Thursday, April 17, 2014

Complimentary Vulnerability Scans for the Heartbleed Bug

The Governor’s Office of Information Technology is offering a complimentary vulnerability scan to all Colorado’s state and local government entities, as well as nonprofit organizations, to help them determine whether their web applications may be vulnerable to this recent internet threat.

The Heartbleed Internet Bug is a serious vulnerability in the OpenSSL cryptographic software library.  OpenSSL is typically used to secure web applications including some email, instant messaging, and virtual private networks (VPNs).  This vulnerability allows attackers to eavesdrop on communications and impersonate the services and users in order to steal data directly.


If you are interested in taking advantage of this complimentary scan, please complete the attached form and email it to oit_ciso@state.co.us. We will be contacting you to verify your organization information.

Request for Complimentary Heartbleed Scan

1.  Name of Organization ________________________________

2.  Type of Organization:  ____ Local Government   ___ State Government  ___ Non-Profit

3.  IP Addresses to be Scanned:  ______________________
*If you prefer, you can share this directly with an Office of Information Security team member. Just send an email to oit_ciso@state.co.us requesting that we contact you.

4.  Name of Person Requesting Scan:  ______________________

5.  Title of Person Requesting Scan:  _____________________

6.  Contact Details of Person Requesting Scan: 
           
Phone:  ______________________
           
            Email:   _______________________
(for security reasons this must be your official work email)

7.  Below, please list any scan limitations to be followed (e.g., weekends only, weekdays but only between midnight and 6 AM):


Please complete the following attestation and sign below.  When complete, email the form to oit_ciso@state.co.us.

I, __________________________, authorize the Governor’s Office of Information Security to scan the above listed IP addresses within the aforementioned scan limitations for the Heartbleed vulnerability.  By signing below, I confirm that I have the authorization to approve scanning of my network.

___________________________                                          ___________________________
Signature                                                                                 Date


Monday, March 31, 2014

Portal Integrator Contract

The Statewide Internet Portal Authority (SIPA) recently signed a new contract with Colorado Interactive for Portal Integration services. The process began with a Request for Proposals being released June 19, 2013. By signing this contract SIPA has paved the way for governments across Colorado to continue to receive great services including modern websites and payment processing capabilities. It was a long process and a great deal of effort went into the negotiations to ensure that the agreement was beneficial to all involved, including new and existing customers. SIPA has been partnering with Colorado Interactive since 2004 and like any strong relationship it is built on trust, respect, and communication. This new agreement continues the great traditions that have been established and brings about key changes that will allow for greater accountability and improved customer service. 

Some key highlights of this agreement, which becomes effective on May 1, 2014, include the following items:
  • All websites going forward will have an analytical component so users can understand their web traffic and make adjustments according to quantitative data;
  • All websites built on the Drupal Content Management System will have an availability of 99.9 percent;
  • Pages housed within the portal will load within an average of 4 seconds;
  • The Transaction Payment Engine shall average no more than 5 second transaction response times;
  • 100 percent of Service Desk calls will be answered within three rings;
  • Incidents prioritized as critical shall be logged within 15 minutes and a resolution or plan for resolution shall be delivered within 60 minutes. Updates to the partner must be provided every 90 minutes. Timetables exist for high, medium, and low incidents as well;
  • All emails and voicemails left with the Contractor's Service Desk will be responded to within 2 business days;
  • 95 percent of deliverables will be provided within 3 business days of the date identified in the project plan or task order;
  • A business continuity and disaster recovery plan will be delivered annually to SIPA;
  • Insurance related to breach notification is a requirement;
  • Establishes competitive rates for key professional services resources including project managers, business analysts, application developers and others; and
  • This agreement runs for 5 years with options to renew for another 4 years.
The above areas only represent some of the new requirements, terms and conditions of the agreement. As part of the new agreement SIPA, will receive monthly reports related to all performance metrics so appropriate oversight can be applied and a strong relationship with Colorado Interactive can be maintained. 

Over the next several months SIPA and Colorado Interactive will be working together to finalize report formats and work on the best way to get key information out to all of our customers. More communications related to the agreement and its terms and conditions will be posted on SIPA's social media outlets (Facebook & Twitter), this blog, our website, and directly to our customers. To stay in touch with the latest please consider checking these resources from time to time.

