The Federal government is now on track to close 1,080 data centers by 2015 among 3,133 in operation as part of a broader administration effort to reduce duplicative spending and to do more with less.
Federal CIO Steven VanRoekel, however, has signaled a new emphasis on doing “more” — by investing in technology creatively–rather than focusing primarily “on the less” that is typically associated with cuts, including data center closures.
But senior agency IT executives are already looking beyond the horizon of those reductions and trying to develop strategies to tackle many of the issues that are likely to emerge beyond data center consolidation, including security, monitoring, automation, mobility and hosting more applications in the cloud.
One of those issues will be how best to move to smaller, leaner and meaner infrastructures with a reduced digital footprint that will be essential if security professionals are going to have any chance of protecting data centers from intruders.
That is the message Dr. Ron Ross, senior computer scientist and information security researcher at the National Institute of Standards and Technology, delivered at a forum last month in Washington entitled “Beyond Data Center Consolidation.”
Ross wears two hats. Since 2003, he has led the FISMA (Federal Information Security Management Act) implementation project, building standards and guidelines for all the federal government. He also is the leader of a joint task force, with members from the Department of Defense, the Office of the Director of National Intelligence and NIST, whose mission is to build a unified information security framework for the entire federal government.
So, when it comes to system, data center and cloud security, when Ross talks, people listen.
We are asking all of our CISOs and our CIOs to defend systems that are indefensible.”
He said bluntly that the Federal Data Center Consolidation Initiative (FDCCI) is “more than just an opportunity for security, it’s a necessity. The threat today is getting more sophisticated, and we’ve got a real problem with this thirst for technology.”
He explained how by buying more and more IT and connecting it through networks is resulting in “an exponential growth rate in the amount of malware out there that is really bearing down upon our systems.”
This is the first in a four-part series exploring what federal officials need to consider as agencies begin to look beyond current efforts to consolidate government data centers. The next article looks at Army efforts to rationalize its portfolio of 8,000 applications. The articles and videos in this series were provided by On the Frontlines.
Complexity Becoming The Enemy
But the biggest problem Ross warns is the complexity of technology and the fact that a lot of organizations don’t even know how much they have.
Only by consolidating down to a more manageable state with a smaller, leaner, meaner infrastructure that reduces the size of that digital footprint, only then can the IT security folks really do their job, he noted.
“We are asking all of our CISOs and our CIOs to defend systems that are indefensible,” Ross said.
“We know how to do this a lot better than we are doing it today, but it is going to depend on the data center consolidation and cloud computing to bring things down to a much smaller footprint so we can better defend it.”
He acknowledged that sensitive, high impact data is not going out to the public cloud, but that by using private clouds you can get reduce the digital footprint tighter to create a leaner, meaner infrastructure.
“That’s what private clouds can do and that’s why you are seeing a lot of agencies do that,” he added.
“When everyone has their own device it’s that much more difficult to protect. Implementing a private cloud allows us to re-engineer the infrastructure. Enterprise architecture comes in in a big way. And consolidation, standardization and optimization are all great things for cyber security folks because it helps us understand better how to protect the assets that we do have.”
Ross said the biggest challenge today is dealing with malware.
“There’s some great new technologies on the horizon that work on getting your system back to a known secure state very quickly,” he explained.
“If you could imagine if your laptop gets a virus and you have to reimage it; it takes a while to go through that process. Imagine a world where that could be happening in almost near real time, so it doesn’t make a difference what the adversary throws at you or what comes through the boundary, your systems are churning fast enough so that there is not enough time on target to do damage. That’s the kind of innovation that we are looking at to get us out of some of the situations we see today.”