Agenda

Return

C.147

To:	Board of Supervisors
From:	Marc Shorr, Chief Information Officer
Date:	June 22, 2021

Contra

Costa

County

Subject:

APPROVE and AUTHORIZE the Chief Information Officer to execute Work Orders with Microsoft Corporation in an amount not to exceed $1,422,200.

APPROVE	OTHER
RECOMMENDATION OF CNTY ADMINISTRATOR	RECOMMENDATION OF BOARD COMMITTEE

Action of Board On: 06/22/2021

APPROVED AS RECOMMENDED

OTHER

Clerks Notes:

VOTE OF SUPERVISORS

AYE:

John Gioia, District I Supervisor
Candace Andersen, District II Supervisor
Diane Burgis, District III Supervisor
Karen Mitchoff, District IV Supervisor
Federal D. Glover, District V Supervisor

Contact:	Marc Shorr, 925-608-4071
cc:	Nancy Zandonella

I hereby certify that this is a true and correct copy of an action taken and entered on the minutes of the Board of Supervisors on the date shown.
ATTESTED: June 22, 2021
Monica Nino, County Administrator

BY:	, Deputy

RECOMMENDATION(S):

APPROVE and AUTHORIZE the Chief Information Officer, Department of Information Technology, or designee, to execute a Work Order with Microsoft Corporation in an amount not to exceed $1,422,200 to provide active directory security modernization services to remediate cybersecurity risks for the period of June 1, 2021 through December 31, 2022.

FISCAL IMPACT:

These services are funded by Venture Capital funds (100% General Fund).

BACKGROUND:

The Department of Information Technology recently engaged Microsoft to review our active directory environment to assess any Cybersecurity risks and to develop recommendations to enhance our security and to increase the effectiveness of deploying enterprise solutions across the County. Microsoft’s recommendations resulted in a multi-stage strategy with the initial focus on security within our directory and cloud services.

BACKGROUND: (CONT'D)

Their services include:

Utilizing Microsoft’s Cybersecurity Service to assess the current environment and remediate significant risks. Implementing Privileged Access Workstations and Privileged Access Management to improve Identity and Access services (Creating a Tier 0 environment) Modernize DoITs Identify Environment.Create a Mailbox Replication Service and Migrate Public Works Exchange to DoIT’s O365 environment >Improve security on the Library Kiosks, build out a new Active Directory and create Privileged access for the Library environment.

DoIT will focus on Microsoft’s recommended actions during the next 18 months in alignment with our strategic plan of advancing the County’s security posture and increasing our ability to deploy enterprise-wide solutions. The Work Order is being entered into pursuant to the Microsoft Master Services Agreement - State and Local, dated December 12, 2017, between the County and Microsoft.

CONSEQUENCE OF NEGATIVE ACTION:

If this agreement is not approved, the infrastructure of DoIT and our supported departments would be at greater risk of a cyber-attack and services would take longer to restore causing significant service impacts to our internal and external customers.