Strategic plan, 2004-2006 / Georgia Technology Authority

Infrastructure

Georgia Information Technology Strategic Plan

Applications

IT Management

200406

Contents

Message from the Governor 1

Message from the State Chief Information Officer 2

Summary 3

Introduction 5
IT Management 6 I Enterprise Architecture 6 I Project Management 8 I Procurement 10 I Business Continuity/ Disaster Recovery 12 I Workforce Issues 13 I Security 14

Applications 15 I Software 15 I Application Development 16 I Security 18 I Data Warehousing 20 I Document Imaging 21 I Interactive Voice Response 22

Infrastructure 23 I Hardware 23 I Networks 25 I E-mail 30 I Telephony/Communications 31 I Security 34

Conclusions 36

Message from the Governor
Through the use of technology, Georgia is accomplishing efficiencies and providing improved customer service. While the need for government services continues to escalate beyond our revenue growth, we are striving to do more with less money. We are improving processes, programs and service delivery systems. To achieve these efficiencies, state agencies must coordinate, collaborate and share information and resources. I have empowered my agency heads to do just that. I have also created a partnership with the private sector through an initiative called the Commission for a New Georgia. This commission has been tasked with diagnosing in a very short time (90 days) current inefficiencies in the way state government does business and making recommendations for improving certain aspects of our operations. One of my goals is for Georgia to become the best-managed state by 2007. Criteria for the best-managed state include using technology to deliver services more efficiently and to improve customer satisfaction. The Commission for a New Georgia has identified many efficiencies and customer service improvements that are being delivered through the use of technology. I firmly believe that strategic technology planning and collaboration are essential to meeting our goal for the best-managed state in America. The commission's early recommendations include developing enterprise-wide systems for procurement, asset management and maintenance. Agency collaboration and coordination are critical to our success in carrying out these and other measures. As we continue to conduct business in this manner, we will continue to reap the benefits of these efforts. I applaud the Georgia Technology Authority's work with agencies to develop an enterprise architecture for the state so that behind-the-scenes service delivery systems can be coordinated, wasteful duplication can be avoided and the people of Georgia receive the highest level of service. In sum, information technology is the underpinning of government policies, programs and operations. With shared strategies, business-driven technology and agency collaboration, we can accomplish our goal of becoming the best-managed state. Sincerely,
Sonny Perdue Governor

Message from the State CIO
Part of the Georgia Technology Authority's mission is to provide guidance and oversight that lead to sound decisions for Georgia state government. Sound decisions arise from proper planning and are based on the best data and information available. We are pleased to present this document as a reference point for the next phase of strategic IT planning. It describes the state of technology in Georgia government. By examining emerging trends in the IT industry and comparing Georgia initiatives to these trends, the document sets forth the direction that state government is taking in three areas: managing IT, improving the infrastructure and developing applications. Now, more than ever, a technology-enabled government has the opportunity to improve its operations. We can deliver services faster, more efficiently and more securely. Today's budget constraints also oblige us to link appropriations to outcomes. IT expenditures must yield results that support the highest priorities of state government. Our intent is to set the stage for agencies and the executive branch to work together to ensure that the state's priorities are aligned with its IT resources and planned expenditures. The plan explores how we can advance toward this goal by developing an enterprise architecture. Through enterprise architecture we gain a comprehensive view of what would bring value to the state as a whole. This view may lead us to see common needs across agencies. We may find ways to streamline our processes. We may discover possibilities for sharing IT solutions and leveraging the state's purchasing power for acquiring hardware, software and services. This kind of collaboration can help us contain costs even as we improve the performance of state government. Governor Perdue has stated his desire to make Georgia one of the best-managed states. We at GTA are pleased to be able to contribute to this goal. We will continue to assess new technologies, improve our infrastructure and advise agencies on creative ways to simplify business processes, select the best technology and manage projects to reduce risk. We will also continue to examine how state government can operate more as a single entity. We could not have compiled this document without the information and insights provided by many agencies, and we are grateful for their assistance and encouragement. We look forward to planning the future together.
Tom Wade State Chief Information Officer GTA Executive Director

Summary

IT Management Applications Infrastructure
Information technology is the underpinning of government policies, programs and operations.

This plan discusses emerging technologies and ideas about best practices in IT management, applications and infrastructure. Agency initiatives and collaboration are highlighted.

IT Management

Information technology has the potential to enhance government efficiency and responsiveness, but success requires sound decisions about quality, cost, reliability and security of infrastructure and systems. Decision-makers must understand the important business functions of state government and the infrastructure and applications necessary to support them, so they can set priorities for spending based on what will bring maximum benefit.

Enterprise Architecture. Georgia will document the functions of state government as part of its enterprise architecture effort. Once this business architecture is established, the technical architecture--including applications and infrastructure-- will be considered in relation to how well it supports the business functions. This information will help pinpoint areas where greater IT support is needed and uncover opportunities to achieve savings through sharing data and IT solutions across agencies.

GTA established a Governance Council, with representatives of agencies and the Governor's Office, to guide development of the state's business architecture. The state's CIO Council will work on the technical architecture and standards.
Project Management. Georgia is emphasizing competency in project management, well-defined requirements and independent verification and validation to keep IT projects on track. The state's critical project review process links IT expenditure requests with budget and

program priorities to enhance the success of projects of strategic interest to state government.
Procurement. Agencies are consolidating their buying power to get the best price on goods and services. Through convenience contracts, enterprise contracts and reverse auctions, state government is saving money by negotiating the best possible price. While GTA reviews proposed agency technology purchases for compliance with laws and standards, there is general agreement that agencies should have as much flexibility as possible.

Applications

Applications join IT infrastructure with the services that provide value to constituents. The best opportunities to transform the way we do business with our constituents are through applications that span many business functions or processes or even cross multiple agencies or governmental subdivisions.

Application development. Web Services provides a common logic and framework for different systems to communicate with each other. The driver's license renewal application and the child support constituent services application use Web Services. But the capabilities will not be fully utilized until state agencies work together to cross organizational boundaries.

Security. Two-thirds of state agencies report that they already use some kind of enterprise protection, and the others are planning to pilot or deploy a solution soon. GTA will support agency initiatives for deployment of both personal desktop firewalls and anti-virus clients to provide defense in depth behind the typical agency Internet firewall.

Other issues: Some agencies have successfully implemented open source solutions, which may be a viable alternative for users who need only a small subset of Windows functionality. Several agencies rely on data warehouses, and those that handle many records and forms use document management systems. Agencies are beginning to use speech recognition services and interactive voice response systems.

3

Summary

IT Management Applications Infrastructure
Several states have begun consolidating their e-mail services to better manage the networks, protect against spam and viruses, and reduce costs.

Infrastructure
The state's computing environment is a complex mix of legacy, customized, third party, and standardized components and code. While developing a unified IT infrastructure is difficult, an enterprise approach can present opportunities to reduce redundant components, increase efficiency and make the infrastructure more robust and secure.

Hardware. Hardware is becoming smaller and more mobile. Devices such as personal digital assistants (PDAs), smart phones and Tablet PCs allow employees to access information while they are away from the office. With limited IT budgets, though, state agencies are wise to focus on small projects as a testing ground for new technologies such as desktop alternatives.
Networks. GTA is planning several major improvements in the state's network and computer operations infrastructure, many of which reflect the recommendations of Governor Perdue's Commission for a New Georgia:
I Multi-protocol label switching (MPLS) promises greater reliability and speed along the state's wide area network, allowing users to transmit voice, data and video together over a single network.
I Moving the data center to a more modern facility will enable agencies to share software and infrastructure.
I Upgrades to the state's human resources management and financial systems will enable agencies to access both new systems through a secure Web site, a more cost-effective solution for agencies.

I The state portal will continue to offer a shared content management system and application hosting while allowing agencies to keep control of their content.
E-mail. Several states have begun consolidating their e-mail services to better manage the networks, protect against spam and viruses, and reduce costs. Georgia state agencies developed their e-mail systems independently, so no standard exists. A first step toward a statewide hosted e-mail system is a unified e-mail address book, which would lay the foundation for securely managing user identities, authentication and access.
Telephony/Communications. Telephony is undergoing a revolution; services such as Voice over IP (VoIP) can consolidate data and voice networks. MPLS promises better security through virtual private networks (VPNs) and greater quality of service for videoconferencing.
More advanced wireless standards promise greater mobility for handheld devices, but the wide range of standards means that agencies must look at what solution is best for their particular business need.

Security. Improving security at the infrastructure level is a strategic direction for Georgia. Privacy legislation and more staff working in the field dictate stricter security policies and procedures. Fortunately, agencies have new technologies available to authenticate users: digital signatures and two-factor authentication such as physical tokens or biometrics.

4

Introduction

IT Management Applications Infrastructure
The ideas presented in this plan can be a catalyst for agencies to share knowledge and experience and begin more comprehensive planning.

How will information technology and the delivery of IT services change for state agencies in the next three years? Answers to this question will give IT and budget decision-makers food for thought as they plan for the delivery of government services.
This strategic plan gives a snapshot of the state's IT environment, comparing it with emerging trends in technology and examining potential responses to those trends. The snapshot includes a look at three major areas of the state's IT resources:
IT Management--processes and practices that foster better IT planning and execution, such as enterprise architecture, procurement, project management and governance.
Applications--operating systems, applications and application development.
Infrastructure--the physical components of the state's IT environment, including hardware and networks.
Emerging technologies influence decisions in all these areas.
(WInedwSBPutluairslsanlittnnrdeeiyginssisgcTcuressnndesw).EPWnoidtreteefraopwslriioiasllenMaAdalrsntcoaehgcidteheemcnstceournlrioetbg/eietshIaTtenhSdcatuaPtrnoirdlleliacunyrstdtsrsatatetPMebraooenjfseatcIgTtpermwaecitnthitcinesGParenoocdrughrieoamwsetnIaTtteisgOoepvveeorrlavntiimnongesnt and highlight some imperatives and possibilities for the future (Georgia).
Finally, security exists at all three levels. Security is an issue for any organization using IT. As stewards of the public trust, though, governmenStechuarsityan even greater responsibility to protect data. Security can be built into the infrastructure, exist as an application, and be a major part of any IT management plan.

Low Strategic High

EmeargnidngInTdeucshtrnyoTloregniedss

IT Management
Applications
Infrastructure

To compile this plan, we met with agency chief information officers (CIOs) and agency leadership. We consulted existing reports, including the IT Expenditures Report, agency IT plans, the CIO Council's emerging technology survey, and the enterprise architecture needs assessment developed from meetings with agency deputies. We incorporated suggestions and clarifications from agencies that reviewed drafts of the plan. We also compiled research from industry publications, other state IT plans and various consulting groups.
The ideas presented in this plan can be a catalyst for agencies to share knowledge and experience and begin more comprehensive planning. Technology advancements create challenges as well, including the need for new workforce skills and possibly greater infrastructure capacity.

E-mail

VoIP

Video

Web

To Athens

Current Wide Area Network

To Atlanta To Macon
5

IT Management

Enterprise Architecture Project Management Procurement Business Continuity/
Disaster Recovery Workforce Issues Security
By looking at common needs across state government, the EA program develops information useful for defining standards and other criteria to guide spending on new technology.

Information technology has the potential to make government more efficient and responsive. Success rests largely on making sound decisions about quality, cost, reliability and security of our infrastructure and systems. Success also rests on our ability to take a more comprehensive, less siloed approach to making decisions about how to invest IT dollars.
This section describes how we are working together to better manage issues of common interest and high value to the state. Among these issues are how we are moving toward common standards and sharing technology through building an enterprise architecture and how this activity relies on a governance structure based on collaboration.
Enterprise architecture defines the business of government. It is shaped by the state's strategic initiatives, goals and services, which are identified through strategic planning. When decisionmakers understand the important business functions of government and the infrastructure and applications necessary to support them, they can set priorities for IT spending based on what will bring maximum benefit (portfolio management).
The diagram below shows the connections between enterprise architecture and government IT operations. Policies, standards and critical needs are derived from the architecture. They influence the funding and management of projects as well as procurement activities to carry out the projects. They also influence operations planning for disaster recovery and business continuity. Security is an overarching concern.

Strategic Business Planning

Enterprise Architecture/ Portfolio Management

IT Standards and Policy

Project Management

Procurement Operations

Security

Enterprise Architecture
Following the lead of the federal government, Georgia and other states are developing a statewide or enterprise architecture (EA). State government's business functions are documented first, and then the technology--including applications and infrastructure-- is reviewed in relation to how well it supports the business functions. This information helps pinpoint areas where greater IT support is needed. It also uncovers opportunities to achieve savings through sharing data and IT solutions across agencies.

