years.
What systems, tools and approaches are necessary to navigate a post-PC era?
Our goal has been to invest in systems that support responsive design so that people can use mobile devices effectively. It’s critical to present pertinent content in the right way on the right screen. We’re also attempting to sort out BYOD internally. We aren’t allowing people to bring their own devices until we have a chance to formulate an internal policy and the right set of controls. Finally, we’re designing systems with appropriate security and access controls.
What are the key aspects to mobile security?
We have identified 17 categories of security assessments, including application security, availability, change management, confidentiality, endpoint admission, governance, security access management and monitoring the network perimeter. We’re looking at how to mitigate issues in each of these areas. We have, so far, developed 63 mobile apps. We are trying to develop a full app store to take our mobile initiative to the next level. But in order to do this we have to further fortify back-end systems and make sure we don’t provide any transport mechanisms for malware. This means building strong security and privacy controls into payment systems, including those originating from a mobile device. We’re also working to develop a national registry so that it’s possible to conduct code verification.
How do you sync business requirements with IT?
My top three strategies are: transform the business because it drives technology; modernize technology standards and processes to facilitate delivery; and build transparency and accountability with a sound governance structure.
See more here.