Note from Colorado’s Secretary of Technology & CIO

Dear Customer,

You may have noticed this quarter's newsletter is coming to you with a fresh look. We’ve updated the name of our newsletter to better reflect the work that we do and the importance of the relationship we have with our customers. Our role is to help connect you with the technology needed for your agency mission. To understand your needs, we need to have a meaningful connection with you. As we start FY18, I look forward to building better connections with our state workforce and connecting you with the technology solutions that will build a better Colorado.


Suma Nallapati
Secretary of Technology & CIO

Major Incident Management For You
New Walk & Talk Interview Highlights How It Works

When there is a IT issue that impacts many people, like an application isn’t working or a system is down, it’s described in IT terms as a major incident. OIT has a team devoted to managing major incidents. They are charged with bringing the appropriate individuals and teams from OIT together to coordinate the work of getting the issue fixed. They are also responsible for notifying all of OIT of the incident through the Major Incident Management dashboard. This is a subscription service designed for OIT staff, but we’ve also made it available to our customers. You can sign up to receive major incident management notifications for your agency.

Our Digital Transformation Officer Brandon Williams caught up with one of OIT’s major incident managers to find out a little more about what that team does

Want to see more of Brandon’s Walk & Talks? Click here for the full series.

Google Drive is Secure.
Are You Doing Your Part to Keep it That Way?

The suite of apps in Google Drive is one of the most utilized collaboration tools available to the state workforce. In fact, to date there are 18 million files stored in Drive on the state domain. A topic that often comes up when talking about Drive is security. Drive, like all the apps in the state G-Suite, is covered under the Business Associate's Agreement (BAA) with Google. This along with the FEDRAMP Certification makes Google a secure and viable option.

But as a Drive user you still have to do your part to make sure that sensitive state data is not easily found through an internet search. To help you understand best practices when sharing files in Drive we’ve created a cheat sheet on TechU.

Haven’t used TechU yet? Check it out for more tips and tricks for state tools.

State Printers Go Green & Gain Security

Did you know that printers, just like our computers, can be the target of hackers? While we’ve all taken steps to better secure our accounts like using 2-Step Verification and taking our quarterly security training, the Department of Personnel & Administration’s (DPA) Integrated Document Solutions (IDS) is now partnering with OIT and Xerox to secure our state office printers through the IDS Multifunction Printer Program (MFP). The proof of concept began when the project teams performed print assessments for all printers and copiers at DPA locations and at the OIT headquarters location. Once the results of these assessments are analyzed, the project team will be able to deploy features on all printers and multi-function devices that will create a standardized and secure managed print environment for our office printers.

This managed print service is also more environmentally friendly. Less energy to run printers is just one of the green features. In the coming months this project will be expanding to all executive branch agencies. Stay tuned -- you’ll be hearing more about it from your agency soon.

Security Team Hard at Work Fighting Ransomware

Recently a ransomware attack called WannaCry hit dozens of countries, including the United States. While many businesses realized they needed to firm up their IT security practices, OIT was ahead of the curve with patches and updates -- so most state machines were protected against the ransomware. Chief Information Security Officer Deborah Blyth says she is proud of the groundwork that OIT has laid to ensure state computers are up-to-date and not easily attacked. She says, “This is unfortunate and all too common. Enterprises are being forced to make business decisions on whether or not they should pay the ransom. But there are several things they can do to protect themselves.”

Blyth shares the steps that OIT is taking to protect the state enterprise:
  • Ensuring visibility across the network by having the correct security tools in place so that anomalous behavior is quickly identified
  • Implementing technical controls to ensure that users cannot encrypt file shares
  • Periodically testing the restore process to make sure the backups are working 
  • Educating users and ensuring they understand the risks of clicking on unsolicited links contained within email