Comment by nradov
3 days ago
Most local governments lack the scale and budget to competently maintain their own IT infrastructure. It's not just security but everything. They should outsource the infrastructure layer to a large contractor, or possibly to the state government.
Contracting IT services at that level overpays by a whole number multiple for worse results because the government doesn’t have the in-house expertise to tell when the contractor is doing something wrong. (This is one reason why many construction projects go over budget: someone saved by laying off the engineers, so they pay 2-3x more for contractor A to oversee contractor B, guaranteeing 3+ party disputes for every problem)
What does work better is outsourcing an entire function: if you pay Gmail for email services, you know exactly how much it will cost per user and have an SLA for problems which they can’t blame on you.