Blog archive

Does CBP’s Tombe expect too much from the cloud?

Wolf Tombe, Customs and Border Protection (Photo: Flickr/GTRA)

Readers critical of CBP CTO Wolfe Tombe suggested he was overly demanding of cloud service providers.

Readers were divided over comments made by Customs and Border Protection CTO Wolf Tombe in a Jan. 29 FCW article headlined “Moving to the cloud? Learn from CPB’s mistakes.” To some readers, Tombe came off as overly demanding of cloud service providers, while others said his comments should be a “must read” for federal CIOs.

One reader wrote:            

"Tombe said agencies should demand 99.999 percent -- sometimes called the five nines -- and should subsequently demand not to pay extra for it. Really??? How does that work? Each "9" is an order of magnitude more effort to deliver, and that entails additional cost. Someone's gotta pay for it. Why not just demand ten 9s?”

Another said:

“Demand commercial pricing and then demand additional services that commercial pricing doesn't include and then refuse to pay for it and then test it out in 'small' programs that are just trying to get their work done since nobody cares about them if they fail. Pretty much sums up cloud-first, huh?”

Frank Konkel responds:

I think Tombe’s comments are hardened from experience. Clearly, he and the agency at large were unhappy with one of its initial forays to the cloud – a botched email-as-a-service effort that the agency is still feeling repercussions from.

This isn’t someone saying you should start small in “low profile, low visibility” projects because larger enterprise efforts don’t belong in the cloud; this is someone saying start small and fail fast because practice makes perfect. The mission is still affected if a small program gets botched, but it’s affected a lot more when a large service like email goes down. Guaranteed, if CBP could have a do-over on a few of its troubled cloud efforts, it would take one faster than you can say “infrastructure-as-a-service.”

As for Tombe’s request for 99.999 percent availability without paying extra for it, I believe Tombe is saying that the five-nines of availability are a standard. Reliability is an important factor when considering any kind of cloud service, so it should be part of an organization’s business case. To me, Tombe is saying federal agencies should request what has become standard without paying extra money for it. In a competitive market, his statements – especially for cash-strapped agencies – make sense to me.

Posted by Frank Konkel on Feb 11, 2014 at 6:27 AM

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Thu, Feb 13, 2014 Linda Y. Cureton United States

I do agree w/ OccupyIT that the blind request for 5 9s is unrealistic. The real issue is that CIOs just don't know what to ask for. Email has been "best effort" by design. To ask for 5 9s, is clearly prohibitively expensive. What we really need is to be better informed consumers of IT. But we are still stuck on old models where we ran data centers and applied terms and conditions to motivate specific behaviors from hardware providers. Times have changed. IT executives need to change too.

Wed, Feb 12, 2014 OccupyIT

Make up your mind. Is he just stating the obvious, "federal agencies should request what has become standard", or not? He certainly is saying 'ask for more'. Why is the only thing taken out of agile 'fail fast' as if the failing part is what's key. Let's start at the basic principle that you do the simplest thing first and run with it until it proves insufficient. Five 9s is NOT industry standard for small applications of the type mentioned for pilots (unless you don't include schedule downtime, only during working hours, not including outages by FedRAMP IaaS vendors like Microsoft Azure and Google, etc.) - this is less than 5 minutes off-line per year - without a lot of redundancy most applications don't need to afford. I've seen blind requests for five nines coupled with 24 hour backup cycles?!? If you can lose a day's work then you don't need five nines. When push comes to shove the real requirement is probably on the order of three nines at the application level. Don't confuse network uptime with application uptime. That's just CIO jousting. Bottom line is not to defend poor performance but rather to stop throwing out blanket generalities (cloud-first, five nines is minimum, don't pay for non-typical requirements, etc.) just confuses buyers and adds misinformation to an already poor procurement environment. Hire people that do good work and stick with people that are supporting you. Ask yourself why more email cloud migrations have failed after being the nirvana of CIOs? I love the way 'industry standard' is the way to go until 'industry standard' doesn't work based on our additional glombed on 'requirements' and it becomes 'industry's fault'. Perhaps there really is no one at the dance that meets your unrealistic requirements for a future spouse. Keep asking new partners until you find Cinderella...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above