The Federal Data Center Consolidation Initiative (FDCCI) is driving change and savings – $3.2 billion by the end of this year according to some estimates. But surveys of federal IT professionals show that 72 percent of agencies have the same or more data centers today than before the initiative.
Last week’s Data Center Brainstorm brought together leading federal IT authorities and industry experts for a free-flowing discussion on data center migration, the influence and potential of cloud, and concerns about cyber security.
Five key takeaways:
1. Data Centers Aren’t Dead…Yet
Panelists agreed that closing data centers in favor of cloud computing will both expedite operations and save taxpayers money. But exactly how to consolidate data centers remains elusive.
“Many aren’t doing it right. Some organizations are just moving all their data centers, or islands, into the same zip code instead of really transforming them,” said James Quinn, lead system engineer, National Protection and Programs Directorate, Federal Network Resilience, at the Department of Homeland Security. “A big problem is removing prescriptive policies from Congress that force us to use physical environments.”
Data centers don’t have an expiration date. Agencies hesitate to uproot existing infrastructure in favor of new technology. It will take time for lagging agencies to comprehend the benefits of cloud solutions and virtualization that trendsetters are already reaping.
2. Security Remains Paramount Concern
Agencies and vendors alike should focus on security first and operational efficiency second, panelists said. While the cloud’s security has vastly improved, feds still rank security atop their concerns.
Kimberly Hancher, CIO at the Equal Employment Opportunity Commission, says agencies must weigh the benefits of cloud against the inherent security risks.
“Data center consolidation enables three things: flexibility, scalability and agility. The tradeoff is vulnerability,” said Hancher.
The Defense Department is driving the high end of the security debate. The DoD wants higher levels of security for mission critical and classified data than the basic safeguards embodied in FedRAMP certification for commercial cloud service providers.
“It’s not that we don’t trust commercial CSPs, it’s that we want an extra layer of defense in case there is a compromise,” said Jack Wilmer, infrastructure development executive, Defense Information Systems Agency (DISA). “We want the security of application and network. We want to do everything we can to drive down costs while keeping up our security.”
3. Driving Change Is Your Job
While resisting change is natural, leaders said it is their job to drag staff into the future.
“It’s time to declare war on the server-huggers,” said Tim McCrosson, chief of agency oversight and implementation at the Office of Management and Budget.
Ann Dunkin, CIO, Environmental Protection Agency, said that awakening her IT staff to cloud capabilities will provide them skills for the future.
“We have an obligation to force our workforce to grow instead of atrophy,” Dunkin said. “It’s not that people don’t want to move, it’s that they don’t know how, so they default back to where they were.”
Frank Konieczny, CTO, Air Force, said that getting regulators, agencies and providers of new technology on the same page is never easy.
“Organizations are wedded to their configuration,” said Konieczny. “They love the ‘Yeah…but’ phrase.”
Leaders need to drive change by setting goals and not accepting lethargy or delay.
4. How to Convert the Wary
Proving return-on-investment early on is critical.
“Nothing breeds acceptance like success,” said David Shive, Acting CIO, General Services Administration (GSA).
GSA started small, and then gradually became more ambitious, but every move aligned with specific mission-specific objectives.
The agency initially moved simpler solutions to the cloud, such as workflow management with internal facing information. Once their workforce became comfortable with the virtual environment, the organization migrated more complex services, such as their help desk, e-mail and public-facing data. Now the GSA wants to add enterprise solutions that spread information throughout the agency.
Shive believes agencies should begin their cloud implementation with applications likely to succeed. Then the workforce will grow more comfortable and accept new layers of services.
“We got our user population familiar with the tool and made them feel that there is no difference between operating on the cloud or on internal GSA servers,” said Shive. “Once they felt comfortable with the use of the tool and the security they knew that where it was hosted didn’t matter.”
5. FedRAMP – “A Necessary Burden”
Industry and federal agencies continue to dispute the value of FedRAMP certification and the best avenue to achieve it. But CSPs need to offer certified services when feds consider who to partner with and what to layer onto their infrastructure.
When asked what the greatest tool was for data center consolidation, Shive said a CSP’s greatest asset is FedRAMP certification.
“The more services that are FedRAMP certified, the easier it makes our jobs and our transition to the cloud,” said Shive. “It’s a maturing process to become certified and we’re learning along with the entire community. We hear that industry understands the process and it can be difficult and time consuming. But anything worth doing typically takes a fair amount of effort. Our goal is to lessen that burden on the bureaucracy side. It’s a burden, but a burden worth doing.”
Join the conversation. Post a comment below or email me at firstname.lastname@example.org.