Low Strategic High

Georgia's statewide enterprise architecture (EA) program analyzes the functions, structure and processes of state government in relation to its coITmputing infrastructure. MThaenapguermpoesnet is to ensure that state government's business neAepdpsliacraetisounps ported by its technology.
Infrastructure
The lack of a coordinated approach to selecting technology solutions has led to unnecessary duplication, incompatible systems and difficulty sharing information and components across agencies. By looking at common needs across state government, the EA program develops information useful for

EmeargnidngInTdeucshtrnyoTloregniedss

defining standards and other criteria to guide spending on new technology. Governor Perdue's Telecommunications and Technology Task Force supported development of an enterprise architecture.
Industry Trends
Private sector. Interest in enterprise architecture has grown over the last five years because of its promise to reduce application development time, to match IT investment with the needs of the business and, ultimately, to rein in technology costs. Enterprise architects are hired to clear away what has been described by a

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security

6

E-mail

VoIP

Video

Web

To Athens

Motorola vice president as "a spaghetti layer of applications, boxes and wires."
The appeal of enterprise architecture to those responsible for selecting, deploying and managing new technologies is that it provides a process for economically migrating new technology into the business and for understanding how this process affects the company's bottom line. Motorola, General Motors, Pfizer and AT&T are among the companies using EA.
Federal government. The Clinger-Cohen Act of 1996 was intended to eliminate redundant systems and ensure the best use of IT resources in the federal government. The act requires using a "portfolio investment process" to capture performance and cost measures to be used in making decisions about technology investments. It also requires that agency CIOs develop and manage an integrated and aligned information technology architecture (enterprise architecture).
Federal agencies must submit a business case to the Office of Management and Budget (OMB) for major investments. The business case describes the proposed investment and explains how it aligns with the agency enterprise architecture and supports the agency mission and business initiatives. All current and long-range IT capital investments must be aligned with the federal enterprise architecture developed by the Federal CIO Council.
State initiatives. From the Y2K experience many states learned that their IT spending and management processes were ineffective. A huge number of systems and computer programs had to be inventoried and updated. Some states had to adopt new funding

and investment management practices, and even new IT management organizations, to effectively spend what was needed for Y2K remediation. As a result, many states started EA programs as a response to lessons learned in Y2K.
Today, EA is regarded by the National Association of State CIOs (NASCIO) as a critical need in state government for surmounting difficulties created by:
I Aging legacy systems
I Inability to share accurate and complete information
I Inability to respond to new and urgent requirements
I Inability to control costs during lean budget years.
Georgia
Georgia's EA program is modeled on the federal EA program. Although other state EA programs differ in design and details, they share a common set of goals, which Georgia's program has adopted:
I Get a better return on IT investments
I Establish a process for continual evaluation and integration of technologies that best serve

the business of state government and citizens
I Ensure IT supports the business needs of government
I Integrate IT systems
I Provide better access to information
GTA established a Governance Council composed of executivelevel agency staff and representatives from the Governor's Office to guide development of the state's business architecture. The state's CIO Council will develop and implement the technical architecture and standards to support the business architecture.
These two groups will build on efforts begun in 2003. State agency executive staff met with GTA to discuss their customers' expectations and barriers to meeting them. Although the six communities of interest-- education, health and social services, economic development, public safety, finance and administration, legal and regulatory-- had some unique needs, their customers had similar expectations: a high degree of customer service, access to information

Many states have EA programs. Is there an example to illustrate what happens as a result of EA?

Missouri's EA program has created a broad range of standards for security products and tools, operational controls, system management, technical controls, encryption and firewalls.
Arizona has established an EA framework and identified domains--data, software, platform, network and

security. For each domain, Arizona has developed a target architecture document that defines the "to be" architecture. Agencies can use this information to craft new solutions and to guide them on replacing legacy systems. They also develop plans to migrate to the new standard infrastructure.

GTA established a governance council composed of executive-level agency staff and representatives from the Governor's Office to guide development of the state's business architecture.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 7

Improvements might include simplifying a business process to eliminate redundant paperwork.

Enterprise Architecture Framework

Business Functions

Technology

What information (data) is involved?
How do we do business? What are our processes?
Where are our business locations?

Information and reports about constituents, vendors, employees
Business processes and business process models
Business locations, offices, facilities

Data models, databases, data
System management processes, computer programs
Network, routers, desktop computers, database servers

Who does what in our organization?
When are the important business cycles?
Why do we exist--what are our mission, programs, and services?

Org chart and roles, workflow models
Funding, accounting, review, reporting cycles
Mission, goals, objectives, initiatives, programs, projects, services

Access control lists and role-based permissions
Processing and backup cycles
Business rules, backup policies, security policies, stored procedures, triggers, escalation rules

and services, a balance between privacy and security; a stable infrastructure; and seamless service. They identified common barriers: funding, technology and staffing.
GTA took two other steps to establish a foundation for enterprise architecture: GTA's network and computing resources were inventoried and information was gathered about applications and middleware tools that run on GTA computer systems.
This reference architecture and applications inventory will continue to be updated and will be used with information about the business architecture to plan improvements.
With the assistance from agencies on the governance council, the state's existing business and technology architectures will be documented. At the same time, pilot projects will be implemented that benefit multiple agencies.
Information about agencies' current business functions and

technology will form the EA framework shown above.
Modeling and analysis tools are used to assess the alignment between the business and technology columns of the framework. Gaps and redundancies are identified, and then improvements are planned for both the business and technology architectures. Improvements might include, for example, simplifying a business process to eliminate redundant paperwork or developing an application that can be shared by multiple agencies.
During FY 2005 and 2006, the governance council will select projects to carry out through the EA program. These projects should support an agency's strategic plan but should also support the needs of other agencies. They might involve sharing data, applications or technology. In addition to the projects benefiting agencies by providing shared solutions, they will help shape Georgia's EA program and test criteria for selecting future projects.

Project Management
With limited funds and staffing and growing responsibilities, agencies must prioritize IT projects and practice proper project management techniques to ensure that they are completed on time and under budget. Georgia's critical project review process links IT expenditure requests with budget and program priorities to enhance the success of projects of strategic interest to state government.
Industry Trends
In his book "Project Planning, Scheduling, and Control," James P. Lewis writes that every IT expenditure typically becomes a project--that is, a one-time, multitask job with a definite starting point, definite ending point, a clearly defined scope of work, a budget, and usually a temporary team. The key is execution-- working with tools, people and processes to get the job done.
From a strategic perspective, project management makes certain that projects are correctly

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 8

identified, prioritized and managed in relation to the goals and objectives of the organization. It also clearly lays out the work activities necessary to accomplish the business requirements the project is designed to meet.
A direct relationship should exist between IT expenditures and improved business performance. Yet, in government and industry, less than one-third of IT spending leads to better business performance. Much IT spending is not geared to improving performance at all.
According to a 10-year study of major industries conducted by the Standish Research Group, only 26 percent of tech projects are successful, meaning they are completed within budget, on time, and meet business needs.
Ensuring that IT dollars yield business results requires increased competency in project manage-

ment. Given the dim prospects for success faced by most IT projects, the role of project management is becoming increasingly critical.
Deciding how to approach a large project often presents a major stumbling block. Increasingly popular is an iterative process that divides the large project into smaller, short-term projects, enabling organizations to progress and deliver. Dividing large projects into smaller pieces also offers flexibility as scope and expectations change.
The portfolio approach to managing IT investments also has gained ground in recent years. According to Gartner, "By 2005, 70 percent of IS [information systems] organizations will have adopted a mix of project portfolio management application services for team collaboration, resource allocation, and utilization and cost tracking."

SACWIS

Since 1994, the federal government has made available matching funds for states to build systems to manage all aspects of child protection cases. These systems are known as Statewide Automated Child Welfare Information Systems, or SACWIS for short. SACWIS would serve as a comprehensive automated case management tool for caseworkers and supervisors in the state's child welfare agency.
A 2003 Government Accounting Office study found that 46 states are either developing or operating a SACWIS system. Enough SACWIS systems have been developed to give Georgia the option of

either transferring and modifying another state's system, or using the design of another state's system. The Georgia Department of Human Resources is the lead agency for the project.
With SACWIS, DHR caseworkers will have quicker access to all relevant information about child abuse cases so they can make better-informed decisions about preventing further abuse and reunifying children with their families. The system will alert case managers about important court dates, help ensure that policies are followed and enhance a caseworker's ability to monitor foster children.

This approach involves selecting projects that support an agency's strategic direction while at the same time supporting essential operations. Striking the important balance between the strategic and operational requires an understanding of how projects are interrelated.
Georgia
An example of the portfolio approach, Georgia's critical project review process links IT expenditure requests with budget and program priorities to enhance the success of projects of strategic interest to state government. Through the reviews, a panel of senior executives in the Governor's Office stays informed of project status, progress and any issues affecting selected projects.
The panel is providing oversight to several projects: the Department of Human Resources' child protection information and case management system project and bioterrorism program, the Department of Education's Student Information System, the Department of Community Health's Medicaid claims system, and the financial and human resources system upgrade.
Lessons learned from implementing these projects may be applicable to other projects. For example, experience with DHR's child welfare system could aid in building case management systems for the Department of Juvenile Justice, the Department of Corrections and other agencies.
GTA will continue to institute the discipline of project management and build the competency of

Ensuring that IT dollars yield business results requires increased competency in project management.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 9

A handful of states have implemented e-procurement systems, which use the Internet to streamline purchasing and reduce costs.

project managers throughout state government by providing low-cost training, direction and a methodology to follow.
GTA also is committed to boosting project success by developing well-defined requirements for each project, a process that must involve sufficient planning with both users and business owners. Projects that lack clear business requirements have only a 70 percent chance of success-- meaning their results have just a 70 percent chance of meeting expectations. Having solid requirements also puts the state on firmer footing to assess vendor performance.
GTA sees real value in obtaining an outside view of projects and their results through independent verification and validation (IV & V). The process improves the quality and reliability of a product and assures that it meets expectations. The complexity of most IT projects makes IV & V essential.

In 2004, the Georgia Senate and House of Representatives each passed resolutions encouraging state agencies to use IV & V for large technology projects. The resolutions recommend that agencies use GTA for IV & V on projects that cost between $1 million and $5 million and a vendor for projects exceeding $5 million.
Procurement
Agencies must consolidate their buying power to get the best price on goods and services. Through convenience contracts, enterprise contracts and reverse auctions, state government can save money by making sure that each agency is paying the best possible price for the product.
Industry Trends
In an effort to reduce procurement costs, both the private and public sector are experimenting with online "reverse auctions," which are similar to eBay except

that the winning bidder is the one who bids lowest to deliver a product or service. General Electric claimed a savings of $600 million using reverse auctions in 2001. The Kentucky League of Cities has developed an online reverse auction system that, according to Government Technology magazine, has saved cities about $5 million, with an average savings of 15 percent on each contract.
However, some critics of the concept claim that reverse auctions focus too much on price and not enough on quality of service. Because all bidding is done online, businesses do not have the opportunity to meet with the customer or show samples of their work.
A handful of states have implemented e-procurement systems, which use the Internet to streamline purchasing and reduce costs. California has implemented an e-procurement system called CAL-Buy. With the Internet-based system, agencies can search for more than 28,000 products on contract and order them online.