I am pleased with the new contract and most importantly I am honored to be able to continue these important services for over 270 state and local governments across Colorado. The number of governments that utilize services provided by SIPA continues to grow each and every year and I take continuing SIPA's commitment to them to be a top priority.

Monday, March 24, 2014

User Conference Survey: Results are In!


The Statewide Internet Portal Authority (SIPA) held a User Conference on March 6, 2014 and over 150 individuals attended. An important element of any event is understanding if it hit the mark with the people who took time out of their day to attend. SIPA surveyed the attendees and asked them to give their input on their experience. Below are the results of that survey.

When asked to rate their overall experience with the conference 95 percent were either Very Satisfied or Satisfied. For SIPA's first conference, of this size and diversity, this is a great starting point and while we will always seek to improve this number sets a high bar.


Throughout the day there were various breakout sessions to learn about a wide range of topics. Below are the ratings from those sessions. All in all, it was a successful day with a lot of great content. No session will meet everyone's needs all of the time. As the numbers show a lot more people were happy with the sessions then unhappy and that is a good sign. The SIPA team truly appreciates all the speakers and presenters who worked to put on a great event.



As you can see above, 50 percent of the respondents rated the session on the new Pacific platform that will be used to build websites on the Official State Web Portal (Colorado.gov) as Excellent. 100 percent rated it as Average, Above Average or Excellent. 


The session discussing SIPA's upcoming products and services was well received with 71 percent rating it as Excellent or Above Average.



Another event that was well received was the Salesforce.com Overview session. 70 percent rated that session as above average which is always a good sign. A complete listing of the ratings for each session can be seen below.

Hear are some of the things people had to say about their experience at the event:

"Great session selections and the repeats allowed me to attend each that I wanted."

"Liked the free flow to choose the topics and be able to make your own experience."

"The overall organization was great; and the sessions, all through short, were informative."

"No Complaints! Obviously quite a bit of thought and planning went into the sessions for them to work as well as they did. A lot of good info given without the sessions being too long and allowed me to visit several areas on information throughout the day!"

Some areas where we will try and improve next year are allowing more time for lunch. With so much to pack into one day we thought it would be great to have everyone bring their lunch back to the sessions so we could get another round in for everyone. That truly did not work as well as we had intended and several people expressed their opinion to simply carve out 30 minutes so they could eat and network a little. This is an easy improvement that we'll implement for next year. Another comment we heard was to have the rooms for the sessions broken into classroom style with a table for note-taking. This is something we'll look into as well and will have to decide upon based on expected attendance next year. If the same number of people attend next year tables we shall have, but if twice as many show up we'll have to skip the tables to fit everyone in the rooms. 

Perhaps the best sign of success for this event is that 100 percent of people when asked if they would attend a similar event next year said yes. SIPA thanks all the attendees of the event and appreciates the time they took out of their day to attend. We look forward to seeing you next year. 

Ratings for the Other Sessions


Monday, March 17, 2014

Customer Profile: Greenwood Village

Statewide Internet Portal Authority

Google Apps for Government
The City of Greenwood Village serves as the municipal government for around 14,000 residents and is located immediately south of  Denver in Arapahoe County. Through SIPA, the city receives Google Apps for Government and signed its EGE Agreement with SIPA around December of 2010. Andy Atencio, the City of Greenwood Village’s Chief Technology Officer, says that the city went live with Google Apps in March of 2012 and the implementation only took two to three weeks.

Benefits of Google Apps 
As a result of receiving Google Apps from SIPA, city staff have an increased ability to communicate with each other about information internally, and may be able to respond a little more effectively to citizens remotely or during off-hours. With Google, City of Greenwood Village staff are now able to get emails easier than by hosting themselves because they are available through any connected device. 

Before and After
Regarding the experience before and after acquiring Google Apps through SIPA, the City of Greenwood Village is saving money and resources, as hosting emails with Google saves the city about 15 to 20% per year in cost compared to the city hosting themselves. The city also saves on staff time as it does not have to manage or maintain an email server and system. The City of Greenwood Village can rely on Google for support which frees up resources for staff to do other things than continually managing email. Also, receiving Google Apps through SIPA saves the citizens’ money because the city is saving money.

