EOTSS by the Numbers
400 Cloud migrations since 2017
200 Video production in FY20 & FY21
2.1M Clicks COVID-19 Chatbot interactions since 2020
19,500 Devices deployed since 2020
5 out of 9 Secretariat networks managed
452 Employees
300+ Enterprise contract & software license transactions since 2020
28 Digital & Data cross-agency engagements since 2020
42,811 MFA enrollments since 2020
19 ServiceNow development projects
214 IT recruits for Executive Branch
965M Mass.gov pageviews since July 2019
10 Strategy cross-agency engagements since 2020
25,016 VPN enrollments since 2020
1,613 e-Discovery requests since 2020
118 Capital projects overseen in FY20 & FY21
13 New MassGIS applications & services
100+ State agencies supported
43,312 Devices managed as of 3/1/22
69,719 Mass.gov pages produced since 2017
EOTSS Organizational Structure
Secretary and Chief Information Officer
- Chief of Staff
- Capital Planning & Management
- Secretariat CIOs
- Assistant Secretary & Chief Engagement Officer
- Data
- Digital
- Engagement
- GIS
- Municipal
- Strategy
- Interoperable Communications Bureau
- Assistant Secretary & Chief Administrative Officer
- Contract Management
- Finance
- HR
- Procurement
- Assistant Secretary of Technology, Security, and Operations & Chief Operating Officer
- End User Services
- Information Security
- Operations
- Technology
- Assistant Secretary for Policy & Planning
- Communications
- Enterprise Policy & Planning
- Legislative & External Affairs
- General Counsel & Chief Privacy Officer
- eDiscovery
- Legal
- Privacy
- Risk & Compliance
End User Support and IT Services
2021 Service Catalog Cases Opened and Closed
- 62,000/year
- 5,166 average/month
2021 Resolved Incidents
- 52,564/year
- 4,295 average/month
$188M
- FY20 and FY21 Spending on Procurement of Software, Hardware, Vendor Implementation, and Saas/PaaS/IaaS/Cloud Migrations
EOTSS Top Ten Priorities
-
Continuity of Government Services: Ensure that solutions fit within the Modern Workplace framework and consider disaster recovery and the continuity of operations.
-
Business Resiliency: Applications and systems should move to approved cloud and modern third-party hosting solutions equipped to handle unexpected events and still perform at scale.
-
Scalability: Applications and systems should move to approved cloud and modern third-party hosting solutions that can scale up capacity to meet processing demands.
-
Security: All solutions and infrastructure should provide for end-to-end security with priority focus on cybersecurity and risk management.
-
Mobility: Ensuring workforce mobility through the Modern Workplace Program, associated collaborative toolsets, mobile device management solutions, and mobile application management solutions.
-
Accessibility: The ability to make information available to all authorized systems and users at any time and in any place in a secure, timely, and efficient manner.
-
Availability: All infrastructure should be fault tolerant, with the ability to switch over to alternate systems as needed.
-
Flexibility: Agencies should maintain the ability to add new services and/or functionality to a system without requiring a significant effort.
-
Transparency: Provide clear, simple, and well-defined interfaces, APIs and/or services to enable system and user interactions.
-
Citizen-Centric Government: Citizen-centric government is focused on user-centric design. Agencies must consider the full citizen user experience and tailor solutions to how real users interact with government services.
Modern Workplace Program
Modern Workplace Program
9 Secretariats
100 Executive Branch Agencies
7 Independent & Constitutional Agencies
109 TB Personal files migrated to OneDrive
19,500 New laptops/devices
88 TB Group file shares migrated to Sharepoint
42,027 Mailboxes migrated
272 Commonwealth-wide training sessions
50+ Weekly Office Hours with Microsoft training team
Security Operations Center (SOC)
The three main pillars support all SOC operations.
-
Incident Response & Reporting Framework (IRR)
A centralized team coordinates and manages security incident responses
Redrafted enterprise Incident Response Plan and Reporting Framework that promotes information analysis & sharing across federal, state, and local partners
Updating the workflow for incident ticketing and tracking to align with plan changes
EOTSS is developing its own table-top exercises in addition to those planned with external partners
Provides situational awareness
Conducts after-action analysis and reporting
-
Security Information & Event Management (SIEM)
An enterprise SIEM platform routinely analyzes millions of data points that traverses the Commonwealth’s networks each day to detect and alert the SOC to threats and suspicious activity
Rebuilt SIEM over the past 18 months so it can now incorporate all potential security event data sources, enabling broader analysis and faster, more accurate event correlation
EOTSS continues to expand capacity by continuing to add data sources (logs, files, network, apps, etc.)
-
Vulnerability Management Program (VMP)
EOTSS manages central scanning services for all MA applications and systems (now scanning 20,000 devices per month and growing)
Centralized and updated patch management and reporting processes across all secretariats
Implemented weekly, third-party application penetration testing (pen tests), paying particular attention to the state’s most critical applications.
Launched increased cadence of phishing campaigns across all agencies
US Department of Homeland Security (DHS) also provides monthly vulnerability scanning on MA applications and systems
The Multi-State Information Sharing & Analysis Center (MS-ISAC) provides real-time alerting for security events
One Network Phase 1 Objectives
One Network Phase 1 Objectives
-
Resolve security concerns by migrating all internet ingress and egress at the secretariat level to the center, so that EOTSS could control and monitor network traffic leveraging enterprise infrastructure and security tools.
-
Inventory the private IP addresses in use, create an enterprise private IP address management strategy, and eliminate any overlap that existed within the Executive Branch amongst the nine secretariats.
One Network 2021 Milestones
One Network 2021 Milestones
Completed the core network infrastructure and internet service redesign plan that transitions the current service from Chelsea (MITC) and Springfield (SDC) to modern, third-party facilities in Boston and Lowell that will ensure higher network availability, resiliency, and security.
Secured the new primary and secondary network infrastructure locations to support the upcoming transition from state-owned and operated facilities.
IT Capital Planning Guiding Principles
IT Capital Planning Guiding Principles
Agencies must demonstrate how a proposed project:
-
Improves the delivery of government services:
More and/or better constituent-facing digital and business services
Pre-defined business process re-engineering/improvements that are further improved and verified throughout the project
Clear cost benefits (return on investment) in combination with enhanced and measurable constituent value (e.g., quicker turn-around, fewer errors, etc.)
-
Uses technology to better serve constituents more securely and most cost effectively:
Enhancing digital security, enabling end-user seamless ease-of-use, and/or enhancing overall service delivery performance
Technologies that can benefit and be leveraged by multiple agencies
Use of third-party technologies with minimal customization (e.g., COTS, SaaS)
-
Is positioned to succeed and be operationally supportable over its useful lives:
The Business is the primary sponsor of the project, and is committed to proper governance and resourcing throughout the system’s implementation and operational life
Clear delivery points that provide constituent value in short amounts of time (< 1 year)
A plan to sustain the business outcomes upon completion (money and resources)
A project leadership team with a proven track-record of success in leading business-focused projects and an understanding of the technologies needed to achieve the business goals
Leveraging lessons learned throughout the Commonwealth (technical, business re-engineering, history with vendors, etc.)
Date published: | May 10, 2022 |
---|