PeopleSoft Human Resources and Financial Systems

The state is replacing the existing PeopleSoft human resources system with the latest release of Version 8. The upgrade is scheduled to be completed in 2005. Since the new version will work over a secure Web site:
I Agencies won't need to invest in new computers because users only need a browser
I No executable files will be stored on users' computers, resulting in less need for technical support
I Employees will be able to update their own personal information, such as address changes, freeing human resources staff from clerical tasks

I Employees with direct deposit will get their paycheck vouchers through a secure Web site
Upgrading the PeopleSoft financial system will make transactions between state agencies easier and more automated. For example, Version 8 will link Accounts Payable in one agency with Accounts Receivable in another agency.
In addition, Version 8 includes a three-way matching process to compare vouchers with purchase orders and receiving documents. The result is more accurate payments for goods and services. The updated system will ensure payments are made only for the exact items ordered and received.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 10

North Carolina has also moved its procurement process online and estimates a savings of $162 million during the first two years.
Georgia
Technology is making it possible for purchasing officers in Georgia state agencies to obtain more competitive pricing for the products and services they need. At the same time, vendors can learn about bid opportunities more quickly and easily, and automating the purchasing process eliminates administrative tasks.
The Department of Administrative Services (DOAS) has led state government with innovative e-purchasing initiatives.
Reverse auctions. DOAS has conducted three reverse auctions, which resulted in savings of $612,000 on key commodities purchased by state and local governments: $81,000 for bulk paper, $219,000 for heavy-duty trucks and $312,000 for pursuit vehicles. Reverse auctions were authorized by the Georgia General Assembly in 2003 with passage of HB 291. The Web-based, real-time bidding process allows vendors to view bids as they are posted and to revise their own previous bid.
E-Quote system. DOAS' new E-Quote system automates the process of soliciting, receiving and awarding bids for products costing less than $10,000. From a list of pre-qualified vendors, E-Quote randomly selects bidders to receive an announcement about a bidding opportunity. The system e-mails the announcement, tabulates vendor responses and follows up with another e-mail to the winning

vendor. E-Quote is entirely Web-based, and its use ensures compliance with state procurement rules and requirements.
Expansion of the Georgia Procurement Registry. DOAS redesigned and expanded the Georgia Procurement Registry to accept bid opportunities from cities, counties and school systems. Local governments can more easily reach a larger number of potential bidders, and vendors can learn about business opportunities more quickly. The Georgia Procurement Registry is a Webbased application that enables vendors to search for bid opportunities by state or local government or type of bid, such as information technology, construction, commodities and services.
While DOAS is responsible for non-technology products and services, GTA conducts competitive bids for telecom and information technology products and services. By negotiating on behalf of all agencies, DOAS and GTA consolidate the state's purchasing power to obtain the most competitive pricing possible.
GTA negotiates two types of technology contracts: those available for use by any agency for direct purchases of products and services and those used solely by GTA to purchase products and services on behalf of state agencies.
To ensure even greater choice and more competitive pricing, GTA provides agencies with easy online access to the federal government's GSA Schedule 70 contracts for technology products and to technology contracts negotiated by the Western States Contracting Alliance, a consor-

tium of 36 states. The pricing available through these contracts represents the maximum amount an agency would pay, and agencies are encouraged to negotiate even greater discounts through direct negotiations with vendors.
The search for highly competitive pricing through GTA-negotiated contracts, GSA Schedule 70 and WSCA usually drives agencies to well-known, large-volume manufacturers. This practice raises the question of how to balance such attractive cost breaks with the desire to support small and minority-owned businesses based in Georgia. The question is especially acute today as agencies struggle to balance tight budgets and face the prospects of additional cuts.
GTA's review of proposed agency purchases ensures compliance with both purchasing laws and statewide technology standards. However, GTA also recognizes that agencies should have as much flexibility as possible to approve their own technology purchases. Under current rules, agencies must obtain GTA's prior approval before making purchases of more than $50,000. GTA began an audit of randomly selected state agencies in 2004 to assess the feasibility of raising the threshold.
Significant changes in the purchasing process may occur in the future as a result of recommendations from the Commission for a New Georgia. The commission was established by Governor Perdue to study improvements in government operations, including procurement. Among its recommendations is the establishment of a central procurement author-

Significant changes in the purchasing process may occur in the future as a result of recommendations from the Commission for a New Georgia.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 11

Not only must agencies develop their own disaster recovery plans, but they must also look at their business processes.

ity with a single procurement director for state government. The authority would be responsible for determining when purchases must be made through a central procurement office and when they could be made by an individual agency.
Business Continuity/ Disaster Recovery
Agencies must develop a clear business continuity and disaster recovery plan, working with other agencies to identify critical services, define overlapping functions and keep government running in the event of a disaster.
Industry Trends
The aftermath of 9/11 made clear the importance of having a disaster recovery and business continuity plan. One law firm's offices, which were a few blocks away from the World Trade Center, were destroyed on Sept. 11. Unfortunately, they had decided to store their backup tapes in the World Trade Center.
According to Gartner, 85 percent of America's large businesses have a disaster recovery plan, but only 25 percent have a business continuity plan. In other words, businesses know how to protect their infrastructure and information, but they do not know how to keep their business up and running after a disaster. IBM reported that after 9/11, many companies found themselves with not enough workspace, incomplete recovery plans, and lack of training and communication.
State governments face a tougher challenge. Not only must agencies

develop their own disaster recovery plans, but they must also look at their business processes, some of which may overlap with other agencies, and determine how to keep those processes running. For instance, if a disaster occurs, state agencies not only have to make sure their day-to-day business stays afloat, but they have to make sure that they give payroll information to GTA so paychecks can be printed.
Georgia
In March 2004, GTA successfully tested the data center's disaster recovery plan, which covers the state's major infrastructure and systems. After a disaster, GTA will recover the operating environments for all mission-critical applications hosted in the state

data center. The recovery will include hardware, operating systems, network connectivity, and security for the production environment. GTA will not recover test, staging or development environments as part of a disaster recovery effort. The authority is working with agencies to establish application and data recovery priorities.
GTA will continue to work closely with agencies to make sure that they have a common understanding about the basics of planning for disasters and use common templates and tools. Agency business continuity/disaster recovery plans should be integrated with the state data center DR plan.

Can you give some direction on transitioning from legacy applications to more current technologies?
For some time to come, legacy systems will continue to exist even as newer, less costly and better-performing technologies emerge. Efforts to upgrade or replace legacy systems are hampered by tight budgets and insufficient analysis of how modernizing one system will affect other systems.
Enterprise architecture (EA) can help. EA provides the information and analysis needed to make decisions about which new technologies to invest in. Through the EA program agencies will create a migration plan useful for determining technical and budget requirements for moving from current to future systems.
The EA program will help agencies manage the transition from old to new technology by:
I Identifying common needs and problems and new solutions that will benefit multiple agencies
I Working with agencies to refine their business requirements to ensure that the new system meets their business needs
I Identifying integration technologies and strategies that support legacy systems while replacement planning and implementation are underway.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 12

Workforce Issues
Employee retention has always been a problem for state agencies, but in IT the problem is magnified. The state must develop more effective retention initiatives and customized training for current staff and management. Outsourcing will continue to be controversial, but agencies must consider this alternative if a job function can be done better or more efficiently elsewhere.
Industry Trends
Sourcing. Outsourcing IT functions is becoming more common; according to an issue brief published by the National Association of State CIOs, state and local IT outsourcing will increase from $10 billion in FY 2003 to $23 billion by FY 2008. Gartner estimates that outsourcing makes up 53 percent of the total worldwide IT services market.
State agencies are asking themselves whether they are the best vehicle for providing certain services and business functions, especially as budgets continue to get tighter. Sometimes they find that outsourcing functions to a company that specializes in that function is the best solution. Outsourcing is seen as the best alternative in three situations:
1. Areas with large labor costs such as call centers
2. Areas that are not the organization's main focus or core competency
3. When a business can perform a function better or more efficiently.

Sourcing options have become more mature across the board, so outsourcing is a viable choice for more functions than ever before.
Employee retention is also a problem for the IT industry. For IT departments, though, the effect is magnified. Finding qualified job applicants was easier during the economic downturn, as the dot.com bubble burst. However, as the economy improves, state employees who may have previously worked in the private sector may return, further contributing to the government "brain drain."
Georgia
Today, almost four out of every 10 state employees have been working for the state for less than five years. Almost two-thirds leave within 10 years.
The Georgia Merit System has been emphasizing workforce planning as a major priority of state government, pointing out that IT is one area of concentration. Its recommendations include customized training, management and leadership programs, improving the recruitment and screening processes and identifying low-cost employee incentives.
The Georgia Department of Labor sees a need to better define career paths and establish employee recognition and reward programs, including promotions, for its employees. In addition, focusing on leading-edge technology and adopting industry best practices will attract the best and brightest employees and help retain current staff. If employees feel challenged and are excited about working with the same technologies as in the private

sector, they may stay. Teleworking may be another inducement.
Agencies may look to outsourcing some of their business functions, such as application development, to regain the knowledge base lost by attrition. Outsourcing, especially when turned over to countries overseas, is a controversial issue.
In addition to assessing the impact on jobs, in each case of potential outsourcing, agencies must determine whether the outsourcer can meet security and quality of service standards. They should also establish a good foundation for communication and collaboration with the outsourcer and ensure that the state has the ability to provide solid oversight over a long distance.
Since its formation in 2000, GTA has been carefully evaluating the benefits of outsourcing major components of the state's IT and telecom operations. A significant step was taken in July 2004 when GTA selected BellSouth Business Systems, Inc. to upgrade and manage the state's wide area network.
The outsourcing of the state's wide area network is enabling GTA to enhance its skills in vendor management. State agencies are also gaining a greater understanding of how outsourcing works and the benefits it offers. As a result, we are improving the prospects for successfully outsourcing other state operations. For example, GTA is also evaluating the feasibility of outsourcing the operation of the state data center.

State agencies are asking themselves whether they are the best vehicle for providing certain services and business functions, especially as budgets continue to get tighter.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 13

State agencies have created an information security officers group that meets monthly to discuss securityrelated topics and share information on these issues.

Security
Agencies have many opportunities to collaborate and find better ways to address security issues through organizations such as ISACs and Internet security officers groups.
Industry Trends
HIPAA. The Health Insurance Portability and Accountability Act of 1996 is a federal law designed to allow employees to retain health insurance between jobs. It also created regulations to protect personally identifiable health information. The Department of Health and Human Services has issued HIPAA privacy regulations as well as other regulations under this law.
The National Governors Association has declared that HIPAA "represents one of the largest unfunded federal mandates in recent history, as no federal dollars were explicitly committed to the implementation of this federal law." The new standards for electronic transactions, privacy and security mean that affected agencies must either make massive changes to their information systems or contract with a clearinghouse to translate their codes. They must also enact policies to address privacy and security. Recently, Indiana estimated that HIPAA will cost $173 million for compliance--only $23 million of which will be eligible for federal reimbursement through the Medicaid program.

ISACS. Information sharing and analysis centers (ISACs) are a relatively new concept in the information security world, having grown largely out of a presidential directive.
An ISAC exists to enable its members to share data about security threats. The ISAC operations staff gathers, analyzes and disseminates to the members an integrated view of information system vulnerabilities, threats and incidents. Other information may be gathered from public and private sources. This data produces a clear picture of the current state of the threat to the members. The ISAC also shares best security practices and solutions with its members.
Georgia
HIPAA. At least 13 state agencies are affected by HIPAA and are participating in meeting its requirements within federally mandated timeframes. HIPAA most directly affects agencies that handle health care information, such as the administration of Medicaid and employee health benefits by the Department of Community Health and the Department of Human Resources. DCH has already made considerable progress. Its new claims processing system, which debuted in April 2003, is HIPAA compliant. DCH is working closely with federal agencies as well as a public/ private organization formed to support HIPAA implementation in Georgia.

ISACS. Georgia is actively participating in the Multistate ISAC, an ISAC focused on cyber threats and attacks. GTA's Information Security Office represents Georgia in monthly teleconferences. It appears that this will be the most relevant ISAC for Georgia, as all 50 states participate, and it is chartered by the Department of Homeland Security.
State agencies have created an information security officers group that meets monthly to discuss security-related topics and share information on these issues. The group is developing firewall standards and is also increasing awareness through vendor presentations and hands-on "boot camps" on how to configure intrusion detection systems and firewalls.

Enterprise Architecture l Project Management l Procurement l Business Continuity/Disaster Recovery l Workforce Issues l Security 14

Applications

Software Application
Development Security Data Warehousing Document Imaging Interactive Voice
Response
Applications that cross multiple agencies or governmental subdivisions give constituents the seamless service they want.

Applications are the glue that joins IT infrastructure with the services that provide value to our constituents. Many of the applications in the state focus on one specific business function or process.
Applications that span many business functions or processes present the best opportunities to simplify and streamline the way we do business with our constituents. Applications that cross multiple agencies or governmental subdivisions give constituents the seamless service they want. For example, government has become more cognizant of the fact that a constituent who is registering a new corporation may also need a taxpayer ID number for that corporation. Finding ways to link these processes is a priority.

Software
Some agencies have successfully implemented open source solutions, which may be a viable alternative for users who need only a small subset of Windows functionality.
Industry Trends
Microsoft plans to release its next generation operating system, Longhorn, in 2006. Microsoft has not given any great detail on hardware requirements for the new OS, which features a new presentation layer, file system, messaging subsystem and application program interface (API). However, industry analysts say that to fully utilize Longhorn, a new generation of hardware may be required.
Linux, an open source variant of UNIX, is emerging as an alternative to Windows due to its attractive total cost of ownership and its ability to run on less powerful hardware. More office productivity tools are enabling Linux to be used in an enterprise environment. Also, both Sun and Novell are selling Linux desktop solutions, and IBM is considering migrating its internal desktops to Linux.

The biggest challenge in deploying open source on the desktop is managing a large number of desktops. Finding replacements for the varied applications users are running is problematic, and administration tools are not yet mature. Both Sun and Novell recognize this issue and are working to address it in new product releases.
Microsoft Office has also become the universal desktop productivity suite, with more than 90 percent of the market share. The next major release of Office is Office 12, which is being optimized for Longhorn. Since Longhorn is anticipated to be released in 2006, it seems unlikely that Office 12 is going to be a concern for IT departments until late 2006 at the earliest. While details on Office 12 are sparse, analysts expect that users will get the most benefit from Office 12 by also migrating to Longhorn, which (as noted earlier) will require a new generation of hardware. Given those constraints, the biggest obstacle to migration to Office 12 will not be availability of the general release, but the budget to afford the upgrades.

