Local Government Data Center Security Breach Threats and Costs
This article originally appeared on Aug. 2, 2016, and has been revised to bring our readers the most up-to-date technology information.
Local government data centers are struggling to keep pace with the needs of the agencies and constituents they support, and that gap is increasing with the growing amount of security breaches in today's world.
Three overarching needs are consistent across almost every data center effort as discussed in part one of this two-part series:
- The need to meet the expanding IT demands of the agencies and constituents they support.
- The need to effectively manage costs, both tactically when budgets contract and strategically when budgets expand.
- The need to address new threats and data center security breaches as network technology evolves.
Government IT leaders may deploy commodity hardware and open-source software. The low acquisition costs for these solutions are attractive, but unless organizations have a large and experienced IT staff, they can find that maintaining these systems requires too much time and effort, potentially leading them right back where they started.
This article focuses on managing costs and risks in today’s state and local government data centers.
Managing costs by reducing maintenance
Most government IT leaders realize the less they spend on maintenance, the more they can devote to building new systems and new solutions for their agency and constituent needs. However, many IT managers are helpless to reach that reality; their legacy infrastructure, management tools and processes simply require too much time and budget to maintain.
This reality can set up an adversarial relationship between IT and agencies they serve, with mounting frustration on both sides: the agencies and departments feel that IT is unresponsive to their needs, while IT feels stretched thin and struggles to keep up.
The challenges posed by the maintenance of legacy systems also has undesirable effect of driving up IT-related expenses at a time when leaders are under nearly constant pressure to reduce IT spending, and help drive revenue. In order to find the savings they need, IT leaders often evaluate two different options:
- Either missing key insights due to ineffective discovery, or
- Risk wasting time and resources by trying to capture every detail of their IT infrastructure
Managing costs through data center consolidation
Data center consolidation is also a hot topic on the subject of managing data center cost. Following suit of the Federal Data Center Consolidation Initiative (FDCCI), local agencies are realizing the spend associated with redundant and inefficient infrastructure, long-term. To reduce space and save on energy, agencies can move to a hyperconverged, virtualized infrastructure. Changing locations can even decrease costs in some cases. For more on how, be sure to read our recent article, Crucial Keys for Deciding on Your Data Center Location.
The path forward requires more than just hardware consulting and migration project management: It requires a strategic understanding of mission-critical systems paired with an open, vendor agnostic approach to appliance and network hardware that accommodates hybrid solutions to achieve mission goals.
Both growth and cost challenges of today's government data centers work within a much larger and more sinister context as well: data theft and loss. With the internet, the Internet of Things (IoT) and the flood of public data being digitized, the big data explosion requires more storage and larger infrastructure, accommodating bigger files and more powerful networks to transport them — all of which incrementally increase data security risks.
High-profile data breaches are increasingly common, costing billions in damages and putting IT infrastructure under intense (often political) scrutiny. With the number of break-ins and the damage they cause on the rise, data centers are forced to perform a high-risk balancing act: driving more data, accessibility and capability without increasing their agencies' or constituents' vulnerability in the process.
Further, emerging mobile and cloud computing models expose state and local governments to new security risks — risks compounded by the social networking and collaborative nature of today's constituents and government workforce. IT managers delivering new mobile and cloud solutions must plan to mitigate the increased risks of data theft, fraud and privacy breaches that result. Unfortunately, such security plans negatively impact agility, maintenance burdens and IT costs, adding another layer to the existing challenges of data center services.
Risk and IT supply chain management
Even supply chain security is a hot topic, with agencies often asking data center vendors, “How do you secure your IT supply chain management?” Agencies need to ensure the security of network devices from manufacture through installation and deployment, combating instances where something embedded into the device’s hardware or firmware may present a network security compromise. Data center discovery therefore needs to include a supply chain element, defining provenance and tracking the logistical path of system hardware, software, appliances and applications along their entire lifecycle.
Here again, an understanding of the missions served by the data center also requires a holistic and comprehensive security mentality that spans far beyond the walls of the data center or even the firewalls of the network security applications. Risk management must peer back to the creation of data center solutions, as well as forward into its deployment for a mobile workforce and constituency.
To learn more on meeting the expanding IT demands of the agencies and constituents you support, go to part one of this two-part series. In the meantime, download the Insight whitepaper, “Uniting Past, Present and Future Data Needs,” for an in-depth look at handling growing IT demands, costs and risks.