For Paul Williams, CIO of Virginia ABC, attraction to the business initially came from the scale of opportunity to improve it. It was an exciting challenge for Williams. He was keen to get his hands on the organisation’s IT and reshape it. He started as a contractor CIO, and later converted to his current staff role to advance the Virginia ABC’s IT infrastructure.
“It was easy to see that things weren’t going so well for Virginia ABC,” he explains. “In the four years prior to me joining, they had few project successes to celebrate. The two major projects – on-deck ERP and licensing replacements – were stalled. The ERP replacement project had been running for at least three years at a huge internal cost. We needed to completely alter our approach to how we executed projects.”
Strategising for IT independence
A 2014 report noted Virginia ABC was in serious technical debt. Modernisation was essential to avoid degradation in capabilities. It took a couple of years for action to come from this conclusion. The suggested change was to allow Virginia ABC to operate more like an independent business retailer than a state agency.
Virginia ABC’s transition from an agency to an authority was encoded into law, with the specific language envisaging ABC having the ability to choose how to execute its mission. This included choosing who provided IT and other services. The Virginia Information Technology Agency (VITA) controlled the network, the data centres and hosts, the end-user computing environment, and owned all the enterprise user computers.
“We knew VITA services were not a good fit for ABC, but full migration off their infrastructure was simply unachievable in 18 months,” says Williams. “However, it did empower us to create a migration roadmap with incremental services migrating to ABC control.”
Avoiding IT obsolescence
This all feeds into Virginia ABC’s desire to become sustainable over time. Having to ask for funding to upgrade every 3-5 years risks a single denied approval, creating cascading obsolescence.
“We’ve contained most of our sensitive data into a few core systems,” Williams explains. “Other areas of focus have also been applied, such as multi-factor authentication and zero trust, as expectations evolve. We now feel well placed for the remaining areas we have to work on, but we’re dependent on our business partners prioritising these new areas. We’ve been very fortunate so far, in that our efforts have been cost-neutral or cost-saving.”