The open source community has offered an alternative in the office product suite of software as well. Open Office is a free, open source set of applications and boasts 16 million downloads. It features a word processor, spreadsheet, presentation software and database and runs on Windows, Linux, Sun Solaris and MacOS operating systems.
Georgia
Microsoft's operating system is installed on most computers in state government. GTA's enterprise agreement with Microsoft includes about 61,000 installations of Microsoft Office in state and local government, and many organizations that did not join the enterprise agreement are running Microsoft's operating system and the Office suite.
There is some interest in open source software. According to a survey of state agencies about emerging technologies, agencies were split on whether to use open source. Ten agencies had already deployed some open source software, while 14 agencies had no interest in it.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 15

Programming languages are constantly evolving; as computers become more powerful and users demand more features, programming languages and the tools that support them become more complex.

Two agencies are leading the way in deploying open source software. The Department of Audits and Accounts is running the Linux operating system and the Apache Web server to host its Web site (www.audits.state.ga.us). Meanwhile, the Department of Corrections is also using open source software to host its public Web site (www.dcor. state.ga.us), and has been experimenting with using Linux as a desktop operating system and Open Office as a replacement for Microsoft Office in one of its field probation offices. The purpose behind this pilot is to breathe new life into older, slower PCs and examine whether the total cost of ownership for workstations can be decreased.
When Microsoft's Longhorn operating system debuts, few agencies will adopt it at first. Migrating to Longhorn and achieving full functionality will almost certainly require purchasing new desktop systems-- a decision that has budgetary implications for all IT departments.
GTA does not expect a 100 percent conversion to open source to be viable for most agencies. Power users and staff who have a large amount of outside contact and collaboration will stay on Windows desktops. Users that need only a small subset of Windows functionality (e-mail, basic word processing) are good candidates to migrate to an open source solution. However, there are still some interoperability issues when working with shared resources

popular in the Windows environment--network drives, e-mail, calendars and directory services.
Other issues such as training for users and administrators and user acceptance must be addressed before open source becomes a preferred choice for large organizations. Between now and 2006, some early adopters may make the switch but not in significant numbers. The main operating systems will continue to be Windows 2000/XP.
Application Development
Web Services is becoming a standard tool in the application developer's toolbox, but using it across organizational boundaries will still be difficult. With Web Services, the barrier to interoperability has become less technical and is more a consequence of the siloed way government has traditionally worked. The implications for an IT department in application development are clear: if you are not developing in Java or .NET, you are swimming against the tide.
Industry Trends
Web Services. Web Services provides a common logic and framework for different systems to communicate with each other. These systems may have different platforms or programming languages, but XML allows data to be shared freely. Developers can then add functionality from another system to their own application using the same front-end interface so the user experiences a common look and feel.

Web Services has received a great deal of attention in the last few years, but is just beginning to fulfill its promise. The adoption rate has been slow due to the lack of tools and the difficulty of using Web Services securely across organizational boundaries.
Managed code. Programming languages are constantly evolving; as computers become more powerful and users demand more features, programming languages and the tools that support them become more complex. Over the last few years the market has moved from languages that are compiled to a specific processor, such as C and C++, to managed languages such as Java or the languages that support the .NET framework (such as C#).
The concept behind a managed language is that, rather than translating high-level language and instructions to a specific processor, they are translated into instructions for a virtual machine (VM), which is independent of the underlying processor. One of the advantages of the VM is that it does a better job of keeping the program from interfering with other programs that may be running.
Another advantage is portability across different operating systems and chipsets. The VM has to know the difference between systems, but only needs to be created once per OS/processor. Any program written to conform to the VM can then run on any OS or processor.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 16

Looking beyond the browser

Corporations quickly adopted Web browsers as the platform for delivering applications to users. Browsers were a perfect vehicle for seldom-used applications, but as IT organizations quickly learned, HTML had limitations, and not all applications were suitable for a Web browser.

tiple operating systems. Finally, it is possible to build applications that can run in Eclipse when the user is not connected to a network, something that Web browsers lack. Other vendors, including Microsoft and Macromedia, maker of the Flash plug-in for Web browsers, have been pursuing similar experiments.

Several software vendors are moving toward a "rich client, zero administration" paradigm for desktop applications that combines the low maintenance of the browser with increased capabilities. IBM's Eclipse Platform was designed as a tool for software developers to write, test, and deploy software in a multi-language, multi-platform environment. Its use of the Java programming language allows it to run on mul-

For state government, the benefit of a rich client solution would lie in supporting business functions that (a) are delivered by a workforce spread across the state, such as the Division of Family and Children Services or the Office of Child Support Enforcement, and (b) require field workers who are not always in the office and may have only intermittent network connectivity.

Georgia
Web Services. Georgia currently uses Web Services in several applications. The driver's license renewal application, hosted on www.georgia.gov, uses Web Services to communicate between the portal and the backend application.
The Office of Child Support Enforcement's Constituent Services application makes extensive use of Web Services. The presentation layer of the Constituent Services Portal is hosted on www.georgia.gov. The presentation layer makes a series of Web Services calls to a set of business objects living in another environment--the Advanced Windows Environment--hosted in the state data center. The business objects in turn access data in the Child Support database on the IBM mainframe, also hosted in the state data center.

GTA sees Web Services becoming a standard tool in the application developer's toolbox, but using it across organizational boundaries still will be difficult. With Web Services, interoperability has become less of a technical issue and more of a consequence of government's traditional work culture.
The potential exists for online applications that use Web Services to share, collect and disseminate data from various sources across agency lines, which will prevent constituents from having to go to several different Web sites for services. Currently, the Department of Motor Vehicle Safety and the Department of Human Resources both run applications that utilize Web Services to communicate with legacy systems, but there are no examples of Web Services being used across agency boundaries. Web Services will not be fully utilized until state agencies begin

to work more closely with each other to share information.
Managed code the norm. The implications for an IT department in application development are clear: if you are not developing in Java or .NET, you are swimming against the tide. The advantages of Java or .NET are several: more tools and libraries supporting these frameworks, readily available training, and a larger pool of trained and experienced developers.

The potential exists for online applications that use Web Services to share, collect and disseminate data from various sources across agency lines, which will prevent constituents from having to go to several different Web sites for services.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 17

The "Broadband Divide"

The well-documented distance between the information rich and the information poor is disappearing through a combination of Internet adoption and alternative access through wireless devices (cell phones). The Pew Foundation recently reported that nearly 75 percent of the U.S. population, or 204.3 million people, have access to the Internet from home.
However, the divide has reappeared on a new level: Broadband vs. dialup. For the first time ever, more Americans have broadband access than dialup, according to the market research company Nielsen/NetRatings. But according to Pew, 60 percent of the dialup users said they

were not interested in switching to broadband. This "broadband divide" forces government agencies to continue to offer content through a bandwidth at the lowest common denominator.
President Bush has proposed that affordable high-speed Internet access be available to all Americans by 2007. The U.S. Department of Agriculture is making rural development loans available to communities to develop broadband initiatives. In August 2004, the USDA announced $6.375 million in loans to construct a DSL-based system in six central Georgia communities.

The emergence of spam has also created a new entry for viruses, which are becoming more cunning and complex.

Security
Managing spam and viruses is now a full-time job. As the methods of infiltrating e-mail systems grow in number and complexity, agencies have to be on constant alert, protecting their systems and moving quickly to respond to threats.
Industry Trends
Cyberterrorism and viruses. In 2003, CERT, a leading Internet security research center, reported a 67 percent increase in the number of security incidents on the Internet from the year before. The increased presence of mobile devices that roam across multiple networks complicates the picture further, since these devices may not always be within the state's virus protection.
Intrusion detection tools, which identify and characterize unauthorized network access, are becoming more sophisticated. Current releases of popular products provide both alerting and forensics capability. They give fewer false

alarms and provide more convenient management features and better analysis tools than were available only a year ago. Although the tools have improved, isolating specific incidents by IP address can still be a challenge.
As the number of attacks increases, developers must constantly create new ways of blocking them. These include server-type systems that use intrusion detection and prevention, content filtering, virus scanners, and firewalls, and client-side systems such as personal firewalls and virus scanning software.
Spam and spyware. E-mail is becoming less effective as people and organizations try to cope with spam. Industry experts estimate that as many as three out of every four e-mails may be spam. Ferris Research reports that spam is costing U.S. corporations $8.9 billion, including $4 billion in lost productivity and $3.7 billion in diverting staff time and upgrading servers and bandwidth. Meanwhile, a 2003 study showed that across the top 12 ISPs, about 17 percent of legitimate e-mail was blocked as spam. So users are losing e-mail that they want to

read, and reading e-mail that they do not want.
The emergence of spam has also created a new entry for viruses, which are becoming more cunning and complex. For instance, a spam-generating virus can cause a surge in network traffic, prompting system administrators to move to eliminate the spam. As they work, the virus inserts a program into the system that collects passwords via the users' keystrokes.
Spyware is also becoming a serious security problem. Spyware is software that can be secretly installed on a computer, usually as part of another program. It can monitor keystrokes, scan files on your hard drive, monitor Internet usage and report the information to a remote location. It can also read, write and delete files, download and install other software or even reformat the hard drive.
Georgia
Agencies are taking cyber threats very seriously. According to the emerging technologies survey, two-thirds of state agencies said they already have some kind of

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 18

enterprise protection in place, and the other third were planning to pilot or deploy something soon. Many agencies had already implemented an anti-spam solution. No agency thought this technology was irrelevant; however, the type of solution varied greatly. Agencies are using at least 10 different solutions, and each agency had different pricing on the technology.
GTA will support agency initiatives for deployment of both personal desktop firewalls and personal desktop anti-virus/antiworm clients to provide defense in depth behind the typical agency Internet firewall.
Although larger state agencies have ordinary Internet firewalls in place, several threats can be most effectively defeated by a firewall on each computer. Certain types

of malicious code can pass through Internet firewalls through a Web browser session or arrive from home on removable media. Once infected, a local desktop inside the agency firewall can become a broadcasting station, sending worm code to other machines on the agency network inside the agency Internet firewall.
GTA will encourage the selection of desktop products that provide for centralized management for virus and worm definitions and behavior rules, and centralized personal firewall policy administration. Standardization will help enable rapid response to new threats across all connected desktop computer systems.
Internet Security Systems has given the state 25,000 licenses for one of its security software products. The software runs on individ-

ual PCs to protect against worms, Trojan horses and other security threats. It provides each PC with a personal firewall to block known threats and augments security software and appliances already running on agency networks. The use of personal firewalls is recommended by security experts in the federal government.
GTA began a pilot of the software with its own staff in September 2004. The software will be installed on as many as 8,000 PCs during FY 2005.
The software also includes an "intrusion prevention" component that constantly monitors the PC for activity the firewall may have missed. If the "application protection" component detects a program sent by a hacker, it shuts down the program and notifies network administrators.

Changing Demographics

According to the 2000 U.S. Census, there are 435,227 Hispanics in Georgia--about 5 percent of the population. This number, however, represents an increase of 300 percent since 1990. Seven of Georgia's counties are now more than 10 percent Latino, with Whitfield County topping the list at 22 percent. Atkinson, Hall and Echols counties have more than 15 percent Latino population. Every county in Georgia has a Latino presence.
The large number of Spanish-speaking people in Georgia may require more applications and content to be "localized" to handle both English and Spanish. Human translators work the best, but can be time-consuming and expensive. Software packages that translate content on the fly give mixed results. For example, using a popular translation service to translate from English to Spanish and then back to English, the phrase "You can check on the status of your child support check using the georgia.gov portal" became "You can verify in

the state of your check of the boy aid using the vestibule of georgia.gov."
Language translation is more than just translating the words. The translation must convey the correct tone, style, dialect and cultural norms.
With only 6 percent of its sites offering foreign language access, Georgia lags behind the national average of 13 percent. Texas leads the nation in foreign language access, with 55 percent.
However, most agencies are offering some content in Spanish, and others are doing even more. The Georgia Public Defender Standards Council offers forms for indigent cases in 19 different languages. The Department of Education's Web site has content in Spanish, French and German. The PeachCare for Kids site at www.peachcare.org offers an online application in both English and Spanish, and Spanishspeaking applicants can call a toll-free number and receive help with their application.

Standardization will help enable rapid response to new threats across all connected desktop computer systems.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 19

One of the difficulties in implementing a data warehouse in the public sector is making the business case for it.

Using a personal firewall supports Governor Perdue's Work Away Program since it will provide employees who use laptop and Tablet PCs with the same protection as desktop computers connected to a LAN or WAN.
Data Warehousing
Data warehousing is a difficult technology to sell because the benefits are less tangible than other technologies. However, large agencies with vast amounts of data that span several different business needs may benefit from implementing a data warehouse, enabling them to recognize emerging trends and develop policies to address those trends.
SearchDatabase.com defines a data warehouse as a central repository for important data collected by an enterprise's business systems. A company's business analysts review the data to identify trends and to support forecasting and planning efforts.
The term "business intelligence" is often used in the same sentence as data warehousing. It refers broadly to tools and activities involved in analyzing information in a data warehouse, then using the analysis to support business decisions.
A modern data warehouse has several components:
I Databases that support the daily operations of a business; these databases are frequently updated.

