Blog archive

Does CBP’s Tombe expect too much from the cloud?

Wolf Tombe, Customs and Border Protection (Photo: Flickr/GTRA)

Readers critical of CBP CTO Wolfe Tombe suggested he was overly demanding of cloud service providers.

Readers were divided over comments made by Customs and Border Protection CTO Wolf Tombe in a Jan. 29 FCW article headlined “Moving to the cloud? Learn from CPB’s mistakes.” To some readers, Tombe came off as overly demanding of cloud service providers, while others said his comments should be a “must read” for federal CIOs.

One reader wrote:            

"Tombe said agencies should demand 99.999 percent -- sometimes called the five nines -- and should subsequently demand not to pay extra for it. Really??? How does that work? Each "9" is an order of magnitude more effort to deliver, and that entails additional cost. Someone's gotta pay for it. Why not just demand ten 9s?”

Another said:

“Demand commercial pricing and then demand additional services that commercial pricing doesn't include and then refuse to pay for it and then test it out in 'small' programs that are just trying to get their work done since nobody cares about them if they fail. Pretty much sums up cloud-first, huh?”

Frank Konkel responds:

I think Tombe’s comments are hardened from experience. Clearly, he and the agency at large were unhappy with one of its initial forays to the cloud – a botched email-as-a-service effort that the agency is still feeling repercussions from.

This isn’t someone saying you should start small in “low profile, low visibility” projects because larger enterprise efforts don’t belong in the cloud; this is someone saying start small and fail fast because practice makes perfect. The mission is still affected if a small program gets botched, but it’s affected a lot more when a large service like email goes down. Guaranteed, if CBP could have a do-over on a few of its troubled cloud efforts, it would take one faster than you can say “infrastructure-as-a-service.”

As for Tombe’s request for 99.999 percent availability without paying extra for it, I believe Tombe is saying that the five-nines of availability are a standard. Reliability is an important factor when considering any kind of cloud service, so it should be part of an organization’s business case. To me, Tombe is saying federal agencies should request what has become standard without paying extra money for it. In a competitive market, his statements – especially for cash-strapped agencies – make sense to me.

Posted by Frank Konkel on Feb 11, 2014 at 6:27 AM

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Thu, Feb 13, 2014 Linda Y. Cureton United States

I do agree w/ OccupyIT that the blind request for 5 9s is unrealistic. The real issue is that CIOs just don't know what to ask for. Email has been "best effort" by design. To ask for 5 9s, is clearly prohibitively expensive. What we really need is to be better informed consumers of IT. But we are still stuck on old models where we ran data centers and applied terms and conditions to motivate specific behaviors from hardware providers. Times have changed. IT executives need to change too.

Wed, Feb 12, 2014 OccupyIT

Make up your mind. Is he just stating the obvious, "federal agencies should request what has become standard", or not? He certainly is saying 'ask for more'. Why is the only thing taken out of agile 'fail fast' as if the failing part is what's key. Let's start at the basic principle that you do the simplest thing first and run with it until it proves insufficient. Five 9s is NOT industry standard for small applications of the type mentioned for pilots (unless you don't include schedule downtime, only during working hours, not including outages by FedRAMP IaaS vendors like Microsoft Azure and Google, etc.) - this is less than 5 minutes off-line per year - without a lot of redundancy most applications don't need to afford. I've seen blind requests for five nines coupled with 24 hour backup cycles?!? If you can lose a day's work then you don't need five nines. When push comes to shove the real requirement is probably on the order of three nines at the application level. Don't confuse network uptime with application uptime. That's just CIO jousting. Bottom line is not to defend poor performance but rather to stop throwing out blanket generalities (cloud-first, five nines is minimum, don't pay for non-typical requirements, etc.) just confuses buyers and adds misinformation to an already poor procurement environment. Hire people that do good work and stick with people that are supporting you. Ask yourself why more email cloud migrations have failed after being the nirvana of CIOs? I love the way 'industry standard' is the way to go until 'industry standard' doesn't work based on our additional glombed on 'requirements' and it becomes 'industry's fault'. Perhaps there really is no one at the dance that meets your unrealistic requirements for a future spouse. Keep asking new partners until you find Cinderella...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group