Disaster recovery is top of mind for chief information officers (CIOs) and IT managers as natural disasters such as hurricanes, wildfires, earthquakes and other events are happening on a frequent basis. The example of Hurricane Sandy’s effect on the East Coast last year continuously reminds IT staffs and CIOs at federal agencies that they must be prepared to continue operating in the event of a natural disaster.  And although there is some forewarning with natural disasters, what cannot be predicted is the occurrence of human error, hardware failures and malicious acts which account for the majority of data center and IT failures.

The amount of data a federal agency, or any company, produces is growing rapidly and must be fully protected. However, the challenges lies in implementing disaster recovery and secure data protection strategies within complex IT environments that can be easily tested on a continual basis. A recent study covered last month by SiliconANGLE, points to only a small percentage of government IT professionals that felt they could successfully restore data after an IT failure and were fully testing IT systems to be prepared in the event of a disaster.

Practice what you preach

What this means is the federal government needs to start practicing what it preaches. The government makes laws which regulate the data protection, retention and recovery practices affecting private companies, banks, and stock exchanges. Federal agencies like the Securities and Exchange Commission can even apply financial penalties if an audit of one of these entities shows they are not in full compliance. The issue here is the federal government ends up resembling a parent telling their kids to “do what I say, and not what I do” or similar to a town ordering a resident to fix the sidewalk in front of their private home for safety sake while the sidewalk in front of the town hall is falling apart.

The good news is the Department of Defense is the federal agency that has always had a fairly robust practice to assure continuity of operations during any type of disaster, even during a nuclear event, and it is being used as an example for other agencies.  The office of the CIO for our government is on board and is taking steps to assure forward progress across the board for all agencies, while also keeping an eye on reducing costs for the taxpayers.

• Cloud First

As an example, under the direction of the former U.S. Federal Government CIO Vivek Kundra, and continuing under the new CIO Steven VanRoekel, a massive project of migrating data and consolidating data centers across the entire government has been underway. The consolidation initiative is an extensive long term project to save money and increase overall efficiency by reducing the number of government data centers from the original 1,100 to a few strategic locations. By consolidating all the IT resources into fewer more powerful and virtualized data centers, the ability to provide continuity of operations (COOP) will be enhanced, and made more simple and cost effective. In another effort to reduce costs and enable the strategic buying power of the entire federal government, agencies are also working together to standardize procurement practices.

Former CIO Vivek Kundra instituted the initiative called “Cloud First” dictating that all government agencies must first look to the cloud to source new applications or infrastructures or provide a valid business case why a cloud-based solution would not be a viable option. The government is also in the process of virtualizing as much of their IT infrastructure as possible, which will reduce costs and datacenter requirements even further.

These new initiatives being set forth by the technology management teams in the federal space are actually ahead of many of their peers in the private sectors.  For example the new Federal Risk and Authorization Management Program (FedRAMP) mandates that each vendor providing a cloud-based solution or technology service to the government must pass certification through the program, before selling to participating agencies. The end result is similar to having a proof of concept for all the software and hardware the government buys, with every agency benefiting from the process. The time and cost savings from that initiative alone will be significant. These are the types of solutions that were discussed under TechAmerica Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD²). This commission provided the Obama administration with insight and recommendations on the government’s use of cloud technologies and how to create policies for innovation in the cloud.

As more agencies align themselves with the directives set forth by the U.S. CIO leadership and embrace the cloud, they will begin to engage in strategic partnerships with private sector providers. These relationships will ensure more efficient and cost effective solutions for protection of government IT assets and the taxpayers will reap the benefits. In turn these agencies will serve as proof points to enterprises on how to implement cloud, data protection and disaster recovery services effectively as recent surveys of the private sector also indicate that CIOs and IT managers are lagging in implementing modern data protection solutions and disaster recovery plan testing. The initiatives implemented by the federal CIO will assist in changing the data protection landscape and driving further adoption of proper disaster recovery planning.