STATE OF NEW YORK
________________________________________________________________________
6227
2019-2020 Regular Sessions
IN SENATE
May 24, 2019
___________
Introduced by Sen. SAVINO -- read twice and ordered printed, and when
printed to be committed to the Committee on Internet and Technology
AN ACT to amend the state technology law, in relation to cloud service
utilization and readiness of state agencies
The People of the State of New York, represented in Senate and Assem-
bly, do enact as follows:
1 Section 1. Legislative intent. The legislature finds that New York
2 must ensure that it continuously evaluates how information technology
3 services are delivered to those who live and work in our state and that
4 the services provided by the state must keep pace with the technical
5 solutions and offerings in the marketplace. A key part of achieving this
6 goal is to ensure that the state of New York aggressively incorporates
7 the use of cloud technologies into state information technology service
8 delivery models.
9 The legislature further finds that, as with any technology, cloud
10 services must be implemented in a manner that continues to ensure the
11 availability, security, and privacy of state and citizen data. This
12 requires ongoing oversight and management, as well as reworked internal
13 governance processes to ensure flexibility for state employees to deploy
14 on-demand best-in-class solutions.
15 The legislature further finds that leveraging cloud services models
16 will allow the state to: speed up delivery of business solutions
17 through faster paths to production; provide flexible solutions capable
18 of quickly adapting to new and changing business solutions; reduce oper-
19 ations and maintenance costs for basic needs such as power and real
20 estate; provide transparency so that customers are more aware of what
21 they receive for their money; provide service elasticity to support
22 increased citizen needs at peak times; and provide a structure that
23 allows for a more resilient environment in the case of a disaster or
24 service outage.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[ ] is old law to be omitted.
LBD11999-01-9
S. 6227 2
1 § 2. Section 101 of the state technology law is amended by adding a
2 new subdivision 6 to read as follows:
3 6. "Cloud computing" means a model for enabling ubiquitous, conven-
4 ient, on-demand network access to a shared pool of configurable comput-
5 ing resources (e.g., networks, servers, storage, applications and
6 services) that can be rapidly provisioned and released with minimal
7 management effort or service provider interaction and which has the
8 following characteristics: on-demand self-service, broad network access,
9 resource pooling, rapid elasticity or expansion, and measured service.
10 § 3. The state technology law is amended by adding a new section 103-b
11 to read as follows:
12 § 103-b. Cloud computing. 1. All state agencies shall utilize third-
13 party, commercial cloud computing solutions for any new information
14 technology or telecommunications investments on or before June thirti-
15 eth, two thousand twenty, except as otherwise provided in subdivision
16 two of this section. Prior to selecting and implementing a cloud comput-
17 ing solution, a state agency shall evaluate:
18 (a) the ability of the cloud computing solution to meet relevant secu-
19 rity and compliance requirements, leveraging defined federal authori-
20 zation or accreditation programs to the fullest extent possible; and
21 (b) the portability of data should the state agency choose to discon-
22 tinue use of such cloud service.
23 2. (a) The secretary to the governor, or his or her designee, may
24 grant a waiver from the requirements of subdivision one of this section
25 to an agency if there is a service requirement of such agency that
26 prohibits the adoption of a cloud computing solution.
27 (b) An application for a waiver submitted by an agency shall include a
28 written justification for not utilizing a cloud computing solution
29 citing specific services or performance requirements of such agency.
30 (c) The secretary to the governor shall submit an annual report on all
31 waiver applications received, including whether an application was
32 granted, to appropriate committees of the legislature, as determined by
33 such secretary, by December thirtieth.
34 3. State agencies are prohibited from installing and operating new
35 servers, storage, networking, and related hardware in agency-operated
36 facilities unless a waiver is granted by the secretary to the governor
37 or his or her designee, or otherwise permitted by law.
38 4. Subject to the availability of amounts appropriated for this
39 specific purpose, the director shall conduct a statewide cloud computing
40 readiness assessment to prepare for the migration of core services to
41 cloud services, including ways it can leverage cloud computing to reduce
42 costs. Such assessment shall:
43 (a) inventory state agency assets, associated service contracts, and
44 other relevant information;
45 (b) identify impacts to state agency staffing resulting from the
46 migration to cloud computing including:
47 (i) skill gaps between current on-premises computing practices and how
48 cloud services are procured, secured, administered, maintained and
49 developed; and
50 (ii) necessary retraining and ongoing training and development to
51 ensure state agency staff acquire and maintain the skills necessary to
52 effectively maintain information security and understand changes to
53 enterprise architectures; and
54 (c) identify additional resources needed by the office to enable cloud
55 migration support to state agencies.
S. 6227 3
1 5. On or before June thirtieth, two thousand twenty, the director
2 shall submit a report to the governor, the temporary president of the
3 senate and the speaker of the assembly summarizing statewide cloud
4 migration readiness and making recommendations for migration goals.
5 6. Subject to the availability of amounts appropriated for this
6 purpose, the director shall oversee and provide technical specifications
7 to the office of general services, which shall select, through a compet-
8 itive bidding process, three cloud service providers capable of provid-
9 ing storage and computer services and to provide system migration
10 support. The competitive bidding process shall be re-opened and
11 contracts shall be renegotiated no less than every five years.
12 § 4. This act shall take effect January 1, 2020.