This content is sponsored by Flexera.
What federal agencies can learn about cloud from industry, early adopters
It’s been ten years since the Cloud First policy directed federal agencies to start exploring and implementing cloud technologies, and it’s clear now that cloud is here to stay. But only the early adopters among agencies have made any significant progress in their cloud migrations; many federal IT leaders say they are still in the early stages of adopting cloud for uses like data analytics and business processes. But as those early pioneers give way to a great migration into the cloud, best practices are emerging from federal agencies and industry that can ease an agency’s transition and adoption.
The first thing any agency can do is understand the extent of its IT infrastructure, by getting an enterprise view of services, applications, where they reside, and how they interact. That means going all the way down to individual app servers, databases, load balancers, middleware and web servers. Once an agency has that view, it can begin to assess the technical demands and cost of migrating a service.
The Office of Inspector General for the largest quasi-government civilian agency recently did just that. It found it needed to upgrade its networks in order to lay the foundation for moving out of data centers, migrating its infrastructure to the cloud, and using those capabilities to begin implementing data analytics and artificial intelligence.
Next, agencies need to determine what to move to the cloud, and when. Impact to mission needs to be taken into account here, as well as security, procurement and workforce considerations. Some applications may need to continue running on premises. Upfront and operational costs, as well as data sensitivity and governance requirements need to be taken into account as well.
For example, the Department of Veterans Affairs recently achieved the kind of visibility into its systems that have allowed it to begin prioritizing the transition of its systems and applications into the cloud. One official estimated the department has saved 10% on data storage costs since determining what needs to stay on premises, and what can go into the cloud. It’s now assessing its IT infrastructure and electronic health records systems to prioritize those migrations and develop more accurate cost projections as well.
But the work doesn’t end after agencies lay the foundation for moving into cloud. Although transitioning to the cloud is where agencies will see some of the biggest costs, it’s easy to get into trouble post-migration if they aren’t prepared for the “pay-by-the-drink” pricing model.
Time-consuming pre-approvals won’t work when costs rise every time a developer deploys a new workload. Agencies have to be proactive in their governance once they’ve moved into the cloud. And the federal government is starting to get the picture. The General Services Administration’s IT Category office is currently developing a best practices guide for purchasing cloud computing on a consumption basis using GSA Schedules.
Agencies also need to plan ahead for software licensing challenges. There are often differences between running software on premises and in the cloud, and most vendors present financial obstacles or prohibitions from running their software on competitors’ clouds. And with most experts agreeing that multi-cloud is the way forward, consistency will be key. While most agencies currently use multiple cloud platforms, 75% report that managing multiple clouds will be a top challenge over the next five years, and nearly half of federal IT executives agree their agency is not yet taking the right steps to prepare for their multi-cloud future.
And updated security and governance controls will become necessary as well. Mitigating risks requires real-time visibility into every asset on the network. Some early adopters have already found significant success with continuous diagnostics and mitigation. For example, the Small Business Administration has leveraged data analytics tools to build out a cybersecurity dashboard that provides an around-the-clock look at every agency device that’s connected to its network, all the way down to mobile devices.
“Whether it’s what threats might be against SBA … being able to see our entire inventory, who’s on our network, what they’re doing, how they’re using our networks, and having visibility into that environment – that’s something we did not have before,” said Maria Roat, former CIO of SBA.
Automation is key to maintaining that kind of comprehensive view into an agency’s systems as it moves more fully into the cloud. U.S. Citizenship and Immigration Services recently redesigned its security operations center with that in mind.
“If you are cloud heavy like USCIS is — we are 80%-90% cloud at this point — your SOC better reflect that. That means if your infrastructure is code, then your security is code too. Your SOC floor better have development teams on it. If you don’t, you’ve already lost the battle and probably the war,” said Shane Barney, the chief Information Security Officer at USCIS. “We’ve had several instances in cloud and every single time, it’s the development teams that rode the show on it. They helped us resolve it; they helped us fix it; they helped us determine it and they helped us develop mitigation solutions going forward.”
These are just a few examples of the best practices coming out of early adopters among federal agencies and industry. Download Flexera’s new cloud whitepaper to learn more.