The biggest pitfall agencies make in migrating to the cloud is attempting to have their inexperienced IT teams establish landing zones, when vendors can accomplish that more securely — and with scalability in mind.
IT teams may get a working implementation going, when the mandate comes down to moving some workloads in the cloud, but they typically fail to take advantage of all of the out-of-the-box features.
The situation is a lot like buying a prebuilt shed from Home Depot and realizing later you needed one with a foundation, insulation and windows; in no time, it’s full of hornets.
A Google Cloud, Amazon Web Services or Microsoft Azure environment built with ClickOps by a developer who has only a vague idea of what they’re trying to achieve is bound to lack some of the automation, templates, infrastructure as code (IAC), and policy and governance guardrails agencies will need down the road.
Click the banner below to accelerate automation with infrastructure as code.
Let Experience Drive Cloud Decision-Making
CDW Government implements cloud landing zones in a repeatable way by using templates and IAC to align with the cloud service provider’s best practices. For instance, Google has a template for the perfect deployment of a landing zone that inherits the agency’s controls and is easier to stand up than for an IT team to build.
That landing zone establishes policies that enable certain functionality and capabilities that serve as the metaphorical shed’s foundation. From there, CDW Government can identify what the agency is trying to accomplish and add additional features, services or platforms.
Vendor expertise is critical in this second, optional phase as well. For example, Google Cloud’s landing zone comes with more than 200 products to choose from — some with slight variations, such as better performance in containers — and only specialists will understand what’s in the agency’s best interest without needing to conduct a lot of research.
Even when an IT team gets something right (such as standing up a virtual machine to run 500 kilobytes of code whenever its website is called), the team may fail to realize the landing zone made the virtual machine unnecessary in the first place.
Click the banner below for the latest federal IT and cybersecurity insights.
Cloud Speeds Up Everything
Creating a cloud landing zone is a speedy affair when using IAC to execute scripts against Google Cloud, AWS or Azure. IT personnel need only select a few settings, and automation takes care of the rest without elongating the project timeline.
Agencies often take for granted that operating in the cloud speeds up everything, and landing zones remain a critical path for new projects to inherit the settings that ensure effective governance and cost management.
This visibility is essential to avoid teams using shadow cloud services and opening up the agency to security incidents down the road. All too often, a landing zone is established, and suddenly several “my first project” cloud endeavors appear.
Bad actors are constantly scanning the internet for unsecured services they can exploit, and agencies don’t want to be left footing the bill or, worse, dealing with a data breach.
Another benefit of having a landing zone to handle governance and security is IT personnel get time back they would have spent focusing on on-premises data and infrastructure, such as server expirations and hardware replacements.
