>Decentralization, Technology, and Anti-Terror Planning

>Even though there hasn’t been a successful terrorist attack against the United States since 9/11, we are all aware that terrorists continue to seek ways to harm us. Of course, we have assets deployed nationally as well as internationally to protect our interests. However, there is always more that can be done. And one thing that immediately comes to my mind is decentralization.

The concept of decentralization is very simple. Rather than concentrating all your vital assets in one place, you spread them out so that if one is destroyed, the others remain functional. The terrorists already do this by operating in dispersed “cells.” Not only that, but we know that very often one “cell” doesn’t know what the other one is doing or even who they are. All this to keep the core organization intact in case one part of it is compromised.

Both the public and private sectors understand this and often strategically decentralize and have backup and recovery plans. However, we still physically concentrate the seat of our federal government in a geographically close space. Given that 9/11 represented an attack on geographically concentrated seats of U.S. financial and government power, is it a good enterprise architecture decision to centralize many or all government headquarters in one single geographic area?

On the one hand the rationale for co-locating federal agencies is clear: The physical proximity promotes information-sharing, collaboration, productivity, a concentrated talent pool, and so on. Further, it is a signal to the world that we are a free and proud nation and will not cower before those who threaten us.

Yet on the other hand, technology has advanced to a point where physical proximity, while a nice-to-have, is no longer an imperative to efficient government. With modern telecommunications and the Internet, far more is possible today than ever before in this area. Furthermore, while we have field offices dispersed throughout the country, perhaps having some headquarters outside DC would bring us closer to the citizens we serve.

On balance, I believe that both centralization and decentralization have their merits, but that we need to more fully balance these. To do this, we should explore the potential of decentralization before automatically reverting to the former.

It seems to me that decentralization carries some urgency given the recent report “World At Risk,” by The Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism—it states that “terrorists are determined to attack us again—with weapons of mass destruction if they can. Osama bin Laden has said that obtaining these weapons is a ‘religious duty’ and is reported to have sought to perpetuate another ‘Hiroshima.’

Moreover, the report goes on to state that the commission “believes that unless the world community acts decisively and with great urgency, it is more likely than not that a weapon of mass destruction will be used in a terrorist attack somewhere in the world by the end of 2013.”

Ominously the report states “we know the threat we face. We know our margin of safety is shrinking, not growing. And we know what we must do to counter the risk.”

Enterprise architecture teaches us to carefully vet and make sound investment decisions. Where should we be investing our federal assets—centrally or decentralized and how much in each category?

Obviously, changing the status quo is not cheap and would be especially difficult in the current global economic realty. But it is still something we should carefully consider.

>Backup and Recovery and Enterprise Architecture

>

Anyone who has lost information on their computer knows how important backing up your computer work is, and organizations spend large sums of money to back up corporate information assets.

ComputerWorld, 4 February 2008, reports that “Corporate IT Warms Up to Online Backup Services.”

It used to be everyone backed up their own data, but now things are changing with major storage vendors entering the online backup market.

Now the benefits are beginning to outweigh the costs:

  • Cost savings on specially skilled personnel and equipment for backup and storage administration function
  • Productivity gains from outsourcing the systems administration and backup
  • Unlimited corporate storage capacity

The information security officer at the University of San Francisco states: “If you asked me three or four years ago [about backup], the economics would say, ‘build it yourself.’ However, as storage vendors enter the online storage business and work to address IT concerns [such as pricing and security], ‘I can’t imagine anyone doing it themselves.’”

Gartner says “the technology is slowly becoming more attractive to large companies, thanks to move into the hosted storage business by EMC and storage and backup rivals such as IBM, Iron Mountain Inc, Symantec Corp., and Seagate Technology LLC.”

IDC predicts that sales of hosted backup storage services will reach $715 million in 2011, up from $235 million in 2007.”

Vendors are moving quickly to address the following issues:

  • Acceptable pricing
  • Security including encryption and authentication
  • Bandwidth

So are hosted backup services worth the cost?

The vice president of operations and compliance officer of Lisle Savings Bank says “I’m not going to say it cheap; it’s not. [But] we felt what are paying for is really insurance against losing data. I used to cringe when anybody deleted a file and I had to find the tape.”

The IT director of a Fort Worth, Texas law firm noted that “the move to the hosted service quickly blunted management concerns about disaster recovery in the tornado-prone area. The online option also ensures that backup tapes will not have to be stored by a vendor that could carelessly allow them to be lost or stolen…It’s the wave of the future, if it’s not already here.”

From a User-centric Enterprise Architecture perspective, we must ensure the security of business and technical assets. This includes the confidentiality, availability, integrity, and privacy of corporate information. One way to protect vital information assets is through robust information backup and recovery services.