While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
For most organizations, a cloud-first policy means migrating every possible application to the cloud.
For federal agencies, the message takes on a somewhat different meaning. A cloud-first policy allows federal IT managers to focus on their department’s mission and turn the work of running a data center over to someone else.
As the cloud-first data center becomes more common, agencies can reap some new benefits.
By putting their hardware inside someone else’s data center (a practice known as colocation), agencies are able to outsource their real estate and air conditioning, but little else.
As hardware owners, they remain responsible for running the servers and storage, maintaining contracts and installing hardware and firmware upgrades.
About 20 years ago, colocation represented the only cloud computing option for most agencies, but data center service providers have come a long way since then, adding more services and options.
Today, Infrastructure-as-a-Service is quickly becoming the preferred method for agencies adopting a cloud-first policy. IaaS allows agency administrators to remove themselves entirely from the hardware and capacity planning business.
IaaS takes care of everything up to the level of the virtual machine, including servers, power, heating and cooling, physical security, networking and storage. Customers provide the VM images (or use IaaS prebuilt images, if they prefer), and applications can run immediately from there.
IaaS also provides easy scalability. Onsite data centers typically have a six-month planning window to accommodate upgrades and maintenance. With IaaS, upgrades and maintenance may take only minutes.
As agencies migrate application servers to an IaaS environment, administrators must remember that they continue to run the data center. All of the usual responsibilities that factor into a well-run and secure facility still fall under the admin’s purview.
Take monitoring, for example. An IaaS service provider will try to keep a customer’s VMs running, but if a bug halts them (or an application quits unexpectedly) the owner must restart the machines or applications on their own.
That same responsibility exists for every other cloud-based infrastructure service, including backups, logging and load balancing, among others. Some IaaS providers will help with some of those tasks, usually as an add-on service, but the responsibility to keep machines running ultimately falls to the customer.
In some cases, IaaS add-on services may be sufficient to keep things working, but in other cases, specialized VMs may prove necessary.
For admins using a load-balancing configuration, for example, an IaaS provider could offer a usable service. For more complex activities such as specialized health checks, application optimization or URL rewriting, customers must bring their own load-balancing VM to handle those functions.
Running a data center itself provides IT managers with little cause for excitement or alarm.
The real work, and heart-palpitating stress, comes with servers that need to be patched, updated and synchronized at all times. IaaS can help with the data center, but not the palpitations, as customers must patch, update and manage everything in the data center themselves.
Some IT managers seek IaaS service providers that offer both data center and value-added services, such as systems management. While that may sound nice, vendors can easily lock in customers.
For agencies looking to outsource the headaches of systems management and security configuration, nearly any IaaS provider can handle the job. Spending budget allocations wisely through outsourcing and cloud adoption may mean managing two different contracts, but it may represent the smarter choice for most agencies.
Google, Microsoft and IBM are the largest IaaS providers. Together, they control a significant portion of the IaaS business, and they run it more like a utility. That gives the user the best price and reduces the barrier to changing service providers. Users who want more services need to explore other options.
High availability is a good example. IaaS providers ensure reliable storage and regular system availability, but only within their center. When a server goes down, customers must engineer their own high-availability structure.
There are many things to consider when implementing a cloud-first policy or evaluating IaaS. While data center services continue to grow, agencies must prepare to grow with them and, ultimately, free themselves to focus on their underlying mission.