Working with SIPA
The City of Greenwood Village found out about SIPA through CGAIT (Colorado Government Association of Information Technology), and Mr. Atencio says the implementation process for acquiring Google Apps through SIPA was extremely easy. He relays the city’s staff were amazed, as the migration was about a 3 week process, extremely quick, very well-handled, and the city didn’t lose anything at all. Mr. Atencio states the migration was probably the most effective and successful migration from any perspective in the 13 years he has been at the City of Greenwood Village. The city couldn’t have been happier with the ease of migration, quickness, and the stability of the product. 

Future Services
Statewide Internet Portal AuthorityThe City of Greenwood Village sees itself potentially using SIPA in the future for other services as it is constantly watching what SIPA is doing as far as providing services. As Mr. Atencio states, the city hasn’t used other services at this point, but that doesn’t mean it will not in the future. On behalf of the City of Greenwood Village, from the experience of receiving Google Apps through SIPA, Mr. Atencio is most pleased with the ease of the transition and the support that was received from SIPA as well as getting connected with Tempus Nova to manage the transition was great.

For more information about the City of Greenwood Village, visit www.greenwoodvillage.com.

Monday, March 10, 2014

User Conference Wrap up

On Thursday, March 6, 2014 SIPA held its 1st User Conference. It was a terrific event with over 150 attendees from state and local governments all across Colorado. The sessions ranged from cyber security to Google and from Salesforce to PCI Compliance. Being able to interact and answer questions from so many of our existing and potential customers was perfect and the SIPA team was humbled by the experience. Here are a few thoughts and photos from the event. 

Jack Arrowsmith, SIPA Board Chairman
A big thank you goes out to Jack Arrowsmith, SIPA's Board Chairman. He was a big part of the day and was available to shake hands with all of the government representatives receiving grants on behalf of their communities. I would also like to thank Representative Max Tyler and Senator Gail Schwartz (SIPA Board Members) for stopping by and assisting us by giving an opening welcome to our guests. 

The SIPA team assists a guest with selecting what sessions to attend.

The event could not have happened without the great work effort of the SIPA staff and all of their planning and organizing activities. We had an entire portion of the Ralph Carr Judicial Building booked for the better part of the day. Way to go team!

Presenters at the User Conference looking through the material.

Thanks to the great work of our partners we were able to have sessions on Cyber Security, PCI Compliance, Salesforce.com, Digital Trends, Cloud Storage, Cellular Mapping, Google, and many other areas. SIPA has tremendous partners in Colorado Interactive, Mobile Pulse, Coalfire, Deloitte, Tempus Nova, Google, Salesforce.com, Verizon Terremark, GTRI, Perceptive Software, and everyone else who made this day a success by presenting or working behind the scenes.


Senator Gail Schwartz (Board Member) talking with an attendee.
John Conley, SIPA Executive Director talking with Romaine P. after the SIPA Overview session.
I gave a presentation on SIPA and Why, How, and When to work with SIPA. It is always great to talk about the many things SIPA does to assist governments throughout Colorado. I am privileged to be part of an organization that always focuses on customer service and provides so many solutions. Whenever I give these overviews I am amazed with how far the organization has come in the past 5 years.

Brian Blatt and Riley Rhodes leading the discussion on Salesforce.com and all of its capabilities.
Rick Dakin, Coalfire discusses PCI Compliance
An attending talking about how important it is for his community to get redundant Internet.
Catherine Kunst, SIPA Director of Operations presenting on SIPA's coming soon services.
Catherine joined the SIPA team in August 2013 and her contribution to the organization has been tremendous. At the User Conference she led discussions on a Land Records Management System and discussed SIPA's upcoming services which include Digital Transaction Management, Mapping, Cloud Telephony and Verizon Cloud Services.

A slide from the Google presentation. 5 million businesses have gone Google and so have 23 governments across Colorado. 
A map of all the SIPA grant winners since 2010. 
The SIPA grant program was started in 2010 and since that time SIPA has awarded 88 grants and given out over $400,000 in cash awards. If you were to include the in-kind services the number would easily be over $500,000. 
Rep. Gerou (R), Rep. Rankin, SIPA Board Member (M),  Deputy Administration Lisa Pine, Genesee Fire Rescue (L) networking at the reception.
After the breakout sessions were over SIPA pulled everyone together for a grant ceremony and networking reception. It was a great way to end the day and the perfect way to say thank you to all who came and made the day a tremendous success. 

