* This article originally ran on StateScoop on May 7, 2013.
Depending on which state CIO you ask (or even which time of day you ask him/her), consolidation is either the best or the worst thing that's ever happened to government IT.
On the one hand, those virtual machines are saving you thousands of dollars (maybe millions) in server costs, power, and space. On the other hand, virtualized machines are fueling the proliferation of unnecessary data storage (so-called “VM sprawl”), and those storage costs are biting into your savings.
As Linux Magazine’s Ken Hess puts it: “[Virtualization], a technology sold as ‘money saving,’ often has the opposite effect when left unchecked.”
To be fair, though, blaming virtualization for your unnecessary data storage is a little like blaming your credit card for your unnecessary debt. (If you use virtualization wisely—in concert with a well thought-out data management plan—you can have all of the benefits and none of the cost.)
Then again, storage virtualization is the easy part. Nowadays, most of the trepidation around IT consolidation has to do with virtualizing mission-critical apps. That’s because historically, when applications have encountered performance issues inside virtual machines, it’s been extremely difficult for IT managers to diagnose the problem.
At Symantec, we’re working with virtualized machine manufacturers to provide better optics inside their machines—so that IT managers can understand why applications aren’t running at their peak.
Like virtualization, cloud is another beautiful, terrible reality for IT. The big question is: Which IT services have to be run by the state, and which can be offloaded to third parties? (We’re seeing a lot of smaller, local governments moving aggressively toward cloud, but this may not be realistic for larger state governments in the near term.)
For now, we need to offer states a hybrid solution that bridges their own environment with the third party’s. The trouble is, a lot of cloud providers don’t have extensive security and privacy expertise—so you should never assume that a third party environment will have the same privacy and security protections as a state government’s native environment. That’s not to say we should avoid third party environments altogether. It just means we’ll need to take additional security steps.
Speaking of which, security is perhaps the best reason of all for state CIOs to embrace consolidation efforts. In more federated environments (state and local government has a long history of decentralized IT—sometimes 40-50 different agencies running their own systems), the gaps between silos are often filled with exploitable vulnerabilities. So by implementing an improved IT security solution across the whole enterprise (especially using tools like data loss prevention and encryption), your entire organization becomes more secure as well as more consolidated.
And that’s a win-win situation, no matter who (or when) you ask.