I A central database, often called the data warehouse, containing information taken from the various operational databases.
I A software tool that takes information from the operational databases and stores it in the central database.
I Software tools that business analysts use to evaluate the information in the central database.
Industry Trends
As in many other technology areas, vendors are consolidating data warehousing technologies. The reporting and business intelligence tools are converging and are being packaged as part of mainstream database management system offerings.
One of the difficulties in implementing a data warehouse in the public sector is making the business case for it. Data warehouses are not used to perform transactions with citizens and may not directly benefit them. However, they can give an agency deep

insight into policy decisions and better ways to deliver services.
Sometimes a business case is created by legislation. The No Child Left Behind Act (NCLB) requires states to implement accountability systems for all public schools that track annual testing for students in grades 3-8 as well as statewide progress objectives. In practice, many states are implementing a data warehouse to track all of the statistics required by NCLB.
The state of Florida has built just such a data warehouse, completing the project in May 2003. The state had several goals in mind when it built the warehouse. Existing systems did not support multi-year views of the data very well; NCLB required more sophisticated levels of analysis than the existing systems could provide. Also, the warehouse will allow the Florida Department of Education to look at performance across aggregated school districts and performance over time without resorting to surveys.

Georgia eGrants Initiative

GTA is seeking state and federal funding to use technology to streamline the largely manual process for managing federal and other grants. The Georgia eGrants initiative will help agencies identify, apply for and manage federal grants more easily and effectively.
The new application, which will reside on the state portal, will allow state and local agencies to enter grant applications and proposals online, search the federal grant data-

base, manage grant allocations and reallocations, maintain financial records and create reports. It will link to the federal Grants.gov Web site, the new online source for all federal grant opportunities. The federal government is requiring all of its agencies to post grant opportunities on Grants.gov.
If the state receives funding, local and state agencies will participate in a pilot, with full implementation expected in 2006.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 20

Georgia
The emerging technologies survey found a broad distribution across the spectrum between agencies that felt a data warehouse would have little impact on them, to a number of agencies who have already implemented them. The Georgia Department of Corrections' data warehouse serves as a repository for several data stores, including the offender data repository, case management system and PeopleSoft data. It is used as a research tool for Corrections decision support--the warehouse contains the offender data and some staff information. With the data stored in a separate database, policy people can perform complex statistical analysis without interfering with data entry and retrieval. This warehouse is also used by the Board of Pardons & Paroles.
In response to NCLB, the Georgia Department of Education is building a data warehouse with its Statewide Student Information System (SIS). Georgia K-12 public education data are collected several times annually on some 1.5 million students and 120,000 teachers, administrators and educational staff within 182 defined school districts. The student population is estimated to grow approximately 2 percent per year. When completed in late 2005, the SIS data warehouse will enable policymakers, state and school district leaders, and teachers to conduct in-depth analyses of student performance.

Document Imaging
As long as the desire for a paperless environment is strong, agencies will be interested in document imaging systems, which can store paper documents electronically and file them for quick access. However, agencies should first examine their business processes to determine if creating paper forms is really necessary.

documents and indexed for quick retrieval.
These same systems also have improved functionality, allowing employees to easily index and search documents, fax or e-mail them, and place them in a content management or document management system for further development. Security controls allow administrators to limit access to documents.

Industry Trends
In today's digital age, paper still prevails. According to a study by the consulting group Coopers & Lybrand, more than 4 trillion paper documents are in use in the United States, and the stack is growing 22 percent each year. Employees spend 5 to 15 percent of their time reading documents, but up to 50 percent of their time looking for them.
Document imaging is a way to convert the paper to a digital format. Documents can be scanned with a high-quality scanner and saved in a document management system, then filed and accessed online. Through optical character recognition (OCR), paper documents are converted to editable word-processing

Georgia
The Office of Secretary of State has published electronic document imaging systems guidelines to assure that any systems purchased meet legal and operational requirements. The guidelines encompass such components as planning, records retention, backup and storage, and technical specifications. The guidelines are available at the Secretary of State's Web site in the Archives section.
The Department of Community Health's Medicaid claims system features a remote mail operations facility in McRae, Ga. Each week, this facility accepts about 200,000 paper claims, inquiries and other correspondence from providers and scans each piece into a document

The Georgia Document Management Association

The Georgia Document Management Association (GDMA) is a professional organization that allows agencies to gather and share information and practices in document management and related technologies. In two years, the group has grown from eight to 250 members from state and local government.

Through the GDMA, agencies are finding ways to work together to solve document imaging issues. For example, the Employees' Retirement System and Department of Revenue are planning to work together to meet ERS' document imaging needs during Revenue's slow periods.

Documents can be scanned with a high-quality scanner and saved in a document management system, then filed and accessed online.

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 21

The system can analyze the audio, identify the main concepts by recognizing key words, and find an appropriate response.

management system the same day it is received. Claims are scanned using OCR technology and are imported into the claims processing system; inquiries are attached to tasks that customer service representatives must address and act on. At any time, employees can look up a provider's Medicaid number and see any documents that may be attached to the file. It is, in essence, an online filing system that takes the place of paper folders.
The Department of Revenue's document management system scans millions of tax forms and other documents each year and stores them into its imaging system. Forms are assigned a locator number for easy tracking.
Interactive Voice Response
State agencies can save money through the use of interactive voice response (IVR) systems. By directing more callers to an automated solution, they can lower the number of calls to a customer service representative, which is a more costly method. As the technology becomes more sophisticated, these systems will be able to intuitively discern a caller's needs through voice recognition.

Industry Trends
Interactive voice response (IVR) systems help businesses and governments because they are more cost effective than using customer service representatives. IVR systems are also available 24 hours a day, seven days a week, and information can be retrieved without having to wait for normal business hours.
Traditional IVR systems were limited in their capability. Everyone who has experienced the "press 1 if you know your account number" type of interface knows how frustrating it can be to accomplish a task using just a telephone's numeric keypad for input.
Voice recognition has made some great strides over the last few years, with technology overcoming previous problems such as recognizing dialect and filtering background noise. "IVR technology is at a point now where consumers almost cannot tell the difference between talking to a person and talking to a computer," says Richard Feinberg, director of Purdue University's Center for Customer-Driven Quality.
This technology allows callers to use their natural speech to state a request to an IVR, making the system more friendly to customers. The system can analyze the audio, identify the main concepts by recognizing key words, and find an appropriate response. For instance, a caller may tell a bank's IVR, "I want to know my checking balance," and another may ask, "What's my balance in my checking account?" By parsing the key words "checking" and "balance," the system can determine that both callers need their account balance.

New IVR platforms are converging on VoiceXML, a standard for creating IVR applications. VoiceXML allows for a measure of reusability of voice applications, and promises faster development and easier integration with back office systems.
Georgia
State agencies are beginning to use speech recognition services in IVR systems. The Office of Secretary of State uses a related technology--text-to-speech. The office originally purchased the IVR software because of a federal mandate requiring citizens to be able to call and leave complaints about voting violations. The software also contained a text-tospeech component that allows the IVR to speak information from stored data. The office is using it to give polling place information to citizens who do not have access to the online version of the poll locator.
The state portal, georgia.gov, has an IVR component that uses voice recognition. Callers using the Department of Motor Vehicle Safety's driver's license renewal application can give information such as their registrant identification number by saying the numbers instead of using the touch-tone phone. They can also navigate through the menus using one-word commands such as "Renew," "Status" or "Repeat."

Software l Application Development l Security l Data Warehousing l Document Imaging l Interactive Voice Response 22

Infrastructure

Hardware Networks E-mail Telephony/
Communications
Security

An IT infrastructure is similar to the infrastructure for a city. Many different components make up a city's infrastructure--roads, water and sewage systems, electricity and telephone lines. People rarely notice these components. They are there when we need them, providing basic service to citizens 24 hours a day.
The IT infrastructure consists of the nuts and bolts of a network--routers and hubs, wires, operating systems and computers. Many of us do not see these components when we log onto a network or check our e-mail, but they are there, providing the support needed for everyday network access. This infrastructure must be robust and reliable, working behind the scenes to enable us to be productive. It must also be secure, protecting data from intrusions and malicious code such as viruses.
Developing a unified IT infrastructure is difficult because each state agency does things differently. The state's computing environment is a complex mix of legacy, customized, third party, and standardized components and code. Many components are duplicated due to a lack of coordinated planning. An enterprise approach to the state's IT infrastructure can present opportunities to reduce redundant components, increase efficiency and make the infrastructure more secure. Developing an enterprise architecture will help us take advantage of these opportunities. (See enterprise architecture section, pp. 68.)

An enterprise approach to the state's IT infrastructure can present opportunities to reduce redundant components, increase efficiency and make the infrastructure more secure.

Hardware
With limited IT budgets, state agencies wanting to purchase or upgrade hardware must weigh the risks of moving too quickly against missing out on the benefits of new technology. Agencies should continue to focus on small pilot projects as a testing ground for these new technologies.
Industry Trends
Desktop personal computers are beginning to take on a different look. The larger, bulkier displays on desktop systems are giving way to flat panel monitors, which already comprise 40 percent of the monitors currently shipping. Flat panel monitors take up significantly less desktop space and may lower energy bills because they emit less heat. They are also more environmentally friendly. These monitors do not have a cathode ray tube, which contains poisonous metals and chemicals that can

Famous last words...
Predicting hardware changes can be difficult. In 1977, Ken Olson, president of Digital Equipment Corporation, said, "There is no reason anyone would want a computer in their home." In 1988, Microsoft CEO Bill Gates predicted by 1990, 75-80 percent of IBM compatible computers would be sold with OS/2, IBM's proprietary operating system. By 1998, OS/2's market share among desktop PCs was at .5 percent.
Other famous predictions:
I "The Macintosh uses an experimental pointing device called a `mouse.' There is no evidence that people want to use these things."--John C. Dvorak, San Francisco Examiner, Feb. 1984
I "Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes and weighs 30 tons, computers in the future may have only 1,000 vacuum tubes and perhaps weigh 1.5 tons."--Popular Mechanics, 1949
I "I think there is a world market for maybe five computers." --IBM chairman Thomas Watson, 1943

leak into the environment if broken. As their price drops even further, they will continue to grow in popularity.
Media storage is already changing. Floppy drives are becoming obso-

lete, and some PCs are no longer shipping with them. CDs, portable USB flash drives and the network are becoming the preferred methods of storing and transferring files. Parallel ports and serial ports will soon become an option

Hardware l Networks l E-mail l Telephony/Communications l Security 23

State agencies have limited IT budgets and must weigh the risks of moving too quickly with missing out on the benefits of new technology.

rather than a standard feature and are already being replaced by faster standards such as USB and FireWire. Bluetooth, a standard for short-range wireless communication technology, will eventually replace most cables and wires that connect peripherals to a PC.
Laptop devices will continue to grow in popularity, especially if the price continues to drop. These computers could eventually replace desktop systems and give employees the option of taking their computer with them, eliminating several barriers to teleworking. The advent of wireless networks means that employees can work from almost anywhere.

Several classes of new devices for mobile end-users are emerging to compete with laptop PCs. Smart phones, for example, combine desktop functions such as e-mail and Web access with a cell phone. The interface is not as rich in features as a laptop, and data entry can be tedious, but users gain mobility.
Tablet PCs, which use a stylus for data input, can be useful for field workers, who in the past have used a clipboard to write notes and then transcribe data later. Some styles of Tablets have a keyboard integrated into them, so the device can also be used like a conventional laptop.

Thin is in

A "thin client" refers to a network architecture for end users in which the storage and some or most of the computation resides on a remote server. Instead of having a full-featured PC on their desk, users run special software on a PC or use a stripped-down computer with little or no local storage and less computing power.
The ultimate thin client is a web browser, because everything--functionality, data, computations--resides on the server. However, specialized software allows almost any application to be delivered as a thin client. A thin client approach is a particularly attractive choice for supporting mobile users and telecommuters.
The advantages of thin clients are primarily in management. Network administrators do not have to visit a user's desk to fix a problem or upgrade software. And since the data lives on a secure server in a

data center, thin clients have better security. The downside of a thin client approach is the reliance on a network. If connectivity is unavailable, the user is down.
The direct costs of a thin client approach usually turn out to be about the same as desktops, since IT administrators still have to buy hardware and software licenses. However, there are savings in indirect costs, resulting from more productivity and a smaller staff needed to support end users.
Usage of thin client continues to grow every year, and as network connectivity and bandwidth improve, thin client approaches become more viable. Most companies are opting for a hybrid approach. According to Gartner, about 85 percent of all thin client approaches use a full-featured PC instead of a specialized terminal.

