Loading your audio article
Chinese government hackers breached U.S. government systems last summer, stealing over 60,000 emails from top State Department officials. Unfortunately, I wasn’t surprised.
As Florida’s Chief Information Officer, I was responsible for protecting the digital systems of numerous state agencies. What I learned was deeply concerning: government agencies, large and small, are overly dependent on a few big tech companies to store and manage sensitive data. This overreliance creates a single point of failure — when these providers have security gaps, hackers can exploit them to access massive amounts of government information in one attack.
Unlike private businesses where a CEO can swiftly implement new technology, the public sector operates in a decentralized, federated environment. Even a governor cannot enforce uniform IT changes across all agencies due to independent cabinet agencies, legislative bodies, and the judiciary. This makes it significantly harder to modernize and secure government technology.
Adding to this challenge is the government’s reliance on outdated legacy systems that still perform essential functions. While modernization efforts emphasize cloud adoption, states remain entangled with decades-old technology. Without addressing these core issues, discussions about sovereignty and security remain incomplete.
Think about the personal information you share with the government — drivers license records, tax filings, health-care data, unemployment claims and business permits. Now consider this: 85% of government data processing is handled by a single cloud provider. These systems are so complex that even the agencies relying on them don’t fully understand how or where their data is stored.
If you ask most local officials where their data resides, you’re likely to get a blank stare or a vague response like “we’re working on that.” That’s a serious problem. The issue of data sovereignty — ensuring sensitive government information remains securely under U.S. control — has become increasingly urgent.
Some are already raising alarms. When Scotland Yard asked Microsoft if it could guarantee its sensitive police data would stay within the U.K., the answer was essentially “we can’t promise that.” If one of the world’s top law enforcement agencies can’t get a clear answer, can American government agencies confidently say their data isn’t stored in potentially hostile countries?
Beyond sovereignty, data attribution is another critical issue. While states should have sovereign control over their data, the real challenge is whether agencies can track and attribute exactly where that data resides at any given moment.
Without clear attribution, agencies may believe their data is secure on American soil when, in reality, it could be shifting across multiple jurisdictions without their knowledge. Governments must demand better transparency and accountability from their cloud providers.
The dominance of a few major cloud providers doesn’t just threaten security — it also leads to unpredictable and unfair pricing. Many assume that state agencies, as large buyers, get favorable deals. The truth is, pricing varies wildly — even within the same state. For instance, some Florida state agencies have paid up to 70% more for the same software than others simply because there’s no transparent pricing system.
This problem extends beyond just state governments. DOGE is reportedly pressing federal agencies to cut IT costs by up to 70% and reviewing individual purchases to eliminate unnecessary overpayments. The fact that these cuts are possible at all highlights how little transparency exists in technology procurement.
Imagine negotiating against a billion-dollar tech company without access to real pricing data. Government officials are being forced to make major IT decisions without the same basic market information that private companies use to get fair prices. That’s an impossible task.
To fix these issues, Congress and the Trump Administration must enact policies that require price transparency, competition, and consistency; use understandable metrics; and reform the procurement process.
Thankfully, Florida’s representation in Washington recognizes the need to address technology risks and foreign interference. Sen. Rick Scott has made countering Chinese aggression a key focus — he and other policymakers should recognize that securing America’s digital infrastructure is just as critical.
President Trump has made government accountability and efficiency a major priority in his administration and his team is already taking steps to address these issues.
With decisive leadership, we can prevent the next major breach before it exposes the true cost of digital consolidation. American taxpayers and their personal data are on the line.
Jamie Grant is the founder and CEO of RedLeif. He previously served as a Republican member of the Florida House of Representatives from 2010-2014 and 2015-2020 and was then the state’s Chief Information Officer from 2020-2023.
