The U.S. government may be making greater use of privately owned data centers to house the nation's secrets, as well as more of the nation's business in general. Or at the very least, data center hosting firms are expecting the government to do so.
The evidence lies in the growing number of data centers being built in the Washington area by hosting vendors, along with a trend among federal agencies to increase their reliance on outsourcing providers.
Many of the new data centers being built outside of Washington's Beltway are being designed with the highest levels of security in mind, with barriers, bulletproof materials and electronic protections that are intended to make them capable of withstanding attacks by people on foot or in vehicles.
For instance, Terremark Worldwide Inc. is building a data center complex in Virginia's Culpeper County, about 60 miles from Washington, that illustrates the type of services being offered by private operators. Terremark detailed its plans to construct five 50,000-square-foot data centers at the site last June, and it expects to begin operations there by this June.
The company said in November that the IT space will be capable of processing and storing some of the federal government's biggest secrets — data that is classified as TS/SCI, for Top Secret/Sensitive Compartmented Information. That level is considered to be more sensitive than the regular top-secret category.
Miami-based Terremark believes it is the first data center operator to get a contract from the U.S. General Services Administration specifying that its facilities comply with the government's SCI Facility standard. SCIF outlines stringent physical security requirements, such as the thickness of doors, the strength of concrete, and the use of alarms and acoustical controls to prevent any eavesdropping within facilities, including by electronic means.
While the inclusion of Terremark on the GSA's SCIF list doesn't mean it is the only data center operator that can meet the standard, the preapproval could potentially cut months off of the usual contracting time for government agencies, according to Jamie Dos Santos, president and CEO of the company's Terremark federal group unit.
Terremark's belief that it's important to be listed as SCIF-capable may be a sign that processing of high-security government data at privately operated data centers is becoming more routine. But the biggest driver of data center outsourcing by federal agencies is their need to build redundant systems in so-called safe areas, extending even outside the 50-mile nuclear blast zone as measured from downtown Washington.
John Slye, an analyst at Input, a market research firm in Reston, Va., that tracks government IT spending, predicted that the amount being spent on outsourcing of application management and services — a category that would include data centers — will grow at an average rate of 7% annually over the next five years. That would increase it from about $6 billion this year to $8 billion over the next five years, out of total IT spending that currently amounts to about $70 billion.
As part of its antiterrorism efforts, the U.S. government has stepped up its use of private contractors to help supplement internal intelligence gathering, and Slye said he sees the same scenario happening for federal data centers as well.
Not all of the data center construction outside the Beltway is being done by the private sector. For instance, the FBI is building an office complex that includes 227,000 square feet of data center space, out of a total of nearly 1 million square feet of floor space, in bucolic Winchester, Va., about 75 miles west of Washington.
There is a mandate by President Bush "to diversify and get out of downtown D.C.," Dos Santos said. She added that federal agencies may need more modern IT facilities as well. Many of the government's data centers "were built without power handling capabilities that the architecture is requiring today," Dos Santos said.
John Curran, chief technology officer at ServerVault Corp. in Dulles, Va., said that federal data centers in Washington suffer from many of the same woes faced by older IT facilities in general, such as an inability to easily expand them or provide the power and cooling capabilities needed by high-density servers. All of this is encouraging a relocation trend, Curran added. When property costs and technology needs are considered, "you're far more inclined to choose something outside the downtown area," he said.
Terremark isn't the only vendor building facilities that can meet government security standards in the Washington area. For instance, Power Loft LLC is building a 200,000-square-foot data center in Manassas, Va., that it says will be able to meet design guidelines specified by the Defense Threat Reduction Agency. The agency, which is part of the U.S. Department of Defense, requires that buildings be located a certain distance away from any kind of public access, and that they include security measures such as vehicle barriers.
James Coakley, president and CEO of McLean, Va.-based Power Loft, said that thus far, interest in leasing space in the Manassas facility has come from the private sector, particularly the financial services industry. But he and other data center operators think that government business will only increase.
Last fall, Savvis Inc. expanded its roster of data centers into the Washington area by opening a 30,000-square-foot facility in Sterling, Va., that advertises, among other things, biometric entry systems, and bulletproof glass and walls. Savvis isn't targeting SCIF-level data center services, said an official at the Town & Country, Mo.-based company. But it does have a special zone within the Sterling data center for people with federal security clearances.
By emphasizing security, the private data center operators may also be trying to convince the government that their facilities are more secure than existing federal facilities are. Government data centers aren't always paragons of security. For instance, in a report issued last month (download PDF), the U.S. Government Accountability Office cited a variety of physical security issues at IRS data centers, mostly centering around access by personnel who didn't have a need to be there.
In an earlier report last summer about information security issues within the government as a whole (download PDF), the GAO said that at one data center, which it didn't identify, it found 400 individuals who had unrestricted access to the entire facility — even though their jobs didn't require such access. "Many of the data losses that occurred at federal agencies over the past few years ... were a result of physical thefts or improper safeguarding of systems, including laptops and other portable devices," the GAO wrote in that report.