With Cloud Smart Policy, Agencies Should Focus on ‘Limiting the Limitations’
Nearly a decade after the Office of Management and Budget issued its Cloud First policy for IT programs, federal agencies are now being guided to an approach known as Cloud Smart, reflecting an updated strategy when it comes to cloud implementation.
Federal agencies are no doubt still digesting the finalized version of Cloud Smart released by the White House in June, but this much is clear: Cloud Smart will impact how agencies evaluate which cloud adoption paths to pursue and how they go about doing so. More than that, Cloud Smart positions agencies with the flexibility to not only choose the path mapped to their needs but also to maintain and move data and applications across multiple cloud and on-premises environments.
To fully benefit from the tools, knowledge and flexibility Cloud Smart can enable, it is valuable to understand how it differs from the preceding policy, emerging challenges agencies face in their move to the cloud, and what agencies should look for when evaluating cloud solution providers.
MORE FROM FEDTECH: Find out how data fragmentation can limit cloud benefits.
Cloud Smart vs. Cloud First Policy
OMB aligned Cloud Smart with three interrelated areas to drive cloud adoption: modernizing security policies to focus on risk-based decision-making, automation and moving protections closer to data; improving the ability of agencies to procure cloud solutions through repeatable practices and sharing knowledge; and having the ability to upskill, retrain and recruit key workforce talent for cybersecurity, acquisition and cloud engineering.
The push toward Cloud Smart is in part due to a sense that over the past decade, Cloud First gradually became synonymous with “cloud only.” To be clear, Cloud Smart remains committed to accelerating agency adoption of cloud-based solutions, but OMB recognizes that “agencies should assess their requirements and seek the environments and solutions, cloud or otherwise, that best enable them to achieve their mission goals while being good stewards of taxpayer resources.”
OMB also notes that Cloud Smart operates on the principle that agencies should have the ability to evaluate options based on their service and mission needs, technical requirements, and existing policy limitations. Additionally, agencies need to evaluate long-term inefficiencies that might result from migrating applications as is into cloud environments relative to the costs of modernizing in advance or replacing the applications.
MORE FROM FEDTECH: Discover how CASBs and behavioral analysis can boost federal cloud security.
Feds Face Challenges in Implementing Cloud Smart
While Cloud Smart can translate into savings, security and accelerated access to services for agencies, maximizing the benefits of the updated policy requires that agencies first address key cloud adoption challenges:
Agencies need to know what they have. Before embarking on a path toward the cloud, agencies must first assess which applications and IT infrastructure should be migrated to which cloud or on-premises environment. Control over the deployment of new apps has largely been shifted away from traditional IT groups to new development groups. Often, these new groups prefer to go straight to the public cloud, where they get IT out of the way and have immediate, direct access to infrastructure resources, along with developer-friendly platform services. But on-premises development is not dead; it is not always practical to move legacy apps to a public cloud, and so we increasingly see “lift and shift” programs moving the other direction as well — going from public cloud to private cloud, at least in part.
In other words, the public cloud has led to uncontrolled resources proliferation — sprawl that can result in resource inefficiencies and increased costs if agencies can’t accurately assess what resources they have, where they are located and where they should reside (public, private, hybrid, on-premises).
Agencies must account for more data and mobility. Resource sprawl is matched today by data sprawl. With more endpoints and Internet of Things sensors and devices creating data, agencies are challenged like never before to quickly digest and extract meaning from these sources. Artificial intelligence and machine learning can help, but agencies still need to build industrial-strength infrastructure in the cloud and on-premises to field AI, machine learning and other resource-intensive capabilities.
_0.jpg)
Additionally, agencies must be able to move data seamlessly and securely between environments. The data needs to be portable, easily managed and flow between all endpoints so that agencies can avoid vendor lock-in. Seamless mobility goes hand in hand with the flexibility OMB envisions Cloud Smart enabling when it comes to moving data and applications.
Agencies still want security and control. Protecting data as it moves across cloud and on-premises environments is paramount. Yes, agencies seek the flexibility, scalability and increased collaboration of the cloud, but they also wonder how they will be able to maintain complete control over their data if they release it entirely to that environment. As OMB outlines, “Successfully managing cloud adoption risks requires collaboration between agency leadership, mission owners, technology practitioners, and governance bodies,” adding, “Cloud Smart encourages agencies to approach security and privacy in terms of intended outcomes and capabilities.”
MORE FROM FEDTECH: Best practices for refactoring apps and moving them to the cloud.
Cloud Solution Considerations for Agencies
There are several agency considerations for adopting a cloud solution that will meet current and future needs:
Find a solution that is standardized and easy to deploy. Look for a solution that has been battle-tested and proved across other government IT environments. In other words, don’t build a private cloud in your data center that uses proprietary technology. This may create more complexity for your agency and require additional training for employees. Instead, look for solutions that eliminate complexity, offer specialized training and require no heavy lifting.
Don’t buy a solution that only solves one-off issues. Choose a hybrid cloud solution that solves multiple problems instead of looking for a product to solve one problem. To get the most out of your solution, think broadly and consider how hybrid cloud can solve any infrastructure needs you have across the enterprise.
Apply controls to your hybrid cloud solution. You need controls to help manage each and every cloud workload and to ensure that the quality of services remains high for all of your applications and services. You need to identify a quality level of service that governs your hybrid cloud. For example, you need to have a minimum, maximum and burst control to ensure that any workload running in your hybrid cloud will not impact other services. Work with your vendor to determine if the solution allows you to allocate, manage and guarantee performance independently of capacity.
Choose a solution that meets current and future needs. Selecting an agile hybrid cloud solution ensures that the technology can adapt to meet your agency’s current and future needs. There are executive orders and programmatic and project changes that agencies have to adhere to, and they need flexible solutions that can support those efforts. Let’s say your agency closes a data center and needs to move resources from one facility to another location or to the public cloud; having an agile hybrid cloud infrastructure can enable those transitions and allow your agency to scale resources up or down. Independent scaling avoids costly and inefficient overprovisioning and simplifies capacity and performance planning.
Finally, if an agency has the experience and the workforce capacity to develop its own cloud, then it should. If not, it should decide what portions of its data management needs to be outsourced — and not look back. In the end, the difference between a successful cloud migration and a failed cloud migration has nothing to do with technology. For a migration to be successful, it must help fulfill the common vision for the organization and help improve its performance moving forward.
