| | | | | | | | 
AGENDA REPORT
|
| | | | | | | | DATE:
| January 19, 2021
| TO:
| Mayor and City Council
| FROM:
| Stefan T. Chatwin, City Manager
| | SUBJECT: | Resolution 2021-03 of the City Council of the City of Fairfield Authorizing an Upgrade to the Existing City Microsoft Enterprise Agreement with SoftwareOne to Azure Active Directory Premium 2 Licensing and Updating the Fiscal Year 2020-2021 Budget |
|
| | | | | | | | | RECOMMENDED ACTION | | Adopt resolution. |
|
| | | | | | | | | STATEMENT OF ISSUE | | In light of recent numerous incidents of ransomware and other security incidents targeting government entities, the City of Fairfield ("City") has a need to improve its security posture relative to accessing City computers and business systems. After a thorough analysis of the options, the Information Technology (IT) division believes the Microsoft Azure Active Directory Premium 2 product provides the best value and functionality to meet the City’s security needs. The proposed resolution authorizes an upgrade of the City's Microsoft Enterprise Agreement with SoftwareOne from the Azure Active Directory Premium 1 licensing to Azure Active Directory Premium 2 with additional appropriation of funds in the amount of $157,191.50 to the Computer System Fund to support the upgrade. |
|
| | | | | | | | | DISCUSSION | The IT Division holds responsibility for securing the City’s business systems and information, including sensitive personal information, financial information relating to both the City and constituents, employee protected health information and law enforcement information, among other sensitive and legislatively protected information sets. Consequently, as the threat to local government entities continues to increase, the IT Division identifies ways to reduce the risk of compromise and potential data breaches.
Implementing multi-factor authentication represents the single most effective option not already implemented by the IT Division. In simplest form, multi-factor authentication augments an access-ID and password combination with additional step(s) to validate that the individual requesting to access City computers and business systems is indeed authorized. The most common additional step is sending a one-time access code to an individual’s pre-authorized cell phone. This precludes a malicious actor’s ability to guess or “hack” the ID and password to gain access, since access requires three pieces of information-the ID, password, and one-time access code. Without all three, no access is granted.
After extensive research and pilot implementations of other protection systems, the IT division believes that the Microsoft Azure Active director Premium 2 product and associated license provides the best value to the City in meeting the need to evolve beyond readily compromise-able ID and password pairings.
The attached proposed resolution authorizes the city manager to enter into an agreement with Microsoft via authorized retailer SoftwareOne to upgrade the City's existing Microsoft Enterprise agreement from Azure Active Directory Premium 1 licensing to Azure Active Directory Premium 2 licensing. The resolution also authorizes the appropriation of $107,191.50 to cover the additional licensing cost for the remainder of the Microsoft Enterprise agreement, plus a not-to-exceed amount of $50,000 that may be required over the term of the agreement for additional employee hires that increase the licensing count yearly true-up. The upgrade provides additional security features needed to protect the City from malicious infiltration attempts and ransom attempts. Azure Active Directory Premium 2 provides licensing that is not covered under the existing Premium 1 licensing, including multifactor authentication for City endpoints, assessing vulnerabilities and suspicious accounts, risk event notification and investigation, risk-based conditional access policies, privileged identity access management and Microsoft alerting when accounts may have been compromised.
|
|
| | | | | | | | | FINANCIAL IMPACT | | The Microsoft agreement was originally budgeted in the Computer System Fund (Fund 522, Division and Responsibility Code 99202) for $1,142,389.92 covering a 3-year period which is set to expire October 31, 2022. In order to harden the City's technical defenses, the Information Technology division is asking for additional funds for the purchase of the City's licensing upgrade to Azure Active Directory Premium 2, increasing the current Microsoft Enterprise Agreement and PO total to $1,299,581.42, which is an increase of up to $157,191.50 over the remaining term of the agreement. For fiscal year 20-21, a budget adjustment in the amount of $78,595.75 is required to fully fund the upgrade over the remaining fiscal year. The remaining increase in the amount of $78,595.75 will be included in the fiscal year 21-22 budget. |
|
| | | | | | | | | PUBLIC CONTACT/ADVISORY BODY RECOMMENDATION | N/A
|
|
| | | | | | | | | ALTERNATIVE ACTION | | Council could choose not to approve the resolution, resulting in the City not having adequate protections for City data, applications, systems and network accounts which would leave the City more vulnerable to attacks. |
|
| | | | | | | | | STAFF CONTACT | Eudora Fleischman, IT Infrastructure Manager
(707) 428-7527
esindicic@fairfield.ca.gov
|
|
| | | | | | | | | COORDINATED WITH | Finance Department
|
|
| REVIEWERS: | | Reviewer | Action | Date | | Answerer | Approved | 12/21/2020 - 8:15 PM | | Pirouzmand, Farbod | Approved | 1/7/2021 - 9:32 PM | | Alexander, Amber | Approved | 1/8/2021 - 3:07 PM | | Alexander, Amber | Approved | 1/8/2021 - 3:07 PM |
|
|