Americans Deserve Better Than The DCOI Metrics Debate

By Sonia Sexton

In a classic move-the-goalposts maneuver, the Office of Management and Budget recently proposed modifying the metrics federal agencies should use for tracking the progress and effectiveness of the Data Center Optimization Initiative (DCOI). Notwithstanding that metrics are the death of every government policy, OMB’s proposal really signals just how far behind the federal government is with technology.

Changing the metrics won’t matter. Some agencies flat-out don’t want to let go of their legacy equipment and systems. And those that are willing to loosen their grip and get with the program think the cloud will be their salvation. They’re both wrong.

From the Federal Data Center Consolidation Initiative launched by OMB in 2010, to the Federal Information Technology Acquisition Reform Act signed into law in December 2014, to the DCOI policy established by OMB in August 2016 to help federal agencies meet FITARA requirements, we’ve seen a nearly decade-long, overwhelmingly bipartisan effort at herding cats from the top down, with little bottom-up buy-in or consensus on what success would finally look like.

Some of the slow-walking by agencies is understandable. They recognize that — despite outward appearances — the federal enterprise is not monolithic. Different agencies have different needs, and they’re not eager to embrace what they see as a homogenized, one-size-fits-all policy.

That attitude gives fits to anyone up the policy food chain striving to wring order out of chaos. But to be fair to reluctant agencies, each new administration believes it’s smarter and better than the last and comes up with its own twist on how to define and measure data center optimization success — which makes agencies even more cautious and ambivalent.

That said, agencies that take a Charlton Heston-like stance — “We’ll give you our servers when you pry them from our cold, dead hands!” — need to wake up and smell the cyber coffee. The threat environment has evolved so much in the years since OMB first uttered the word “consolidation” that legacy systems are increasingly sitting ducks for a new generation of malicious hackers. This is no time to cling to outmoded systems.

A wake-up call is also needed, however, for agencies that view the cloud as their data-storage promised land. The cloud can quickly become a jungle for any enterprise that needs to store sensitive data, because it is only as safe as the data centers and other infrastructure securing it. Just remember the 2018 WikiLeaks release of Amazon AWS’ data center locations as a recent example. That breach blew a number of secret government programs, because certain agencies had highly sensitive data stored in some of those cloud servers.

Instead of quibbling over metrics and moving the goalposts, federal agencies must embrace a hybrid colocation-and-cloud data management strategy. Some agencies with legacy systems can’t get into the cloud; they need a hybrid solution, which also requires taking a facility-first approach to data center security. And agencies with cloud-eligible systems should contract only with data center companies that are committed to truly protecting their identity, their data and their employees.

Moreover, everyone has been focusing on a secondary problem — consolidation — when the main focus should be modernization. You can’t consolidate what hasn’t been modernized.

The clock is ticking. Not the clock at OMB or even in Congress. Rather, the technology-advancement clock that sets the pace for what’s possible. Hackers are always at the cutting edge of that clock. Alarmingly, most federal entities are at its trailing edge.

The American people by and large don’t know that their federal government has been falling dangerously behind technologically and that agencies have been dragging their feet and arguing about metrics for the past decade. Whether or not they expect better anymore, they certainly deserve better.

Proven solutions are out there. The government must get out of its own way and use smart public-private partnerships to help agencies stay on mission while modernizing their data storage. It’s not a moon shot or a trip to Mars, but rather an effective federal data center strategy that requires the right stuff: leadership, humility and a clear-eyed understanding of the risks involved in failing to implement secure solutions.

About the Author

Sonia Sexton is chief security officer for DP Facilities, Inc.