EOTSS Annual Report 2022 Graphics

400 Cloud migrations since 2017 

200 Video production in FY20 & FY21 

2.1M Clicks COVID-19 Chatbot interactions since 2020 

19,500 Devices deployed since 2020 

5 out of 9 Secretariat networks managed 

452 Employees 

300+ Enterprise contract & software license transactions since 2020 

28 Digital & Data cross-agency engagements since 2020 

42,811 MFA enrollments since 2020 

19 ServiceNow development projects 

214 IT recruits for Executive Branch 

965M Mass.gov pageviews since July 2019 

10 Strategy cross-agency engagements since 2020 

25,016 VPN enrollments since 2020 

1,613 e-Discovery requests since 2020 

118 Capital projects overseen in FY20 & FY21 

13 New MassGIS applications & services 

100+ State agencies supported 

43,312 Devices managed as of 3/1/22 

69,719 Mass.gov pages produced since 2017 

Return to previous page

Secretary and Chief Information Officer

• Chief of Staff
• Capital Planning & Management
• Secretariat CIOs
• Assistant Secretary & Chief Engagement Officer
  • Data
  • Digital
  • Engagement
  • GIS
  • Municipal
  • Strategy
  • Interoperable Communications Bureau
• Assistant Secretary & Chief Administrative Officer
  • Contract Management
  • Finance
  • HR
  • Procurement
• Assistant Secretary of Technology, Security, and Operations & Chief Operating Officer
  • End User Services
  • Information Security
  • Operations
  • Technology
• Assistant Secretary for Policy & Planning
  • Communications
  • Enterprise Policy & Planning
  • Legislative & External Affairs
• General Counsel & Chief Privacy Officer
  • eDiscovery
  • Legal
  • Privacy
  • Risk & Compliance

Return to previous page

2021 Service Catalog Cases Opened and Closed

• 62,000/year
• 5,166 average/month

2021 Resolved Incidents

• 52,564/year
• 4,295 average/month

$188M

• FY20 and FY21 Spending on Procurement of Software, Hardware, Vendor Implementation, and Saas/PaaS/IaaS/Cloud Migrations

Return to previous page

1. Continuity of Government Services: Ensure that solutions fit within the Modern Workplace framework and consider disaster recovery and the continuity of operations.  

2. Business Resiliency: Applications and systems should move to approved cloud and modern third-party hosting solutions equipped to handle unexpected events and still perform at scale. 

3. Scalability: Applications and systems should move to approved cloud and modern third-party hosting solutions that can scale up capacity to meet processing demands.  

4. Security: All solutions and infrastructure should provide for end-to-end security with priority focus on cybersecurity and risk management. 

5. Mobility: Ensuring workforce mobility through the Modern Workplace Program, associated collaborative toolsets, mobile device management solutions, and mobile application management solutions. 

6. Accessibility: The ability to make information available to all authorized systems and users at any time and in any place in a secure, timely, and efficient manner. 

7. Availability: All infrastructure should be fault tolerant, with the ability to switch over to alternate systems as needed. 

8. Flexibility: Agencies should maintain the ability to add new services and/or functionality to a system without requiring a significant effort. 

9. Transparency: Provide clear, simple, and well-defined interfaces, APIs and/or services to enable system and user interactions. 

10. Citizen-Centric Government: Citizen-centric government is focused on user-centric design. Agencies must consider the full citizen user experience and tailor solutions to how real users interact with government services. 

Return to previous page.

Modern Workplace Program

9 Secretariats 

100 Executive Branch Agencies

7 Independent & Constitutional Agencies 

109 TB Personal files migrated to OneDrive 

19,500 New laptops/devices 

88 TB Group file shares migrated to Sharepoint 

42,027 Mailboxes migrated 

272 Commonwealth-wide training sessions 

50+ Weekly Office Hours with Microsoft training team 

Return to previous page.

The three main pillars support all SOC operations.  

1. Incident Response & Reporting Framework (IRR) 

• A centralized team coordinates and manages security incident responses 

• Redrafted enterprise Incident Response Plan and Reporting Framework that promotes information analysis & sharing across federal, state, and local partners 

• Updating the workflow for incident ticketing and tracking to align with plan changes  

• EOTSS is developing its own table-top exercises in addition to those planned with external partners 

• Provides situational awareness

• Conducts after-action analysis and reporting 

2. Security Information & Event Management (SIEM) 

• An enterprise SIEM platform routinely analyzes millions of data points that traverses the Commonwealth’s networks each day to detect and alert the SOC to threats and suspicious activity 

• Rebuilt SIEM over the past 18 months so it can now incorporate all potential security event data sources, enabling broader analysis and faster, more accurate event correlation  

• EOTSS continues to expand capacity by continuing to add data sources (logs, files, network, apps, etc.) 

3. Vulnerability Management Program (VMP)

• EOTSS manages central scanning services for all MA applications and systems (now scanning 20,000 devices per month and growing)  

• Centralized and updated patch management and reporting processes across all secretariats 

• Implemented weekly, third-party application penetration testing (pen tests), paying particular attention to the state’s most critical applications.  

• Launched increased cadence of phishing campaigns across all agencies 

• US Department of Homeland Security (DHS) also provides monthly vulnerability scanning on MA applications and systems 

• The Multi-State Information Sharing & Analysis Center (MS-ISAC) provides real-time alerting for security events

Return to previous page.

One Network Phase 1 Objectives

1. Resolve security concerns by migrating all internet ingress and egress at the secretariat level to the center, so that EOTSS could control and monitor network traffic leveraging enterprise infrastructure and security tools. 

2. Inventory the private IP addresses in use, create an enterprise private IP address management strategy, and eliminate any overlap that existed within the Executive Branch amongst the nine secretariats.

Return to previous page.

One Network 2021 Milestones

• Completed the core network infrastructure and internet service redesign plan that transitions the current service from Chelsea (MITC) and Springfield (SDC) to modern, third-party facilities in Boston and Lowell that will ensure higher network availability, resiliency, and security.   

• Secured the new primary and secondary network infrastructure locations to support the upcoming transition from state-owned and operated facilities.  

Return to previous page.

IT Capital Planning Guiding Principles

Agencies must demonstrate how a proposed project:  

1. Improves the delivery of government services:  

• More and/or better constituent-facing digital and business services  

• Pre-defined business process re-engineering/improvements that are further improved and verified throughout the project  

• Clear cost benefits (return on investment) in combination with enhanced and measurable constituent value (e.g., quicker turn-around, fewer errors, etc.)  

2. Uses technology to better serve constituents more securely and most cost effectively:  

• Enhancing digital security, enabling end-user seamless ease-of-use, and/or enhancing overall service delivery performance  

• Technologies that can benefit and be leveraged by multiple agencies  

• Use of third-party technologies with minimal customization (e.g., COTS, SaaS)  

3. Is positioned to succeed and be operationally supportable over its useful lives:  

• The Business is the primary sponsor of the project, and is committed to proper governance and resourcing throughout the system’s implementation and operational life  

• Clear delivery points that provide constituent value in short amounts of time (< 1 year)  

• A plan to sustain the business outcomes upon completion (money and resources)  

• A project leadership team with a proven track-record of success in leading business-focused projects and an understanding of the technologies needed to achieve the business goals  

• Leveraging lessons learned throughout the Commonwealth (technical, business re-engineering, history with vendors, etc.)  

Return to previous page.