FROM: Joe Michael, Chief Information Officer
SUBJECT: Informational: Technology Evolution and Strategic Direction
RECOMMENDATION:
title
Review of SBCERA’s Technology Evolution and Strategic Direction.
body
BACKGROUND:
Over the past two decades, SBCERA’s technology environment has evolved from County-dependent infrastructure to an independent, modernized, and security-focused enterprise platform. This evolution reflects deliberate governance decisions aligned with SBCERA’s fiduciary responsibilities, mission, and adopted Strategic Pillars.
The acceleration of digital transformation during the COVID-19 period required rapid deployment of cloud services, remote access solutions, and formalized cybersecurity controls. That period successfully ensured uninterrupted pension operations and member service continuity.
Today, SBCERA is no longer in rapid transformation mode. The organization is in a deliberate maturation and optimization phase focused on:
• Strengthening security maturity
• Formalizing governance and documentation standards
• Simplifying architectural complexity
• Expanding data and analytics capabilities
• Planning for long-term platform sustainability
Technology is not a parallel initiative - it is the enabling infrastructure beneath our Strategic Pillars.
Over the next 18-24 months, SBCERA will develop security governance documentation aligned with recognized frameworks such as NIST, advance security controls under a Zero Trust framework, enhance analytics capabilities, and proactively evaluate long-term system sustainability - all while maintaining operational stability.
Evolution of SBCERA’s Technology Environment
2002-2010: Establishment of Operational Independence
In the early 2000s, SBCERA transitioned away from County-hosted systems toward independent operational control.
Key developments included:
• Procurement of SBCERA’s current facility and dedicated operational infrastructure
• Implementation of Pension Gold Version 2
• Creation of SBCERA’s first internal data center
• Assumption of responsibility for core infrastructure and networking services
This period established institutional control over the pension system and member data, reduced dependency risk, and laid the groundwork for long-term autonomy.
At that time, Information Services primarily functioned as a traditional infrastructure support department.
2011-2020: Modernization and Strategic Partnership
At the end of 2010, the Board approved the upgrade to Pension Gold Version 3 (our current version), transitioning SBCERA’s Pension Administration System (PAS) to a browser-based platform.
This modernization improved:
• Operational flexibility
• System accessibility
• Administrative consistency
• Scalability
During this period:
• IS evolved into a strategic partner
• Enterprise-grade infrastructure was strengthened
• Facilities management was formalized
• PAS administration expertise became institutionalized
This decade marked the transition from operational independence to operational optimization.
2020-2022: Acceleration, Resilience, and Cybersecurity Formalization
The COVID-19 pandemic required immediate redesign of SBCERA’s network architecture.
SBCERA rapidly:
• Implemented remote access capabilities
• Accelerated cloud adoption
• Transitioned away from remaining County-provided services
• Established an independent cybersecurity function
• Implemented identity-based security controls
These actions ensured uninterrupted pension administration and protected member data during a period of significant disruption.
The acceleration prioritized operational continuity and the deployment of layered security. Multiple defensive controls were implemented rapidly and effectively.
As is common in accelerated transformation environments, emphasis during this period was on protection and availability rather than formalized documentation standardization. SBCERA is now intentionally advancing governance maturity to ensure that deployed controls are supported by structured, repeatable procedural documentation aligned with established cybersecurity frameworks.
This marks the transition from rapid deployment to deliberate governance refinement.
Current Technology Posture
Today, SBCERA operates within a hybrid technology architecture that combines cloud services with retained on-premises capabilities for flexibility, resilience, and continuity.
Technology supports:
• Secure pension administration
• Enterprise applications and third-party integrations
• Secure member digital access channels and supporting systems
• Executive reporting and analytics
• Workforce enablement
• Technology risk governance, cybersecurity controls, and IT audit support
The environment is stable, secure, and strategically governed
Cybersecurity as Fiduciary Protection
Cybersecurity has matured into a formal enterprise discipline.
SBCERA has implemented Zero Trust Network Access (ZTNA), part of a broader Zero Trust security model. Zero Trust assumes no implicit trust within the network and requires continuous identity verification before granting access to systems or data.
Current security controls include:
• Multi-factor authentication across critical systems
• Identity-centric access management
• Layered endpoint protection
• Independent penetration testing and validation
• Disaster recovery and backup integration
These controls are operational and actively protecting SBCERA’s systems and member data.
Governance & Documentation Maturity
As SBCERA transitions from rapid transformation to structured optimization, focus is expanding beyond deployment of controls to formalization of governance documentation.