Monday, February 10, 2014

Websites are Cranking

In October, I wrote a blog that the Statewide Internet Portal Authority (SIPA) and our partner Colorado Interactive (CI) were back to designing, hosting, managing, and developing websites, at no cost, for government customers across Colorado. This was after a year had passed allowing us to completely change the platform we use to manage our websites. Since that blog post on October 21, 2013 the teams have been working with customers to get new websites out the door and we have released a double digit number of sites with some of the newest being  Department of Personnel and Administration, Colorado's Water Plan, Town of Nucla and BrandColorado

These are exciting times and the word has gotten out about the new system's capabilities as we have 9 more sites in different phases of design and 1 of those will go live this week after only taking a few days time to input the content once training was completed. The new Pacific Web Content Management System (WCMS) is working as designed and is able to crank out a high number of sites thanks to the professionalism of the team members who have worked to streamline the user interface, have created a simplistic administrative workflow and have completely revamped how training is delivered to the end users. I am proud to be a part of this initiative. We are breaking down old stereotypes and long held opinions of what it use to mean to get a website. 

In the process of revamping the WCMS solution we also broke our historical service delivery and communication process and replaced it with an entire new way of doing business. It is still not as smooth or as ingrained as I would like, but we continually make tweaks and improvements as we move forward. The important thing is we are always marching forward.

This past week we announced the 4 pilot agencies that will be moving from the old Fatwire platform to the Pacific WCMS. These agencies are excited about the opportunity to move forward even if they are a little nervous about the work that is ahead of them. To help calm their nerves and the nerves of those that come after them we have put together a support structure that is intense. This support structure includes
  • A program manager; 
  • A product manager;
  • 4 Pacific Surfers (resources dedicated to supporting the redesign and migration efforts);
  • Video trainings;
  • Draft communications to be sent to the agency personnel;
  • Lunch and learns; and
  • Question and answer sessions with leadership and much more. 

Through the efforts of our communications team we have developed a dedicated website for this initiative at www.colorado.gov/goingpacific that everyone interested in keeping up to date on happenings should bookmark and visit frequently. Part of that site includes a webform where anyone can ask questions about the initiative and have the team respond to them. Of course, if you are reporting an outage or impacted service that is not related to Pacific you should use the normal service desk process that has always been available to our customers. 

We encourage everyone to follow us on Twitter and Facebook as we make announcements related to upcoming events, features, improvements and general happenings on these outlets. All of these things are intended to make it easier on our customers who have to migrate to the new WCMS. While the structure is large it is also very agile and flexible. Several times throughout any given week the team is meeting to talk about what is working, what needs improving and what needs scrapping all together. It is awesome to see them working together, receiving feedback directly from the customers and continually improving the process. While challenges and setbacks exist on the road ahead this platform and this team are prepared to deal with them quickly and efficiently and will always be communicating with all the stakeholders so everyone is aware of what is happening. 

This level of communication will become the new standard on how SIPA deals with large scale projects that impact our entire customer base. So look for more announcements related to other large scale initiatives being led by SIPA and our partners.

If you are interested in learning more about the Pacific WCMS and about the other services SIPA offers register for our free upcoming user conference by clicking on the link below. 

http://goo.gl/c3DgkK

Monday, February 3, 2014

Request for Audit Services


The Statewide Internet Portal Authority is pleased to release a Request for Proposals for Audit Services. This request for service is available on the SIPA website at www.colorado.gov/sipa under the Highlights section. 

If you are interested in learning more about this opportunity please read the complete document and follow the instructions contained within the Request for Proposals. Questions pertaining to the request must be received by 3:00 PM on February 18, 2014 and proposals are due on March 6, 2014 at 4:00 PM.

SIPA's other RFP for Fraud Risk Assessment Services closes soon. If you are interested in submitting proposals for that RFP please be sure to check out our website under the Highlights section or follow this link.