Full Report
NASCIO has released its top ten policy and technology priorities for 2024! Learn about how Wiz can help you meet all of the new priorities on the list.
Analysis Summary
# Industry News: State IT Priorities Shift with Cybersecurity and Digital Services at the Forefront
## Summary
The annual NASCIO survey of State CIOs shows a historic tie for the top technology and policy priority between Cybersecurity and Digital Government/Digital Services, highlighting the inseparable nature of security and service delivery. Artificial Intelligence (AI) entered the top three for the first time, reflecting accelerated government interest in emerging technologies, while legacy modernization remains a crucial underlying concern.
## Key Details
- Date: Current (Referencing 2024 priorities)
- Companies Involved: National Association of State CIOs (NASCIO), Wiz (as a provider addressing these priorities)
- Category: Market Analysis/Industry Benchmarking
## The Story
The 2024 NASCIO list of top ten state IT priorities shows a significant alignment, with Cybersecurity and Digital Government/Digital Services sharing the number one spot for the first time in over a decade. This signals a recognition that seamless, accessible digital services cannot be delivered securely without robust foundational security, and vice versa. Key emerging concerns push AI into the #3 position, indicating serious exploration of automation and citizen-facing intelligent tools. Legacy modernization at #4 underscores ongoing infrastructure debt, while workforce challenges (#5) remain a persistent concern despite a slight drop in ranking. The rise of cloud services (#9) as a priority also implies ongoing complexity in securing distributed environments.
## Business Impact
### For the Companies Involved
- **NASCIO:** Validates its role as the definitive source for aggregating state government IT strategy, providing crucial intelligence to vendors, policymakers, and state leaders.
- **Wiz (and similar security vendors):** Gains direct market validation for solutions that address the intersection of cloud security, AI security (AI-SPM), and overall asset visibility/risk reduction, aligning directly with critical buyer pains in government.
### For Competitors
- Vendors lacking comprehensive cloud security visibility or specific AI security modules may struggle to compete for government contracts, as the priorities clearly favor integrated platforms that span security, cloud, and emerging tech risk management.
- Competitors focused narrowly on legacy point solutions may find their value proposition diminished as modernization (#4) remains a priority alongside cloud expansion (#9).
### For Customers
- State governments can expect increased focus and resources directed toward unifying security strategy with service delivery goals.
- Citizens should experience better, more resilient digital service offerings, provided CIOs successfully balance security efforts with modernization timelines.
- Increased adoption of AI tools necessitates careful policy creation regarding citizen interaction and data privacy.
### For the Market
- The market for integrated risk management, particularly in the public sector cloud space, is set for increased investment.
- The linking of cybersecurity and digital services suggests procurement cycles may favor vendors who can demonstrate efficacy across both operational uptime and security posture simultaneously.
## Technical Implications
The emphasis on Visibility and Discovery—sitting at the intersection of security and services—highlights the technical necessity of comprehensive asset inventory, especially in distributed environments like the cloud. The inclusion of AI in the top three drives demand for specialized security tools like AI-Specific Posture Management (AI-SPM) and AI-Bill of Materials (AI-BOM) capabilities to manage risks like shadow AI and data exposures within training sets. The ongoing need for **Data Management** (#6) coupled with **Cloud Services** (#9) points to a fundamental challenge in governing sensitive citizen data across heterogeneous environments.
## Strategic Analysis
- Market Positioning: Vendors capable of framing their offering as essential for *both* digital transformation success **and** risk mitigation will hold a dominant position in the state sector.
- Competitive Advantage: Strategic advantage goes to platforms offering end-to-end stack visibility (including cloud and AI pipelines) that helps organizations retire legacy vulnerabilities while enabling new service delivery securely.
- Challenges: The primary challenge remains resource allocation—balancing finite IT budgets and skilled personnel across ten high-priority, complex domains (Security, AI, Cloud, Workforce, etc.).
## Industry Reactions
- Analyst opinions suggest this tie reflects a maturing understanding that security is an enabler of digital government, not merely a barrier.
- Expert commentary emphasizes that the infrastructure underpinning digital government (often cloud-based) must be hardened, making Cloud Security Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) non-negotiable.
- Market response will likely see vendors increasingly cross-marketing their security and digital service enablement capabilities within government outreach.
## Future Outlook
- We can expect increased emphasis on measurable outcomes relating to service availability that are directly tied to security posture improvements.
- Watch for further consolidation in the cybersecurity vendor space as large platforms attempt to cover the breadth of these top ten concerns (Cloud, AI, Data, IAM).
- Policy development surrounding AI usage in government workflows will quickly follow the technical adoption being explored in 2024.
## For Security Professionals
State security teams must prioritize investments that improve visibility across their cloud footprint and identify mission-critical assets related to digital services. Understanding and enforcing least-privilege policies (IAM) is critical, given its high ranking, and direct collaboration with digital service development teams (DevSecOps mentality) is now mission-critical to avoid bogging down citizen-facing initiatives. Familiarity with emerging AI risks is essential for preparing for future security policy updates.