Addressing 2025 technology priorities for state CIOs
Cyber security and risk management has been the No. 1 priority for state CIOs for the last 12 years. And there it is, yet again, right at the top for 2025, according to the National Association of State Chief Information Officers (NASCIO). Surprising? Not really.
Cyber security is complex and expansive, and with every new technology that emerges, the threat landscape grows. For state agencies and other large organizations, cyber security is a journey of transforming processes and tools in a constantly changing environment.
Cloud transformation completely altered the cyber security stack that was previously deployed. Then modern application development increased the threat landscape with microservices and APIs. And the list goes on. Now add in artificial intelligence (AI). The CIO and CISO cyber challenge is immense. Adopting new security frameworks, integrating old with new technologies, changing processes, and dealing with humans — all while remaining compliant and improving governance — makes for a long journey.
So, will cyber security and risk management ever move off the top spot of a CIO's priority list? Innovation would have to completely stop or a game-changing defense capability would have to appear.
Until one of those things happens, we believe states should enact a Zero Trust strategy, similar to the strategy implemented by the federal government. The timing is right. That framework has gathered a strong backing from the cyber community. And thanks to the work of the Department of Homeland Security / Cyber security and Infrastructure Security Agency, there are comprehensive tools that provide definitions, methods, and a maturity model for agencies to follow.
Admittedly, you could say that Zero Trust is just another security framework, but it’s more than that. Zero Trust is a data-centric cyber modernization approach that goes beyond the traditional, network-centric models where firewalls and sensors were expected to stop threats. Zero Trust acknowledges breaches will occur. It requires continuous authentication and monitoring along with automated risk mitigation to protect environments and systems in a modern world where data is king. Interestingly, AI could help teams meet more of their cyber security objectives and eventually dethrone cyber security from the top of the CIO list.
AI is loud and proud
AI has gone mainstream. There is more being written on AI now than any other technology topic. So it’s not surprising that AI moved up to the No. 2 spot in CIO priorities. Yet we know that there is still a common misunderstanding of what AI actually is and how it will be used, supported, and secured.
AI is a foundational technology that will impact many markets, products, and processes. And if you were to look at the other nine priorities in the NASCIO Top 10, you will find AI embedded in many of them, including cyber security, digital services, workforce, legacy modernization, cloud services, and even accessibility. NASCIO cited specific AI use cases, such as public service delivery and digital assistants, and separately called out policies to guide its responsible use.
Generative AI, as compared to traditional AI, is still early in its maturation process. Leaders rightly have concerns around the ethical uses, intellectual property ownership, and privacy relating to generative AI. So, putting protective guardrails and usage policies around generative AI are going to be top of mind for every state CIO and CISO in 2025.
Meanwhile, many leaders are exploring how AI will be integrated into cyber security. Traditional AI / machine learning (ML) has been embedded into cyber security products for years, leveraged in anomaly detection systems and behavioral analytic tools. We believe the synergy between cyber security and AI will continue to grow, and the use of natural language processing (NLP) and large language models (LLMs) will make cyber tools stronger and easier to use.
Use of modern AI tools will also help level the playing field with adversaries who are armed with powerful, AI-enabled tools themselves. Attackers are using AI to make phishing attacks more realistic, increase the velocity of malware creation and distribution, and make countless other tactics more effective. CIOs and CISOs will need to address AI-powered threats with AI-powered defense mechanisms.
Surprise: Accessibility makes the list
Recently, the Justice Department updated the Title II Americans with Disabilities Act rule, which now includes specific requirements for state and local governments to make web and mobile apps accessible to people with disabilities. We believe that is why, for the first time, accessibility is in the top 10 of CIO priorities, and we appreciate the renewed focus: The government serves everyone, including people with disabilities, and so accessibility must be an integral part of every digital government initiative.
A great way to improve accessibility is to leverage the US Digital Service checklist of critical requirements. Accessibility is right there on top.
State CIOs are getting it right
We applaud the accomplishments that our state agencies' IT teams make each year, along with the state CIOs who drive the right priorities with a consistently challenging budget. We also acknowledge that the NASCIO Top 10 is just a consolidated list of the 50 state CIOs' priorities for 2025. It doesn’t necessarily capture the real complexities or the incredible work going on behind the scenes to address these priorities. We also applaud the IT teams who work to integrate diverse solutions and educate themselves and others on new technologies and processes while driving the change management required for success.
We are in an exciting innovative time in IT. That often means short-term stress. But the impact of technology initiatives is bigger than ever for both government agencies and constituents.
Moving forward with Zero Trust, AI, and accessibility
Government agencies should make Zero Trust happen. Zero Trust is a modern cyber security architecture that will prepare governments for our hyperconnected, data-led, AI-assisted world. Zero Trust should be more than just a new security framework. Adopting and maturing a Zero Trust architecture and the aligned processes will help secure agency and citizen data, which will bolster trust in government.
AI is a transformative discipline and will impact many other disciplines and processes. CIOs should continue to educate themselves and their teams on AI. They should seek to increase security with AI, and at the same time, ensure they secure their agencies’ and constituents’ data from the risks of AI. Finally, they should prepare their workforce for this transformation. Both IT professionals and non-IT employees should be trained and aware of the basics of AI. Education will help optimize the use of AI and protect against its abuse.
The fact that accessibility is in the top 10 of CIO priorities is an important change. Agencies shouldn’t look at accessibility as a checkbox for compliance. They should embrace the mission to support all their constituents and make accessibility an integrated part of the digital services priority.
Cloudflare can help state and local agencies move forward with initiatives that address these and other top CIO priorities. For example, Cloudflare enables agencies to accelerate Zero Trust adoption with Cloudflare’s comprehensive Zero Trust capabilities and deep expertise. Agencies can also take the first key steps toward AI transformation with Cloudflare’s AI solutions.
And building on a core principle that the Internet should be accessible to everyone, Cloudflare accessibility efforts align with the CIO priority of enhancing accessibility. The Cloudflare Developer Platform can help streamline development work so agency developers can spend more time ensuring accessibility of apps and services. At the same time, Cloudflare has worked to build accessibility features into core products, such as Cloudflare Browser Isolation and the Cloudflare dashboard.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
This article was originally produced for Government Technology.
Dive Deeper into this topic.
Learn more about how Zero Trust can reduce risk for government agencies and other organizations in the A roadmap to Zero Trust architecture guide.
Author
Dan Kent — @danielkent1
Field CTO — Public Sector, Cloudflare
Key takeaways
After reading this article you will be able to understand:
Why accessibility has become a top priority
How AI is affecting the cyber security landscape
Why a Zero Trust strategy is the right approach for strengthening cyber security for government agencies