Georgia
Desktop alternatives. The state is quickly realizing the benefits of mobile technology. No longer technologies for the elite, cell phones and personal digital assistants (PDAs) are becoming less expensive and more prevalent. According to a survey conducted by GTA, 14 agencies have deployed wireless-enabled pocket PCs or Blackberries already, and seven agencies are planning a deployment or a trial with the devices.
Handheld devices are becoming useful in state government mainly because of their ease of integration with e-mail. However, agencies are finding it difficult to use other features. For example, the Department of Juvenile Justice experimented with pocket PCs that interacted with their Juvenile Tracking System (JTS). But too much data had to be entered on the small device, and their pilot did not indicate a good adoption rate if they deployed more devices.
Tablet PCs are also finding a niche among agencies with mobile workers. Nineteen agencies are either planning a pilot, planning to deploy, or have already deployed Tablets. The Department of Human Resources has purchased Tablet PCs for its child protective services caseworkers. The new devices are helping workers collect information during home visits and investigations and improve the quality of data, since they do not have to be transcribed. Caseworkers can also make better use of time spent waiting in court.
The market is continuously changing, and what may be the

Hardware l Networks l E-mail l Telephony/Communications l Security 24

latest fad today could be outdated, useless technologSytrinataegfeicw years. State agencies havBeulsimineitsesd IT budgets and must wePiglahntnhineg risks of moving too quickly with missing out on the benefits of new technology. But when a change in hardware becomes accepted within the industry, prices tend to fall; for instance, the price of a DVD player fell from $700 in 1997 to less than $200 in 2001. Prices now hover around $50 for an entry-level model.
Shifts in technology can benefit agencies with legacy equipment as well. With the industry moving toward flat-panel monitors, the larger CRT monitors are dropping significantly in price, enabling agencies to save money on equipment.
Agencies will continue to focus on small pilot projects as a testing ground for these new technologies. For example, Tablet PCs may displace conventional notebooks in a few years. Currently, application support for the Tablets' handwriting recognition features is limited, and prices must be lowered before we see widespread use in government.

GTA is also planning to move to a Previous technologies did not

new data center facility to house

allow for the idea of different

menoaEPrbnoeltretethfraoapglnrieiosn3eMc5iA0earsancptahogpitleseihmccaateurtneiroetsn/osftawnIaaTdnrSdetaPnodliacyrptdhrsieorditaPMiteraaos njtferoaacgrtvetehmleeeddnoatntaa--Poirnnoece-uslarseenmneceen,t

and infrastructure.

road. With Voice over Internet

Protocol (VoIP) and IP-based video-

The state portal will continue to

conferencing, the data needs to

offer a shared content manage- Securibtye handled in real time (see the

ment system and application

discussion later on VoIP).

hosting while allowing agencies to

keep control of their content.

One of the benefits of an MPLS-

To reduce application develop-

based network is the ability to "tag" different packets of data

Low Strategic High

EmeargnidngInTdeucshtrnyoTloregniedss

ment costs, agencies will share

with priority levels. The other

online solutions to common business processes.

IT benefit of an MPLS-based network Managemis ethnet concept of label switching.

Previous technology had to inspect

Industry Trends

Applicateiaocnhs data packet to decide how to

forward it on, similar to having a

Wide area networks. Multi-pro- traffic cop at each intersection

tocol label switching (MPLS) andInfrastruscttoupreping individual cars and

virtual private networks (VPN)

asking where they were going

describe the technology increas-

before waving them through.

ingly used by telecommunication

With MPLS, we do the equivalent

carriers to deliver wide area

of putting a destination sign on

network services to customers.

the side of the car.

Operations
Agencies will continue to focus on small pilot projects as a testing ground for these new technologies.

Using cars and roads as an analogy for networks, the underlying transport method (for instance, Frame Relay or TCP/IP) is like a road. Cars are the data being exchanged.

What these features add up to is much greater control over network prioritization for the carriers, which translates into a much higher quality of service for the customers.

Wide Area Network Comparison

E-mail

VoIP

Video

Web

To Athens

Networks
GTA is planning several major improvements in the state's network and computer operations infrastructure to make them as robust, reliable and secure as an infrastructure should be. Multiprotocol label switching (MPLS) promises greater reliability and speed along the state's wide area network, allowing users to transmit voice, data and video together over a single network.

Current Wide Area Network

Web

E-mail

VoIP

Athens

Athens

Atlanta

Macon

Macon

Wide Area Network with MPLS

Macon

To Atlanta To Macon Video
Atlanta Macon

Hardware l Networks l E-mail l Telephony/Communications l Security 25

Both businesses and government are realizing the benefits of consolidating server infrastructure.

Virtual private networks. Virtual private networks, or VPNs, allow computers to send private network traffic over the Internet. VPNs can securely link multiple sites (Local Area Networks) into a "virtual" network as well as link a single user securely into a network. In the case of the single user, the PC will appear to be inside the network, even if the network traffic has to traverse the public Internet to do so.
VPNs are popular for organizations as a cost effective way to link multiple sites together into a wide area network (WAN). Organizations also use VPN technology to link employees off-site, whether traveling on business or telecommuting.
A typical approach to VPN has been a protocol called IPSec (for Internet Protocol Security). IPSec is used both to link two networks together and to link an individual to a network. To use IPSec, users have to install a special client application on their computer. This adds a degree of complexity for the network administrators who maintain the user's desktop.
A new approach to VPN for individual users is called secure socket layer (SSL) VPN. Instead of using a special client, an SSL VPN can take advantage of technology that is already built into Web browsers for creating secure e-commerce transactions. The big advantage of SSL VPN is that users do not need to have special software installed on their desktop.
Server infrastructure. Over the last few years, modern data centers are including more and more servers based on Intel (or Intel-compatible) central processing units due to the increased

performance of Intel CPUs. In addition, the Microsoft Windows server operating systems have become more capable of handling networks at the enterprise level, and Linux has become a serious alternative to UNIX.
While larger UNIX servers and mainframes can be partitioned for different workloads, the price/ performance usually is not as impressive. The hardware in these larger computers is usually much more robust, with many failover features. Data center architects are working around limitations in Intel-based servers by building massive parallel systems. The systems are load balanced to keep a server failure from affecting the

overall performance of the system; the load balancers "ignore" the failed server and only route requests to the other servers in the complex.
Both businesses and government are realizing the benefits of consolidating server infrastructure. In its report on reforming state government, the California Performance Review recommended consolidation of its six data centers. Estimates of savings range from $1.25 million to $3.75 million. It also stated that agencies can take advantage of the less expensive storage at a main data center, as well as its backup and recovery facilities, by moving their servers to a common location.

NAVIGATOR

NAVIGATOR is Georgia's intelligent transportation management system. It integrates technology, information processing and communication.
The Georgia Department of Transportation operates NAVIGATOR's transportation management center 24 hours a day, 365 days a year, monitoring more than 300 miles of roadways and collecting realtime information from some 1,500 cameras along the interstates. Staff then notify law enforcement to respond to the incident, or dispatch Highway Emergency Response Operators (HEROs), special

vehicles designed to help stranded motorists and get traffic moving quickly. Messages about incidents and travel times are displayed on 85 changeable message signs on the interstates.
Travelers can check road status online at the NAVIGATOR Web site (www.georgia navigator.com), by phone and through the changeable message signs to decide on travel routes. The system has improved safety, reduced commute times, eased congestion and saved time and money.

Hardware l Networks l E-mail l Telephony/Communications l Security 26

Portals and Intranets. Products that support portals and intranets have consolidated more functionality and enhanced the value of intranets. Intranets and company Web sites have become much more than one-way communications vehicles. For example, intranets have evolved into virtual workspaces for employees, who can find many of their daily business processes enabled online. Such functions as human resources/payroll history, knowledge and document management, Web conferencing and database access are available on intranets.
This trend toward more interactive, dynamic intranet applications has also increased employee participation and, ultimately, productivity as well. Cisco found that 98 percent of its employees used their intranet regularly. Ford cites online information sharing as one of the reasons it was able to reduce the time to get new models into production from 36 months to 24 months.
Such a trend usually starts from the ground up. Individual units and divisions, seeking online solutions to their everyday work, have become innovative developers of intranet applications. As a result, the number of intranets in companies has exploded. When HewlettPackard merged with Compaq in 2002, the company had to consolidate more than 2,000 intranet sites across both businesses.
Vendors who make the products used to support portals and intranets are adding more and more functionality into their product sets. The functionality of portal products, content management systems, and collaboration tools is melding together. Gartner calls these products "smart enterprise

suites." Typical functionality found in a smart enterprise suite includes: content management, document management, search engine, some level of integration with e-mail, calendars and contacts, workflow, and reporting.
The tools are making it easier for IT organizations to provide portalbased support for both structured and unstructured work processes, through one primary product or at least one primary vendor.
Georgia
State data networks. The state's network infrastructure consists of several independent wide area networks:
I The state wide area network (WAN) is composed of leased lines and Frame Relay circuits. GTA owns and manages most of the routers on the WAN and provides about 1,800 different sites with network access. GTA's Network Operations Center (NOC) monitors the network 24 hours a day, seven days a week.
I PeachNet, the communications network of the University System of Georgia. Where the state WAN consists of leased lines, the Board of Regents owns most of the infrastructure for PeachNet, including fiber for connectivity. PeachNet serves more than 50 colleges and universities, administrative offices and several private colleges and state agencies. PeachNet furnishes one connection for each site, and the site is responsible for expanding its connection.
I Department of Education's K-12 Network. The Department of Education operates a WAN for the 180 school districts and more than 2,000

public schools in the state. Because the funding for the network comes from a federal program called E-Rate, the network operates independently of the state network. Through E-Rate, schools and libraries receive a substantial discount on Internet access and telecommunication services. The discounts range from 20 percent to 90 percent.
I E-Rate has made it possible for all of Georgia's 180 school districts to have Internet access. The needs of the schools are continuously assessed, and improvements to the network are implemented as needed.
I The Lottery Network. The Georgia Lottery Corporation provides a private network for more than 7,000 sites in the state that run lottery terminals. The Georgia Lottery contracts with GTECH Corporation for the operation of this network. Most users connect to the network by satellite. Because of the very high security requirements, the only traffic running on this network is lottery related.
GTA is preparing to update the state's WAN by replacing the existing Frame Relay technology with multi-protocol label switching (MPLS). MPLS offers many advantages over Frame Relay, including greater reliability and speed. See page 25 for a description of MPLS technology.
With the existing network, almost all data transmissions are routed through a central hub in Atlanta regardless of their origination and termination points. With the conversion to MPLS, GTA can replace the central hub-and-spoke model

Intranets have evolved into virtual workspaces for employees, who can find many of their daily business processes enabled online.

Hardware l Networks l E-mail l Telephony/Communications l Security 27

Environment
UNIX
Windows IBM
Unisys

State Data Center Environments

Contents

Applications Supported

130 Sun servers

State portal & legacy Web applications; PeopleSoft; Georgia Immunization Registry; Administrative Office of the Courts' Case Plan Reporting System

2 Unisys ES7000 mainframes; Dell 2650 servers

Office of Child Support Enforcement constituent services

2 IBM Z-series mainframes

Driver's license issuance and renewal, voter registration, tax systems, Family and Children Services and child support applications

2 Unisys ClearPath mainframes

Criminal history database

With a new data center facility, the state can further enhance agencies' ability to share infrastructure and services.

with a meshed network and send data from point to point-- resulting in quicker transmission of information.
MPLS will make it easier to reroute data transmissions around bottlenecks and broken links. Service level agreements at last-mile points on the network will produce quicker resolutions of local problems.
VPN. GTA is piloting VPN based on MPLS with the Georgia Bureau of Investigation. These pilots involve both IPSec and SSL approaches (see p. 26) to determine which best meets the GBI's needs and the needs of the smaller local law enforcement agencies. Both approaches encrypt all information from the users' desktops to the Criminal Justice Information System. Further pilots will test more advanced encryption using two-factor authentication. About 10,000 initial users will have access to the system through VPN.
State Data Center. The state has been operating a large-scale data center facility for more than 30 years. It hosts more than 350 state and federal applications, encompassing more than 30

terabytes of data. The data center is located in downtown Atlanta, with disaster recovery facilities in three different states.
The primary hosted environments in the data center are UNIX (Sun Solaris), IBM OS/390, Microsoft Windows, and Unisys ClearPath. Each of these environments is designed to meet state and federal security and privacy requirements. GTA recently upgraded the IBM environment to a 64-bit version, which should offer better performance and take advantage of the current hardware installed. (See chart above).
Databases contain most of the information stored in the data center. Several relational databases are used, including DB2, SQL Server, and Oracle.
GTA was preparing to acquire a new data center facility in 2004 after more than a year of careful study. The move will make it possible to stabilize operations in a modern, more secure environment, and the state's data center operations will approach a Tier III classification when measured against standards established by The Uptime Institute. Planning

for the relocation began in mid2004, and the new facility will be customized to meet the state's particular needs.
The Commission for a New Georgia, formed by Governor Perdue to improve state government, has emphasized saving money through simplifying and consolidating the government's functions and infrastructure. With a new data center facility, the state can further enhance agencies' ability to share infrastructure and services. For example, agencies currently operate about 3,000 production servers of their own. By choosing to locate their servers in the new data center facility, agencies would be assured of greater physical security, data protection and backup, and 24-hour monitoring to maximize system availability. The integration and co-location of servers in a single facility would lower the overall cost to agencies of operating servers while enabling them to retain complete control of their applications.
GTA is also urging agencies to consider shared infrastructure and services as they retire legacy systems. The state data center's

