Computerworld -
Trouble TicketAs budgets have tightened and staff sizes have decreased in the state government I work in, the drumbeat for consolidation has gotten louder. Until now, it has sounded to me like two parts politics and one part hype, so I've tried to ignore it. I don't think I'm going to be able to keep doing that, and so I will have to face the security implications head-on.
Politics is always a big factor in government, of course. Some people are quite taken with the magical idea that if you take all the IT and security people in the state and organize them under one umbrella, you will realize efficiencies and cost savings. Magical thinking isn't my thing; I can't help but wonder how this wonderful idea would work in the real world, where every state agency has its own business needs and requires different support skills, where offices are distributed across a rather big chunk of terrain, and where network, server and desktop standards are, to say the least, varied. And everything we do these days is constrained by crippling budget cuts. Yet we would have to spend a lot of money standardizing across the board before we could consolidate support.
However, an agency that is part of the same department as mine has been touting virtualization as the key to cost savings. My boss is being pressured by management to respond. He said he didn't want me to work on this immediately, but to think about it. That was nice of him, since he knows I don't have the time for anything extra.
Thinking about it raised a lot of questions for me. For starters, are we talking about server virtualization, desktop virtualization, storage virtualization, or what? Are we going to identify services that can be shared and serve up those applications from a data center housing virtualized servers and storage? How does that impact bandwidth? Who's going to be responsible for a statewide cost-benefit analysis? And how does all this affect security?
I am of the school of thought that says that, outside of some specific purposes, virtualization is not ready for prime time. I also think security is not served by putting all your eggs in one basket my view of server virtualization.
But, I remind myself, I'm not in charge. What I need to do is analyze what, if any, components of our environment can be virtualized. Then I need to analyze the effect on security.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
