Every year, the National Association of State CIOs (NASCIO) surveys its membership to identify state IT leaders’ top policy and technology priorities for the year ahead. It’s a good way to identify emerging trends and see where often-limited resources will be invested by state governments. The list can help State CIOs validate that they aren’t alone in the fight; it can also be a valuable advocacy resource for educating policy makers on the similar challenges being experienced across the country. 
 
This year’s list was different — it made history. For the first time, there was a tie for the top spot: Cybersecurity and Digital Government/Digital Services share the title. But more important than the tie itself, in my opinion, is the two entities at the top. Whether we’ve historically admitted it or not, whether we’ve even realized it, effective cybersecurity and efficient digital services have always been dependent on each other. That is: the actions or inactions of one of them have very direct and significant implications for the other. We’ve all heard the joke that the only way to truly be immune from a breach is to unplug everything... but of course, that would make digital services impossible. A more realistic and optimistic approach? Replacing legacy systems with modernized applications . This makes a big impact on digital services. It also retires some of the most vulnerable systems in the ecosystem and inherently reduces security liabilities. In short, doing Enterprise IT well requires that tech executives balance the need to secure the threat landscape with the demands of citizens and constituents who want better digital services from government. 

If Enterprise IT is a Venn diagram comprised of cybersecurity on one side and digital services on the other, visibility and discovery of digital assets sits squarely at the intersection of the two. We can't protect digital assets if we don't know they exist, and we can't possibly design for effective digital transformation if we don’t know what’s in a portfolio. And we certainly can't design solutions for the future if we’re constantly being pulled backwards into incident response mode. In describing the need for this balance, I like to think of the way a head coach in football has to balance the needs of the entire team. Great coaches manage the balance between their offense, defense, and special players. Enterprise IT is no different in that it requires us to balance the demands of cybersecurity, digital transformation, and special projects while understanding the impact each unit has on the other. 

Perhaps no area makes this responsibility more challenging than the cloud. Cloud computing offers tremendous benefits from speed and scale to resiliency. It also offers a brand-new frontier of cybersecurity threats to defend against. 

As mentioned above, there are some changes of note this year. For the first time in more than a decade, cybersecurity is not the number one priority — it tied with digital government/digital services. Cybersecurity continues to be critical for state governments, especially given the widespread ransomware attacks on state and local governments. Protecting against threats in the cloud can be a challenging task; it requires understanding different risks spanning misconfigurations, vulnerabilities, identities, network exposures, data, and secrets, and knowledge of how they correlate to result in an attack path in the environment. To effectively protect against those attack paths that can compromise states’ data, Wiz for Government provides a comprehensive cloud security solution with full stack visibility, continuous risk reduction, and compliance reporting. 

The interest in the other #1 priority, digital government and digital services, may be a follow-up effect of the pandemic, when many agencies suddenly had to figure out how to deliver services not just online, but on users’ smartphones. This customer-centric approach, intended to improve outcomes, is something agencies are taking very seriously. 

It's no surprise the #3 spot goes to artificial intelligence (AI) for the first time. Agencies are working through whether and how to adopt AI, what policies they need in place, how to use bots and digital assistants effectively, and how citizens will interact with non-human helpers. To help agencies with this venture, Wiz can enforce AI security best practices with its AI-Security Posture Management (AI-SPM) capabilities. As part of these capabilities, Wiz’s AI-Bill of Materials (AI-BOM) can uncover shadow AI by providing full-stack visibility into agencies AI pipelines and resources. Wiz then identifies any misconfigurations in agencies’ AI services, such as OpenAI and Amazon Sagemaker, with built-in configuration rules. Wiz also detects risks across AI pipelines, such as sensitive data or exposed cloud keys in AI training sets. 

Legacy modernization is in the #4 spot on the list, as states continue to wrestle with their infrastructure debt. Issues surrounding #5, workforce, may have eased a little since it dropped from the third spot in 2023. And while workforce pressures may have lessened, security teams can’t hire as quickly as their IT ecosystems grow and organizations often face skill gaps and staffing shortage in cybersecurity. To help bridge this gap, Wiz helps organizations democratize security with graph-based risk visualization and prioritization that is simple to use. This enables customers to scale security as their cloud environment grows without having to constantly increase staffing. 

In our internet- and cloud-based era, priority #6, data management and data analytics, continues to garner attention. It includes governance; roles and responsibilities; data architecture and big data; data strategies; business intelligence; and predictive analytics. Data security also becomes increasingly important for state governments running in the cloud, which is why it's important for them to detect and protect sensitive data across their environment. Wiz’s DSPM capabilities make it easy to detect sensitive data and remove attack paths.  

#7 on the list is another customer/resident priority: broadband/wireless connectivity. Connectivity certainly demonstrated its importance during the pandemic, when people living in rural communities found themselves more isolated than ever if they needed to rely on telemedicine or if their children had difficulty attending school virtually.  

Coming in at #8, identity and access management (IAM) stands as its own priority, even though it is integral to cybersecurity. To protect against identity risks, Wiz offers Cloud Infrastructure Entitlement Management (CIEM) capabilities that analyze cloud entitlements and auto-generate least-privilege policies across agencies’ clouds. This helps teams visualize, detect, prioritize, and remediate IAM risks. 

While most state and local governments make some use of the cloud, the #9 priority, cloud services, demonstrates that agencies are still trying to figure out the most efficient and cost-effective ways to implement cloud solutions. They're working on developing a cloud strategy, understanding the different service and deployment models, harnessing cloud capabilities for scalable and elastic services, defining procurement procedures, and figuring out how to manage services. Government agencies still have cloud security and privacy concerns, since they hold vast repositories of citizens' sensitive personal information.  

Coming in at #10, CIO as broker/new operating model reflects how states are rethinking the role of the CIO: as a trusted advisor and the ultimate business relationship manager. State CIOs also see their roles as collaborating with agencies regarding strategy and operations and effectively managing industry partners.   

The full NASCIO list: 

1. Cybersecurity tied with Digital government and digital services 

3. AI, machine learning and robotic process automation 

4. Legacy modernization 

5. Workforce 

6. Data management and data analytics 

7. Broadband/wireless connectivity 

8. Identity and access management 

9. Cloud services 

10. CIO as broker/new operating model 

Learn more how Wiz helps state government agencies address these priorities on the Wiz for Government webpage. If you prefer a live demo, we would love to connect with you.