Hardware l Networks l E-mail l Telephony/Communications l Security 28

Advanced Windows Environment (AWE) is an example of the resources available to agencies. The AWE offers 40 CPUs worth of Windows server capacity, and it currently hosts the Office of Child Support Enforcement's constituent services portal. It will also host GTA's enterprise project-management application, a Web-based learning management system and DHR's child support application.
The state is implementing major upgrades to its PeopleSoft Human Resources Management and Financial systems, perhaps the state's most widely used shared services. Both new systems will be accessed through a secure Web site instead of the existing Windows-based applications. As a result, agencies will avoid expenditures for new computers, and demand for technical support will decrease since executable files will no longer be stored on the computers of systems users.
Portal and legacy Web sites. GTA manages older Web applications and the newer enterprise portal, www.georgia.gov. The legacy Web environment primarily resides on Sun Solaris-based servers with Apache and Netscape Enterprise Server and some connections to Microsoft IIS servers for access to SQL server-hosted data. About 150 agency Web sites and applications operate on the legacy servers.
The portal is based on Sun Solaris servers running Sun ONE platform (a collection of middleware products), Vignette, Google search, webMethods and Oracle

as the primary functional components. The portal features an interactive voice response for constituents who call by telephone. Agencies using the portal also have access to the Vignette content management system, which allows them to manage and deploy content without knowledge of HTML. The state portal offers integration with a payment engine that enables agencies to accept credit cards for payments online.
The state portal provides content management and application hosting to several state agencies, including the Department of Human Resources, Department of Motor Vehicle Safety and Office of the Lieutenant Governor. It also provides links to all local governments in Georgia.
State agencies not on the portal have their content or application hosted either by GTA in a legacy environment, in-house or through third-party solutions.
Agencies are making more content available to constituents; as a result, the older methods of deploying content--hard-coding pages with HTML--has become too time-consuming. Content management applications allow responsibility for content to become decentralized. Multiple content owners can contribute to the Web site. Whether through the portal's content management system or through an open source or third-party solution, agencies will find this automated way of

deploying content to be quicker and more efficient.
Intranets. An informal survey of state agencies showed that about 60 percent had some kind of employee intranet. These range in complexity from simple one-way communications vehicles to fullfledged online applications. For example, the Department of Administrative Services' intranet hosts several important applications such as inventory tracking, pay history and W2 forms, and an employee directory.
The Department of Corrections has integrated its workflow into an intranet. All GDC sites are connected to SCRIBE, which provides among other features an automated case management system. The system has enabled employees to access information on a case quickly without having to find the officer in charge of the case.
Agencies are developing online solutions to common business processes. However, there may be some duplication of effort if each agency is developing different solutions for the same processes. One possibility is to identify common business functions-- submitting leave slips, for example--and develop a single application to eliminate duplication and make this capability available for everyone, reducing development costs. The enterprise architecture program will identify other examples where sharing solutions could save money.

The state portal offers integration with a payment engine that enables agencies to accept credit cards for payments online.

Hardware l Networks l E-mail l Telephony/Communications l Security 29

A state employee e-mail unified address book will allow state employees to access a single electronic address book regardless of agency or e-mail system.

E-mail
The prevalence of spam and viruses makes e-mail management more vital than ever. Several states have begun consolidating their e-mail services to better manage the networks and reduce costs. State government can move gradually toward a statewide hosted e-mail system with a unified e-mail address book, which would lay the foundation for securely managing user identities, authentication and access.
Industry Trends
E-mail is replacing the telephone as the primary means of communication. E-mail applications are developing more collaborative tools such as scheduling, instant messaging and synchronization with mobile devices. But e-mail's usefulness is becoming compromised by the proliferation of spam and e-mail borne viruses. IT directors are spending more of their time combating these threats-- trying to prevent them from infiltrating their network and ensuring continuity if the network is compromised.
Anti-spam and anti-virus software companies are beginning to join forces, offering more integrated protection solutions. And other companies are offering e-mail continuity services in which e-mail messages are mirrored on a redundant server in real time. If the e-mail servers go down, the mirrored server can step in and continue to handle messaging. The end user should experience little or no interruption in service.

Some states are beginning to consolidate e-mail servers to a central location to better manage the network. With the growth of e-mail, the number of servers and personnel to manage agency e-mail systems has grown as well. The state of California has recommended consolidating its state e-mail systems, citing difficulty managing patches and administrative costs as the main reasons.
The state of Ohio is moving toward a consolidated e-mail system. It estimates that it can reduce the number of servers statewide from 460 to 20, reduce the number of administrators from 44 to 20, and lower the annual cost from $11 million to $2.1 million.
Other states either implementing or considering consolidated e-mail services include Utah, Indiana and Louisiana.
California also mentioned several possible implementation risks. These include different retention policies across agencies, different remote access methods and policy, different mailbox sizes, and the temporary interruption of e-mail services due to migration.
Georgia
Like California, Georgia state agencies all developed their networks and e-mail systems separately; as a result, no one standard emerged. The state's e-mail users are divided evenly between Microsoft Outlook and Novell GroupWise. (Most agencies use Outlook, but the largest agencies--Human Resources, Corrections--use GroupWise).

Consolidating e-mail into one area and platform has its advantages; however, agencies have a great deal of resources invested in their e-mail systems, and sharing services in this area must be approached carefully and deliberately. Agencies can now voluntarily work with GTA to house their servers in the state data center to take advantage of 24/7 monitoring and lower administration costs.
A state employee e-mail unified address book will allow state employees to access a single electronic address book regardless of agency or e-mail system. GTA will create a metadirectory of addresses by connecting agencies' e-mail systems. The metadirectory will give state employees access to e-mail addresses in all agencies. GTA will use existing infrastructure, so agency expenditures will be minimal. Implementation began at the end of 2004.
The e-mail address book will lay the foundation for securely managing user identities, authentication and access. It will support teleworking by helping to ensure secure remote access to state networks. It is also an initial step toward a single, statewide e-mail system that will foster increased employee collaboration and productivity.

Hardware l Networks l E-mail l Telephony/Communications l Security 30

Telephony/Communications
Telephony is undergoing a revolution; services such as wireless access and Voice over IP (VoIP) can lower data and voice transmission costs significantly. Improvements in the state network can make these new technologies practical to deploy.
Industry Trends
VoIP. The Internet has improved communications dramatically through e-mail, instant messaging and even videoconferencing. But an emerging technology called Voice over Internet Protocol (VoIP) has the capability of revolutionizing the telephone industry and saving taxpayers money.
VoIP is a technology for transmitting a telephone call over a data network using the Internet protocol--the same technology commonly in use for sending e-mail and using the Web. VoIP offers several benefits:
I An organization adopting VoIP can use data network infrastructure already in place and effect cost savings.
I VoIP does a better job of using network resources because of the packet switching approach --more traffic can be loaded on a given network connection.
I It is currently unregulated in the United States, meaning users are not subject to any special tariffs or surcharges.
The drawback of using VoIP is that the user must have a very highquality data network. The Internet protocol was originally designed to be a robust way to deliver information across a network, and is very forgiving in dealing with delays and even loss of data

packets. This works fine for traffic such as e-mail that does not travel in real time; delays of minutes or even hours are acceptable. However, voice traffic needs a higher degree of reliability-- anyone who has made a long distance call to another country and has experienced a delay between saying a word and the other person hearing it knows how frustrating this is. Consequently, VoIP technology has been waiting for the network quality to catch up enough to make it viable.
VoIP technology is just now making its way to consumers. The early adopters of VoIP have been carriers using the technology to route voice traffic on their network backbones. An estimated 11 percent of all long distance traffic is routed across an IP network at some point, and that number is expected to climb to 50 percent by 2007. Moving the traffic on and off of an IP network is done in the back office; callers do not need any special knowledge or equipment.
Wireless technology. 3G, an acronym for "third generation" wireless technology, is already available for cell phone customers in parts of Europe and Asia. It greatly increases wireless bandwidth over the current generation of technology. The challenge for U.S. carriers is the cost of implementing the new infrastructure for 3G. Carriers are just starting to announce 3G service, but the rollout could take years.
While 3G is geared toward transmitting voice and data for the mobile user in a large area, Wi-Fi, or Wireless Fidelity, is unlicensed and very limited in range. A new standard, WiMax, aims to provide network access to homes, small businesses and commercial build-

ings. WiMax can economically serve up to 60 customers with T1 speed connections (a T1 is the equivalent of 24 telephone lines).
Another approach to creating pervasive wireless access to networks is to build Wi-Fi "clouds" by deploying wireless access points close enough together that they overlap. Downtown Athens, Ga., has a wireless cloud that covers about 24 blocks. The challenge with the cloud approach is that it has a short range. As a result, many physical access points must be installed in just the right places.
Videoconferencing. In the past, videoconferencing was thought to be the solution to communicating face-to-face over long distances. Some businesses have had success implementing this technology, and the state's Georgia Statewide Academic and Medical System (GSAMS) network has brought telemedicine and distance learning to all areas of the state. The videoconferencing market is continuing to grow as businesses look for less costly alternatives to travel. But the technology remains expensive, requiring specialized video equipment and a dedicated line.
Businesses are beginning to turn more toward videoconferencing over the Internet using a small video camera and a desktop PC. Although this technology has been available for several years, until recently, bandwidth limitations have rendered it unappealing and difficult to use. Quality is improving; the codecs that convert signals into data can compress signals more efficiently and effectively, allowing a higher quality of video over the Internet. However, without a dedicated line, organizations still face traffic bottlenecks over the Internet, which can result in delays, lost data and interrupted video signals.

VoIP technology has been waiting for the network quality to catch up enough to make it viable.

Hardware l Networks l E-mail l Telephony/Communications l Security 31

Once issues such as compatibility and security are worked out, the state could make a coordinated move to a VoIP solution.

Georgia
Telephony and VoIP. The state operates about 250,000 telephone lines, composed of Centrex lines (Central Office Exchange), PBX lines (Private Branch Exchange) and business lines. Centrex lines are leased from BellSouth and feature such services as call forwarding and four-digit dialing. More than half of the lines operated by the state are Centrex, and GTA has been working to consolidate its buying power in this area to achieve lower rates.
PBX and business lines are more expensive to operate; PBX lines, which are used for more advanced telephone environments such as call centers, can cost between $100,000 and $1 million to buy the special equipment and maintain the system. Business lines are two to three times more expensive than Centrex because there is no volume discount.

VoIP will become increasingly viable as an alternative to phone service provided solely by a local provider. The state could save money on calls within state government if we transition to a VoIP solution. Early adopters of VoIP are reducing telephony costs by converging their voice and data networks; by running a single network, they can make more efficient use of their infrastructure. Also, savings can be realized by toll bypass--internal calls that stay on an organization's data network do not incur any costs with local telephone companies.
However, implementing a complete handset-to-handset VoIP solution may be costly due to replacing large numbers of telephone handsets. The state needs to develop an orderly and gradual migration plan to allow agencies to implement VoIP in a practical, affordable way. Too many early adopters making the switch will lower the number of

Centrex lines, thereby raising rates for all state agencies that remain on the Centrex system. When MPLS is fully implemented, the state will have the infrastructure necessary to utilize this technology. Several state agencies are beginning to conduct trials with VoIP. Once issues such as compatibility and security are worked out, the state could make a coordinated move to a VoIP solution.
Reliable 911 emergency communications service availability is an important feature that must be considered in planning for VoIP. E911 service for VoIP is a developing technology. VoIP subscribers expect the same E911 service that today's wireline service offers, including priority routing and location information. Although today's E911 services on VoIP require special procedures to approximate service available to wireline customers, new technology is arriving that should lead to true E911 service.

Wi-Fi, WiMax and Wireless A primer on wireless technology

Wi-Fi--Wireless Fidelity, or wireless networking using the 802.11 protocol. It is unlicensed and consequently is very limited in range (to prevent interference with other devices)--about 25 to 100 meters. It uses the same frequency as many cordless phones.
1G, 2G, 3G--acronyms that refer to the number of generations of wireless technology. The first generation (1G) was analog cellular technology and was prevalent during the 1980s. 2G technology, the current digital cellular infrastructure, offers encryption, high-bit rate voice and limited data communications. 3G refers to a wireless communications initiative to provide high-bandwidth wireless services to consumers. The technology used by smart phones over the current 2G networks is sometimes called "2.5G" and runs about two to three times faster than 2G.

