Article
State government IT security audits: Benefits, challenges and considerations of consolidated IT security organizations
Nov. 14, 2025 · Authored by Christopher Kalafatis, Randy Sherrod, Peter Tsengas
In today’s digital landscape, public sector organizations face increasing pressure to secure their information systems, protect sensitive data and ensure continuity of services. As cyber threats grow in complexity and frequency, many states have turned to consolidated information technology (IT) security models to streamline operations and enhance cybersecurity. One such example is the Virginia Information Technologies Agency (VITA), a centralized IT organization that provides infrastructure, cybersecurity, governance and procurement services to Virginia’s executive branch agencies.
Whether your organization works with state-mandated agencies like VITA or is considering implementing an IT security audit framework for the first time, this article explores the benefits and challenges of consolidated IT security organizations, the importance of aligning with recognized frameworks, and key questions and steps agencies should consider when evaluating their cybersecurity strategy.
The case for consolidation: VITA as a model
VITA exemplifies a consolidated IT security organization. It operates as a broker in a multisupplier model, supporting 65 executive branch agencies across Virginia. By centralizing IT infrastructure and cybersecurity services, VITA delivers cost savings, consistent standards and improved service delivery. Its role spans governance, procurement and infrastructure, helping agencies achieve their missions while maintaining robust cybersecurity.
This model offers several advantages:
1. Reduced costs and increased efficiency
Consolidation minimizes redundant hardware, software licenses and support contracts. Agencies benefit from economies of scale and simplified vendor management, reducing administrative overhead and operational costs.
2. Enhanced security and compliance
Centralized organizations like VITA can enforce consistent security protocols, access controls and data protection policies. This uniformity helps agencies meet regulatory requirements and simplifies audits and certifications.
3. Standardized technology
A cohesive technology stack improves system compatibility, simplifies integration and streamlines training. Employees across agencies use standardized applications, reducing confusion and improving productivity.
