The Defense Department’s new Joint Enterprise Defense Infrastructure (JEDI) contract, which would move the DOD’s entire cloud ecosystem to a single public cloud provider, has attracted significant attention in recent weeks.
At first glance, consolidating multiple clouds seems like a good idea that would streamline services. However, for an organization as large as the DOD, with tens of thousands of applications, millions of endpoint devices and an incredibly diverse and challenging operation environment, a single cloud is not a realistic path forward.
Instead, government agencies should be investing in a multicloud strategy that leverages the strengths of both public and private clouds to achieve better security, flexibility and cost savings for the American taxpayer.
According to the General Services Administration, today’s average cloud user operates as many as six different clouds that are distributed across multiple geographies and combine both public and private clouds.
To successfully manage a multicloud environment like this, agencies need to have complete visibility of their network and they must react quickly to possible threats. One of the best ways to achieve this is by integrating automation tools throughout their multicloud environment.
Automation Allows Agencies to Secure Multiple Clouds
Automation helps implement high-level security policies that can be difficult to manually apply across an entire organization and multiple clouds. With automation, you can immediately update and deploy new security policies across a network, which would typically take a team of programmers weeks or months to do. Detailed security policies can be automatically generated and deployed across firewalls, switches and other components, whether they are managed in-house or through a cloud provider.
Another way that automation can help is by improving response actions. Some government agencies have sensors that detect malware or denial of service attacks, but humans are still manually sharing these threat reports.
Automating the process of detecting and responding to threats is essential to defeating sophisticated cyber adversaries. Information can be automatically fed into the appropriate systems to develop threat response actions.
When a red flag emerges, the system can parse the data and automatically create and deploy the necessary countermeasures to combat the threat. Likewise, after the threat has been countered, automation can speed recovery actions such as deploying patches and even reinstalling an entire data center without human intervention.
Machine intelligence can be an essential tool in defending against malware attacks. Historical data can be used to predict and respond to impending attacks. The more data a system compiles over time, the more intelligent that system becomes and the better it gets at preventing an intrusion.
Automation helps administrators analyze their files and applications for potential dangers, regardless of where that information resides. It also helps to isolate unknown malware and render security policies in real time to avoid potential damage.
Further, automation will help to achieve better end-to-end security across the data center, campus, branch and the cloud. This lowers the risk of distributed denial of service attacks, allows for greater innovation, improves reliability and increases flexibility for agencies to quickly scale services up or down based on need.
As the federal government slowly moves legacy systems to multiple clouds, agencies will need to adopt strategies that unify and secure these systems by integrating automation throughout their networks. Most government agencies are too big to operate a single homogeneous cloud capable of providing all the applications that an organization needs. Instead, they will need to operate a mosaic of public and even private clouds.