802.11b--The most common of the three wireless networking specifications in the Wi-Fi protocol. 802.11b uses the 2.4 GHz band and runs at top speeds of 11 Mbps.
802.11g--The newest of the three Wi-Fi specifications. 802.11g is backward compatible with 802.11b. It also uses the 2.4 GHz band, and runs at top speeds of 54 Mbps.
Hot spot--a place where a computer user can access a wireless network.
WiMax--Another name for 802.16 technology, which aims to provide network access to homes, small businesses and commercial buildings. WiMax can serve up to 60 customers with T1 speed connections (a T1 is the equivalent of 24 telephone lines).

Hardware l Networks l E-mail l Telephony/Communications l Security 32

Wireless: different standards, different uses. Equipping state agencies with wireless technology could offer several benefits:
I Telecommuters do not have to be tied down to an office--they can be "wired" to the office and still be in a remote workplace.
I Students can use laptops to retrieve information without having each classroom hardwired.
I Inspectors can enter data directly at a site and upload them to a server while using mobile printers to print certificates and other paperwork for the customer. This can streamline inspections of restaurants, food processing plants and day care centers. It can also eliminate the need for additional data entry or paper filing.
I Law enforcement officials could use wireless devices to perform instant tag checks and criminal records queries from GCIC using PDA-type devices.
I Transportation HERO units can access traffic incident data from NAVIGATOR on mobile devices, including camera feeds. They can use GPS devices to locate accidents more quickly.
Finding one true standard for wireless is like finding the right tool for the job; there is no single answer. Instead, agencies must examine their business needs and find what type of connectivity is most suitable:
I Many agencies have deployed some type of Wi-Fi technology, but security is a concern. Wi-Fi is ideal for intermittent Internet access such as syncing a remote database with data on a local device. However, as mentioned above, since Wi-Fi has such a

short range, employees must know where these hotspots are deployed and travel to them to gain access.
I Houston County, Ga., recently received international attention for its successful test of WiMax technology to provide wireless broadband across the entire county. According to Government Technology magazine, signals with a bandwidth of 6 Mbps were received from a distance of more than 12 miles, roughly the equivalent of four or five T1 connections.
I Mobile workers will benefit from new 3G wireless technology, which will enable field staff to have constant access to the Internet. 3G is geared more toward users with cell phones. State agencies needing wireless networking capabilities must look toward a more robust solution such as WiMax.
The state must determine how it can leverage these technologies to better deliver services. One possibility is to make "last mile" services available through partnerships between the state and local governments. The state would act as a wholesaler to the county, providing high-bandwidth connectivity to the edge of the county network. The economic development benefits of universal access to broadband may lie in the ability to attract new businesses, especially those with knowledge workers, as well as the ability to support both mobile workers and teleworkers.
Videoconferencing. The Georgia Statewide Academic and Medical System (GSAMS) videoconferencing network establishes two-way, interactive commu-

nications over leased T-1 lines throughout the state. This allows for videoconferencing between educational institutions, medical facilities, youth development centers, and other public and private organizations within Georgia.
Through advanced telecommunications technology, people in up to eight locations can see and speak with each other regardless of geographic distance. In April 2004, some 1,042 conferences were held, involving 2,342 sites.
The Department of Juvenile Justice uses videoconferencing in several counties for pre-adjudication hearings for youthful offenders. The videoconferencing not only saves the local law enforcement the cost of transporting the youthful offender to the judge, but it also speeds up the hearing process to allow faster disposition of cases.
The Georgia Department of Corrections operates 12 telemedicine sites, with two serving as the hub locations at Augusta State Medical Prison. The agency uses telemedicine to deliver specialty consultative care to inmates. Using this technology limits or eliminates the need to transport offenders to the department's medical facility in Augusta. More than 1,300 consultations were performed during FY 2003. Eventually, the department hopes to have one out of every four consultations done via telemedicine, which would save $4 million in transport costs.
Corrections is deploying new equipment to all telemedicine sites. The new equipment has allowed the department to reduce its bandwidth costs by $1,600 per

Finding one true standard for wireless is like finding the right tool for the job; there is no single answer.

Hardware l Networks l E-mail l Telephony/Communications l Security 33

As workers become more mobile, IT departments have to address the conflicting requirements of increased access and increased security.

site per month, while delivering a higher quality video image.
GSAMS will migrate to the state's wide area network as part of the network's upgrade to MPLS technology. The change will eventually result in the transmission of videoconferencing, voice and data over the same network. MPLS will give network administrators the ability to assign a higher priority to certain transmissions, such as GSAMS videoconferences, over other transmissions. In addition, MPLS is expected to make desktop videoconferencing an increasingly viable option for state agencies.
Security
Many of the new developments in security are occurring at the infrastructure level instead of the application level. Privacy legislation and more staff working in the field mandate stricter security policies and procedures. Fortunately, agencies have new technologies available to authenticate users: digital signatures and two-factor authentication such as physical tokens or biometrics.
Industry Trends
Today, a wide variety of sophisticated threats to information security operate at the infrastructure layer. Worms can grab open ports on a personal computer. Hackers can read traffic from wireless users. A number of instant messaging worms in circulation secretly install malicious code that can steal personal information.
In response to these threats, many of the new developments in security are occurring at the infra-

structure level. There are several reasons for this trend:
I By loading as much of the required security into a common layer, IT departments decrease complexity and duplication, resulting in lower costs. Protection can be built into the basic capability of a network or server, so that all the programs and middleware that operate on the server benefit from the protection.
I Mobile devices such as notebook computers, PDAs and Tablet computers can retain sensitive information over time and become networked to access wireless services and organizational intranets. Some users may not recognize the security implications and share this information or leave it open to hackers.
The National Institute of Standards and Technology noted several security issues with mobile devices:
I Because of their small size, handheld devices may be left unattended, lost or stolen.
I User authentication may not be enabled, a common default mode, exposing the contents of the device to anyone who carries it.
I Even if user authentication is enabled, the authentication mechanism may be weak (e.g., a four-digit PIN) or easily compromised.
I Once authentication is enabled, the user rarely changes the authentication information.
As workers become more mobile, IT departments have to address the conflicting requirements of increased access and increased security. Those requirements can be addressed through technologies such as VPNs (virtual private

networks) and two-factor authentication through smart cards.
Authentication. Greater security requirements have forced IT departments to develop more complicated models for user authentication. In the past, all a user needed was a user name and password to gain access to a server or application. However, user names and passwords can be shared, and security can easily be compromised using this method.
Two-factor authentication refers to how an employee gains access to an application or data. The factors are usually thought of as "what you know" (a password), "what you have" (a physical token you carry with you), and "who you are" (biometrics, such as a thumbprint). Take, for example, a common ATM card: To access your account, you must know something (your PIN number) and have something (the ATM card itself).
Physical tokens usually come in the form of smart cards or key fobs. Smart cards look like a credit card or a photo-ID badge, but have a small microprocessor embedded inside that can interact with a card reader to establish identity. One of the applications for smart cards is to carry a set of electronic credentials to prove identity.
Key fobs such as the RSA SecurID token have an LCD screen that displays a random code every 60 seconds. The user must enter the code and a password to gain access to the system or data. These technologies are often used for high security computer applications.
Biometrics authenticates a person based on physical or behavioral characteristics such as fingerprints, retina, hands or voice patterns. The advantage of biometrics is that it links authentication to a unique

Hardware l Networks l E-mail l Telephony/Communications l Security 34

Digital signatures

To digitally sign a document, a user creates a special code using an algorithm from the document data and then encrypts this code with a private key. The encrypted code then becomes a digitally signed fingerprint for that document.
Enabling legislation for digital signatures has been in effect since 1997, when the Georgia General Assembly passed a bill providing that wherever a written signature was required by law, an electronic signature would also be considered legally sufficient if the parties agreed.
However, implementation of the act has been slow. Many agencies do not yet see a compelling reason for digital signatures, and funding for establishing a digital signature infrastructure has not been a priority.
GTA is working on establishing digital authentication and access control as part of other initiatives to provide secure remote access for law enforcement. GTA has also begun to explore certificate management. Currently, Georgia has a limited certificate management capability in place. It is sufficient only to support secure SSLbased browser access to resources on the state

network, such as the payment engine used to accept online payment for driver's license renewals.
The Department of Natural Resources has been interested in developing the ability to accept documents that have been signed digitally. The U.S. Environmental Protection Agency has stated that certain reports that DNR receives from industries can be digitally signed. DNR has considered establishing a homemade interim solution to store signed documents, but has expressed interest in joining with other state agencies and migrating to a common statewide digital signature architecture.
Agencies are allowed to use digital signatures; the challenge lies in determining how the technology can be used and finding the resources to implement it. Many business processes may not need a signature for authentication; sometimes a user name and password suffice. After examining current forms and seeing how they can be transferred to an online application, agencies may decide they do not need to implement a digital signature solution.

Improving security at the infrastructure layer is a strategic direction for Georgia.

individual. It is also convenient-- people do not have to carry or remember anything--and accurate. However, this technology is still in its infancy and has not been widely adopted at the state level.
Georgia
Authentication. Until recently, the technical elements needed to provide secure access, including identity management, authentication, and encryption, had generally been implemented at a higher level of the architecture (such as the server level). Today, a limited number of agencies are implementing capabilities such as virtual private networks (VPNs) and two-factor authentication tools at the user level.
The Office of Audits has been using RSA SecurIDs as a second

level of authentication for about three years. The IDs provide access to their system, which contains sensitive information such as health care data and salary information. The IDs are available to all staff, and users have found that the technology is user friendly and provides a second layer of authentication. Audits expects to renew the IDs when they expire this year.
Privacy and security regulations from HIPAA, the Criminal Justice Information System (CJIS) and the Graham-Leach-Bliley Act restrict access to constituent information, requiring stricter security processes among state and local governments. Access to CJIS, for example, requires two-factor authentication. The Georgia Bureau of Investigation will implement two-factor authentication

with physical tokens for 10,00025,000 state and local public safety officers who access the Georgia Crime Information Center. The project is expected to be completed by fall 2005.
Improving security at the infrastructure layer is a strategic direction for Georgia. Elements include identity management, authentication, access control, and encryption. Federal requirements as well as the difficulty of protecting state information from increasingly sophisticated threats underscore the importance of upgrading our infrastructure according to industry best practices. More information security will be implemented at the user level, resulting in less dependency on the application layer security features, such as one-of-a-kind, per-application, security systems.

Hardware l Networks l E-mail l Telephony/Communications l Security 35

Conclusions

Future initiatives may focus on sharing common data elements or developing online solutions for common internal business processes.

This document gives decision-makers information about the direction Georgia is taking in relation to IT trends. Agencies are finding ways to use technology to deliver services more efficiently and securely:
I The Department of Community Health's Medicaid claims system features a document imaging and management system that scans and stores about 200,000 paper claims, inquiries and other correspondence each week.
I The state portal, georgia.gov, has an IVR component that uses voice recognition. Callers using the Department of Motor Vehicle Safety's driver's license renewal application can give information such as their registrant identification number by saying the numbers instead of using the touch-tone phone.
I The Department of Corrections has integrated its workflow into an intranet. All GDC sites are connected to SCRIBE, which provides among other features an automated case management system. The system has enabled employees to access information on a case quickly without having to find the officer in charge of the case.
For the first time, agencies and the executive branch are attempting to look at state government as a whole and to explore how to break out of their siloed approach to planning and executing projects and spending IT dollars. How do they collaborate to make decisions about IT that provide overall benefit to state government and its constituents?
The answer lies in enterprise architecture. Through EA, the state can assess how well IT supports its most important business functions and see where improvements are needed. EA can foster collaboration by helping agencies to:
I Select high-value IT projects that support Georgia's program operations. As discussed earlier, this can be done through portfolio management--making informed decisions based on pre-determined priorities and directing funds toward those projects that are vital to state government.
I Discover opportunities for sharing services--both business and IT--across state agencies. State government is only beginning to scratch the surface in this area. The deployment of the statewide human resources management and financial systems shows how agencies can share common services. Future initiatives may focus on sharing common data elements or developing online solutions for common internal business processes.
I Identify where IT-managed information can be shared across state agencies. Very few systems have the capability to communicate with each other and share information. Learning where these opportunities are can lower some of the barriers to collaboration, promoting innovation and efficiency.
I Identify opportunities for consolidating network services, software licenses, and economies of scale for equipment and services. Procurement initiatives aim to leverage the state's buying power to secure contracts that are more cost-effective. Other opportunities for sharing services and hardware include e-mail and server consolidation.
Governance is a key component to the successful implementation of EA. Through the leadership and guidance of the Governor's Office, Commission for a New Georgia, Agency Heads Advisory Group, CIO Council and Governance Council, state government can make the best use of its technology resources.

36

100 Peachtree Street I Suite 2300 I Atlanta, Georgia 30303-3404 I 404-463-2300 www.gta.georgia.gov