The biggest difference in the fourth version of the Office of Management and Budget’s data center consolidation and optimization memo isn’t the decision to remove the focus on non-tiered data centers, nor is it the revamping of the metrics that don’t specifically focus on optimization or savings.
Rather, the biggest difference of the draft policy released Nov. 26 may just be the pragmatism of the entire memo itself. Several former federal officials said OMB seems to have listened to agencies about what metrics and goals are actually achievable, measureable and, maybe most importantly, logical.
“The memo does reflect the reality that they didn’t anticipate with the first memo from several years ago. Now that agencies have a couple of years under their collective belts and the practical realities needed revision,” said Rick Holgate, a former chief information officer in the Justice Department’s Bureau of Alcohol, Tobacco, Firearms and Explosives and now a senior director and analyst at Gartner. “The theme of relaxing or revising what is a data center is an acknowledgement of the realities of federal missions. Labs or high performance computing centers or medical or research facilities all may have needs for local computing footprints. The revised definition helps normalize and rationalize what is a data center to be reasonable and realistic.”
Comments on the draft policy are due Dec. 26.
Insight by Okta: This exclusive e-book highlights how identity and access management will continue to evolve as agencies face more aggressive cyber threats while keeping data and systems accessible.
It wasn’t that previous OMB data center policies didn’t reflect the reality of the day too. The lessons learned over the last eight years demonstrate that savings and optimization are fine metrics, but a one-size-fits all approach across these two areas just doesn’t work.
“Earlier guidelines were geared toward getting quick wins—taking care of existing data centers that simply were not efficient and that could be dealt with quickly and easily, and with big returns on investment. In that context, clear-cut definitions and hard and fast metrics made sense,” said Bryan Thomas, vice president of public sector for World Wide Technology, in an email to Federal News Network. “As we’ve seen wins and successes, it becomes imperative we evolve the definitions and metrics. It’s less about what constitutes a tiered or non-tiered data center, and more about where agencies can continue to drive efficiencies. Yes, an agency can invest money in upgrading a small server room, but how much return will they see on their investment, compared to what they might get by investing that same money in upgrading the operational technology of a larger facility?”
Thomas said this becomes especially important as agencies collect and analyze more data to meet mission goals. He said the draft policy recognizes agencies need more flexibility to manage their data.
And more importantly, OMB recognized the continued evolution in the draft memo.
“After eight years of work in consolidating and closing federal data centers, OMB has seen diminishing returns from agencies resulting from their closures. Much of the ‘low-hanging’ fruit of easily consolidated infrastructure has been picked, and to realize further efficiencies will require continued investment to address the more complex areas where savings is achievable,” Suzette Kent, the federal CIO, writes in the draft policy. “While optimization will be the new priority, consolidation and closures should continue wherever applicable. OMB will focus on targeted improvements in key areas where agencies can make meaningful improvements and achieve further cost savings.”
OMB made that clear in freezing data centers, both new ones and existing ones, and reinforcing the requirement to follow the Cloud Smart strategy. OMB released the draft Cloud Smart strategy in September and now is reviewing comments.
“As previously required by the FDCCI, agencies shall continue to principally reduce application, system, and database inventories to essential enterprise levels by increasing the use of virtualization to enable pooling of storage, network and computer resources, and dynamic allocation on-demand,” Kent writes. “Agencies shall evaluate options for the consolidation and closure of existing data centers where practical, in alignment with the Cloud Smart strategy. The Cloud Smart strategy emphasizes the use of risk-based decision-making and service delivery as key considerations in evaluating cloud technologies.”
Thomas said the draft policy lets agencies figure out their specific operational constraints and evolve their enterprise to focus on workload placement, application rationalization, and automation.
“This evolution will increase each agency’s agility while reducing costs and physical footprint,” he said.
At the same time, OMB also is shutting down the data center marketplace that the Obama administration sought to create at the General Services Administration. In 2016, OMB wanted GSA to connect agencies with extra data center capacity with those who needed to expand. The initiative, as envisioned, never got off the ground.
“There were several challenges to getting shared services going,” said Brig. Gen. (retired) Greg Touhill, the former federal chief information security officer and now president of Cyxtera’s federal group, in an interview with Federal News Network. “By the time the government often gets itself organized, they are overcome by events in the private sector. Based on what I see in my company and the data centers we are running, we are running at the highest levels from classified all the way to unclassified. At this point, the private sector is able to meet every single capability the government demands so the days of investing in any data center is not a wise use of people’s money.”
Touhill said the decision to de-emphasize the closing of non-tiered data centers — those small closets or single servers — is a bit concerning.
While he said he understands OMB’s rationale, the cyber risk from these outposts is just as great as those tiered data centers.
“When I was commanding units in the military, we had our multi-disciplinary teams finding those servers and exploiting them. They’d find them in the middle of the night. They were inadequately protected, but they were strategically important because they were devices that gave us an entry into certain networks,” he said. “I would hate to have an organization look at this proposal and say, ‘I know [I] have a hall pass and I don’t have to close or secure a server closet because it’s only based on cost effectiveness.’”
Touhill added the non-tiered data centers also can lead to shadow IT, which increases the obstacles to fully implementing the CIO’s authorities under the Federal IT Acquisition Reform Act (FITARA).
Holgate said OMB also didn’t make clear in the memo that it conferred with lawmakers and the Government Accountability Office on these changes, which is important when it comes to the FITARA scorecard.
“This would help stop the gotcha FITARA hearings when CIOs are given different metrics from OMB, which they are comfortable with, but then get whacked on the wrist by GAO or the Oversight and Government Reform Committee for not meeting congressional metrics,” he said. “That will dampen the changes a little bit if GAO and the committee aren’t on board so it would’ve been helpful if OMB indicated they worked with others on these revised metrics.”
While one would hope, and even expect, OMB to have conferred with GAO and Congress around these changes, a sentence or two would go a long way, especially given the long-history of disagreement over how to measure savings.
World Wide Technology’s Thomas said this pragmatic approach is likely to deliver more of the results OMB is looking for in this initiative.
Gartner’s Holgate added, “I see this really as an evolutionary policy. It reflects what has worked and what has not over the years. This will enable agencies to show more tangible progress against the metrics, which reflect what’s possible based on the lessons over the last few years.”