Efforts now underway and planned include:
• Standardized procedural documentation
• Alignment with recognized frameworks such as NIST
• Structured evidence collection and validation processes
• Repeatable control execution standards
This progression reflects advancement from operational security capability to documented governance maturity. Controls are being put in place; documentation and standardization are being formalized to support consistency, audit readiness, and long-term sustainability.
Architectural Maturity
The rapid cloud adoption period introduced increased system complexity.
SBCERA is now intentionally addressing:
• Tool consolidation
• Vendor rationalization
• Identity standardization
• Infrastructure lifecycle planning
• Cloud governance and licensing optimization
This represents a natural maturation phase following accelerated deployment.
The organization is simplifying from a position of strength.
Alignment with SBCERA’s Strategic Pillars
Technology directly reinforces SBCERA’s co-equal Strategic Pillars.
• Operational Excellence & Efficiency: Enterprise systems modernization, identity governance, and content management infrastructure support process consistency and collaboration.
• Superior Service Experience: Performance dashboards, workflow modernization, and AI-assisted knowledge tools enhance service accuracy and measurable accountability.
• Quality Employer & Workplace: Secure workforce enablement, collaboration platforms, and structured technology training support professional excellence.
• Prudent Fiscal Management: Cybersecurity hardening, lifecycle infrastructure management, governance documentation maturity, and disaster recovery enhancements protect institutional assets.
• Effective Communications: Analytics capabilities, digital outreach tools, and secure reporting infrastructure strengthen clarity and engagement with members and stakeholders.
Technology serves as enabling infrastructure beneath each pillar.
18-24 Month Strategic Direction (FY 2027-FY 2028)
SBCERA’s next phase focuses on deliberate optimization and governance refinement through four structured themes.
1. Security Maturation & Governance Advancement
Aligned with: Prudent Fiscal Management & Operational Excellence
Over the next 18-24 months, SBCERA will:
• Continue advancing Zero Trust capabilities
• Implement enterprise privileged access management (PAM)
• Migration and consolidation of multi-factor authentication platforms
• Formalize enterprise data classification
• Strengthen encryption governance
• Enhance disaster recovery integration
• Standardize cybersecurity procedural documentation aligned with NIST principles
• Improve evidence collection and repeatable validation processes
This ensures that operational security capability is a stable, layered security posture that protects member data, financial assets, and institutional continuity, matched by documented governance maturity and audit readiness.
2. Architecture Simplification & Governance
Aligned with: Operational Excellence & Efficiency
SBCERA will continue reducing complexity through:
• Tool consolidation and vendor rationalization
• Cloud governance optimization and licensing optimization
• Infrastructure lifecycle refresh of critical hybrid infrastructure components
• Identity standardization
• Structured reduction of system overlap
These actions improve transparency, manageability, and long-term cost efficiency.
3. Data, Analytics & Service Enablement
Aligned with: Superior Service Experience & Effective Communications
The organization will expand enterprise data capabilities through:
• Executive performance dashboards
• Enterprise analytics platform buildout
• Expanded operational metrics
• Structured AI-assisted knowledge tools under formal governance controls
Innovation will be incremental and policy-driven, improving accountability, enabling faster decision-making, delivering measurable service performance, and enhancing member communication capabilities.
4. Future Platform Sustainability
Aligned with: All Strategic Pillars
To ensure long-term stability and adaptability SBCERA will:
• Conduct a structured evaluation of the long-term PAS roadmap
• Implement formal AI governance frameworks
• Enhance secure mobile device management and Board technology enablement
• Improve physical infrastructure resilience and emergency preparedness
• Advance disaster recovery and business continuity planning
Proactive planning that balances innovation with governance and ensures SBCERA remains adaptable, secure, and strategically aligned
*The PAS evaluation reflects future planning and does not signal immediate re-platforming.
Strategic Position
SBCERA’s technology environment is resilient, secure, governed, and strategically aligned. The organization has successfully navigated independence, modernization, and accelerated transformation. The current phase is designed to strengthen governance documentation, simplify architecture, and position SBCERA for durable long-term sustainability. Technology remains a foundational component of fiduciary stewardship, member trust, and strategic planning for the future.
BUDGET IMPACT:
None.
STRATEGIC PLANNING GOAL/OBJECTIVE:
Operational Excellence & Efficiency
STAFF CONTACT:
Joe Michael
ATTACHMENTS:
Exhibit A: IS Presentation