Source: www.cyberdefensemagazine.com – Author: News team
By James Langley, Master Solutions Consultant, Hitachi Vantara Federal
June 2023 marked the four-year anniversary of the release of the final Cloud Smart strategy, which was the government’s update to the sweeping Cloud First strategy originally issued in 2011. Cloud First was designed to push Federal agencies to migrate to the cloud. Cloud Smart offered agencies the flexibility to adopt cloud technology according to mission needs.
While four years can feel like a different world from a technological perspective, it is not a lot of time when it comes to effective change in government, especially given the significant disruptions caused by the pandemic since Cloud Smart was issued. Agencies that were working towards Cloud First mandates for eight years may not have been able to fully pivot over the past four years, leaving them unable to realize the full benefits of becoming Cloud Smart.
Cloud First: A Flawed Approach to Cloud Migration
The intent behind Cloud First was to modernize and secure government systems and applications, which were years behind the private sector. However, Cloud First did not include detailed guidelines on how to adopt cloud technology, leaving many agencies to forge their own migration path and creating myriad complex and stop-gap solutions.
As more agencies started the migration process, they began to realize the flaws of the wholesale cloud migration strategy called for in Cloud First.
- Cloud is expensive. Agencies assumed that they would gain cost savings by migrating to the cloud because they would no longer need to maintain on-premises data centers. In many cases, they found that cloud was more expensive, especially if they didn’t have a cloud data management plan. It is cheap to move data into the cloud, but expensive to get it out, and access or egress fees are an unpredictable cost that many agencies could not plan for effectively. Automatic and self-service provisioning quickly added cloud resources when needed, but didn’t always reduce capacity when it wasn’t needed, leaving agencies paying for cloud they weren’t using. Cloud pricing was also confusing, further complicating the issue. Currently, the government pays billions in taxpayer money for cloud.
- Security is a concern. Moving from on-premises data centers to the cloud takes some control over data and application security away from government technology leaders. This can be especially concerning when looking at national security, trade secrets, or personal identifiable information.
- Legacy applications don’t work in the cloud. Getting existing applications cloud ready was more complicated than expected. Many could not migrate to the cloud – or were prone to bugs or cost overruns if they were placed in the cloud anyway.
- Cloud migration led to vendor lock-in. Agencies using the more advanced tools and services of hyperscalers found that they were proprietary, leading to the vendor lock-in they sought to avoid.
Cloud Smart was designed to overcome many of these issues, but agencies still operating with a Cloud First mindset continue to experience many of these problems.
Cloud Is Not a Destination
One of the key lessons learned from Cloud First is that cloud isn’t a destination. Not everything should be moved to the cloud, and many things that are moved shouldn’t be left there. Agencies should view cloud as an operating model centered around utility and self-service – use and pay for cloud services when, where, and if they are needed. Cloud spending should be balanced with existing infrastructure investments to optimize agency technology budgets – and taxpayer money.
Adopting a Cloud Smart Mindset
Cloud Smart offers specific guidance and recommendations to identify what workloads should – and should not – be migrated to different types of cloud environments – public, private, hybrid, multi, or near cloud.
It lays the framework for government IT modernization because it gives agencies the guidelines and choice for how to upgrade their infrastructures. With the explosion in data collected from the data center to the edge, the push for stronger cybersecurity, and the need to tap into the power of emerging technologies like artificial intelligence, agencies must shift their mindsets. Moving from Cloud First to the holistic Cloud Smart approach to modernize their infrastructures effectively will allow them to innovate new solutions.
The architects of Cloud Smart outlined three fundamental pillars of success for cloud migration: security, procurement, and skills. These pillars are key in helping agencies achieve the Cloud Smart strategy. Agencies need to align the pillars to tools and services that are available today to achieve the goals of the strategy.
Data management is complicated under a Cloud First mindset. Apps built for one cloud environment may not work properly in another part of the environment, leaving them vulnerable to cyberattacks. Accessing data that may live in different places at different times becomes challenging when implementing zero trust. Canceling a hyperscaler contract that is intertwined in a hybrid cloud infrastructure is extremely difficult, leaving agencies at the mercy of that hyperscaler’s security policies.
To solve these security issues, agencies can look at near-cloud solutions that include an outsourced physical data center that connects with other cloud providers. Companies that offer near-cloud solutions maintain an agency’s data sovereignty while enabling the agency to maintain oversight, management, and security of the hybrid cloud infrastructure.
Near-cloud environments typically use predictive analytics tools to monitor for threats across the hybrid cloud environment, as well as swift mitigation tools to support quick recovery in case of a breach at any place within the hybrid cloud.
Agencies can benefit by looking beyond cloud solutions that are already FedRAMP certified to find products that are FedRAMP compliant. Industry can shoulder the cost burden of certification, so agency choice need not be limited to certified products.
Cloud procurement should be approached by looking at workloads, not destinations. That way, agencies are basing cloud procurement on the consumption required to meet the specific needs of each workload rather than a cloud solution to place all workloads. Agencies can realize cost savings on cloud consumption by partnering with organizations that offer X-as-a-service (XaaS) pricing – which includes organizations beyond the hyperscalers – allowing them to pay for any IT solution based on how much they actually need and use.
Agencies still operating under a Cloud First structure may struggle to procure on-premises or edge cloud solutions that can provide the most cost-effective and secure environment for a particular mission’s needs. A key step to realizing the benefits of Cloud Smart is for cloud project managers to expand their focus and scope to include consideration of private, hybrid, and near cloud solutions.
The skills gap in government technology has been a serious factor since Cloud First was issued. That gap continues to grow, especially in a post-pandemic environment.
Taking advantage of automation in any cloud or on-premises environment is one way to overcome the skills gap. Agencies should demand more automation capabilities from industry to support private, hybrid, and near cloud solutions. Wizard-driven or workflow-driven activities should replace manual intervention and tasks.
While future innovations are inevitable, agencies must recognize the need to expand their cloud strategies beyond mere migration and actively embrace diverse architectures and solutions, such as private, hybrid, multi, and near cloud. By forging strong partnerships with industry experts, agencies can successfully achieve their ultimate objective of becoming Cloud Smart and effectively serve the American people.
About the Author
James Langley is the Master Solutions Consultant of Hitachi Vantara Federal, a wholly owned subsidiary of Hitachi Vantara, with more than 20 years of experience in the IT industry and a decade as a trusted adviser for federal civilian, defense and intelligence agencies. James can be reached at email@example.com or at our company website www.hitachivantarafederal.com
Original Post URL: https://www.cyberdefensemagazine.com/four-years-and-a-pandemic-later-have-agencies-become-cloud-smart/
Category & Tags: Cyber Security News – Cyber Security News