Data center consolidation efforts present opportunities, but also risks
Data center consolidation is not a new topic for federal IT leaders. For five years now, the Federal Data Center Consolidation Initiative has required agencies to make strides in this area, reducing the number of data centers they depend upon and saving significant amounts of money in the process.
Yet cost savings is only one of the many potential benefits that data center consolidation efforts can deliver for the federal government. As the Federal Communications Commission is currently demonstrating, these projects present the opportunity for agencies to modernize their IT in a variety of areas. At the same time, though, it must be noted that data center consolidation can also pose a cybersecurity risk if not handled carefully, as a recent data breach highlighted.
"Consolidation was the ideal chance to undergo a broader business transformation."
The FCC began its data center consolidation effort by asking the Department of Homeland Security to conduct a security and vulnerability assessment, according to Fierce Government IT. This audit revealed that the FCC's IT operations were seriously at risk, due largely to widespread reliance on outdated and unsupported software and hardware. This led the agency to realize that IT consolidation was the ideal chance to undergo a broader business transformation, while specifically revamping its cybersecurity, improving efficiency and driving down operating costs.
This was a long-ranging effort according to Mary Ellen Seale, deputy director of DHS's National Cybersecurity Center who previously worked on the FCC modernization project.
"Modernization is possible, but you've got to stick with it. It's a three-year effort, or three- to four-year effort and you've got to have the leadership commitment and you've got to have the visibility on what you're doing," Seale told Fierce Government IT.
The source reported that prior to its efforts to consolidate its data centers, the FCC had no real reason to take a close look at its IT systems, Seale explained. This was a necessity for achieving consolidation, though.
"We are leveraging the opportunity of consolidation," Seale said, the source reported.
Notably, the FCC used this occasion to migrate a significant number of its systems to an off-site managed data center. Additionally, the FCC will likely push for greater cloud integration in the near future.
"Consolidation can potentially increase a department's vulnerability to cyberattacks."
For the FCC, data center consolidation led to the agency taking steps that likely improved its cybersecurity capabilities to a significant degree. However, in other cases this type of consolidation can actually increase a department's vulnerability to cyberattacks.
This potential was brought to the forefront as the result of the recent hack of the Office of Personnel Management's computer systems. This attack, which a number of observers theorized might be the biggest ever to strike the U.S. government, affected more than 4 million current and former employees from a wide range of government departments. Many industry experts believe that this attack was the work of hackers employed by the Chinese government, and that their goal was to gather information about U.S. government employees in order to develop a database of potential individuals to target.
As Ars Technica reported, though, the hackers in this cyberattack also affected a data center operated by the Department of the Interior which was used by the OPM as well as a number of other government agencies. The news source emphasized that these other departments were affected and endangered by this particular breach solely because of data center consolidation efforts. Had the agencies maintained separate, unconsolidated data centers, the extent of the damage from this hack would have been less widespread.
Of course, this is not to say that data center consolidation efforts have increased the risk of cyberattacks, or are even a net-negative in the realm of cybersecurity – a notion that the FCC example fully contradicts. At the same time, though, it's clear to see that federal agencies need to pay close attention to cybersecurity when pursuing additional data center consolidation endeavors.
That is why agencies should work closely with third-party consulting firms that have the experience and expertise needed to effectively guide data center consolidation efforts without increasing risk or creating any other complications. Done properly, data center consolidations can prove to be a tremendous boon to an agency's IT capabilities and budget. Done incorrectly, though, these initiatives can become exceedingly problematic.