The government’s approach to cloud technology has changed dramatically in the years between the 2010 Federal Cloud Computing Strategy, known as Cloud First, and the 2019 Cloud Smart Strategy. The first policy pushed agencies to consider cloud technologies before others, while the second offers actionable advice on how to deploy the technology. Today, 81% of federal agencies use more than one cloud platform, according to a MeriTalk survey. Because of its inherent flexibility and scalability, cloud technology played a key role in agencies’ response to the pandemic and their ability to shift employees to remote work. Now government leaders recognize that multi-cloud environments are crucial for ensuring resiliency during a crisis. The Cloud Smart Strategy explicitly references hybrid and multi-cloud environments as essential tools for improving mission outcomes and service delivery. Despite the benefits of multi-cloud environments, they can present management challenges for many agencies, such as difficulty migrating mission-critical legacy apps to the cloud or ensuring the interoperability of products and services from multiple vendors. In a recent survey of FCW readers, security was the biggest challenge to managing a cloud ecosystem, cited by 74% of respondents. The Cloud Smart Strategy makes it clear that cloud technology has become indispensable to government agencies but adopting hybrid and multi-cloud requires thoughtfulness and planning; read the latest insights from industry thought leaders in Carahsoft’s Innovation in Government® report on multi-cloud.
“Multi-cloud environments offer agencies the opportunity to go beyond simply managing data to analyzing it for valuable insights and better decision-making. Cloud technology was created to deal with the exponential increase in data collection and the increasing demands for storage. In other words, cloud was developed to handle big-data challenges. Furthermore, cloud technology offers tremendous opportunities for agencies to off-load some monotonous day-to-day IT management tasks in favor of higher-level activities. If there are only a handful of people in an agency’s IT organization, they could spend all their time creating new storage clusters and provisioning that storage as data collection increases. If an agency can leverage the automation that comes with cloud to store and replicate data and then make sure that data is backed up and protected, the agency can enable those individuals to focus on true data analysis, data science and data discovery.”
Read more insights from Google’s Cloud Engineering Manager, Sean Maday.
“Many government agencies have started to build software factories to reduce security risks and greatly improve the innovation cycle. If not implemented well, however, they can increase security risks, especially when each program or project builds its own software factory. Instead of creating more software factories, agencies should move toward centralizing software build environments and rationalizing duplicative processes that can be used for both legacy and modern application development teams regardless of their development methodology. They should strive to standardize all tooling for agile/DevSecOps, create enterprise services that support development teams, and establish policies that monitor for insider threat and eliminate risks during software development.”
Read more insights from MFGS’s Public Sector CTO, David Wray, and CTO for Alliances and Partners, Kevin Hansen.
“A multi-cloud approach can be a double-edged sword, with benefits and risks. When agencies have access to a cloud environment, it’s easy for them to spin up new compute resources or storage solutions. But this flexibility opens up risks in terms of performance and security. Even when an agency is working with public cloud service providers, it’s the agency’s responsibility to make sure its resources are configured properly. Many data leakage incidents in the cloud are the result of a configuration issue. Furthermore, in a multi-cloud environment, technologies are created independently of one another and won’t always work well together. Agencies must make sure they have the appropriate visibility across multi-cloud environments and on-premises systems so they can understand and manage all aspects of their IT systems. This includes controlling costs and decommissioning purpose-built cloud resources when they are no longer needed.”
Read more insights from SolarWinds’s Group Vice President for Product, Brandon Shopp.
“Agencies need to understand the business goals for a particular cloud-based application or workload and then make decisions about the best architectural approach. They also need a comprehensive security model that’s architecturally coherent from a deployment and operations perspective. The model should take into consideration the entire life cycle of applications as agencies modernize into the cloud. By combining the security and compliance aspects of modernization with a coherent IT architecture, agencies can drive down costs for managing those applications in the cloud. The cost savings can allow agencies to fund further modernization efforts or conduct research and development activities around core workloads or advanced capabilities such as artificial intelligence.”
Read more insights from Microsoft Federal’s CTO, Jason Payne.
“In the early days, cloud storage was designed to be “cheap and deep” — a place to inexpensively store data without worrying about capacity. At the time, cloud could not compete with on-premises storage in terms of access speeds. Thanks to technological advances in the past several years, however, data is as quickly accessible and available in the cloud as it is via on-premises systems. As a result, the number of applications that are eligible for cloud storage has increased dramatically, and cloud has become a primary storage option for enterprises. Beyond backing up data, agencies can use live applications in the cloud for video surveillance or active archiving, for example.”
Read more insights from Wasabi Technologies’ Senior Director of Product Marketing, David Boland.
“Many agencies are using cloud the way they used non-cloud data centers 15 or 20 years ago. But instead of customizing their cloud environments, they should use tools like Terraform, Juju or Pulumi to create, deploy and manage infrastructure as code on any cloud and then enable automation and orchestration in their cloud platforms. In addition to using predetermined, software-defined configurations for cloud deployments, agencies should develop a more strategic approach to funding their multi-cloud environments. Agencies should also take a fresh look at their cloud funding models. Beyond the total cost of ownership, they need to reevaluate how they pay for cloud products and services. They can choose to treat that spending as a capital expenditure (CapEx), which typically has a higher cost of ownership, or as an operational expense (OpEx).”
Read more insights from Dell Technologies’ Cloud Technologist, Patrick Thomas.
“Custom code is arguably the root cause of most IT challenges in government. For example, the Alliance for Digital Innovation, of which Salesforce is a member, released a study that found the federal government could have saved $345 billion over 25 years if it had embraced commercial technology rather than building systems from scratch. In order to improve customer service and reduce their dependency on custom solutions, agencies should implement a multi-cloud strategy that is not solely based on rehosting and refactoring applications on infrastructure solutions. Agencies need to make sure they adopt a mix of software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). And they should consider low-code options within the SaaS and PaaS categories to limit their reliance on custom solutions.”
Read more insights from Salesforce’s Regional Vice President, Public-Sector Digital Strategy, Christopher Radich.
“By constantly monitoring compliance, agencies ensure that the cloud environment is safe and productive. In other words, their data is protected and their employees have the ability to use that data to perform their jobs and achieve mission goals. In addition, monitoring compliance and resource optimization is the key to ensuring uptime and appropriate capacity, as well as answering questions about costs. Agencies need to understand how they’re running and operating cloud applications and then make sure they’re applying the right framework for managing security policies. Furthermore, flexibility and efficiency are central benefits of a multi-cloud environment. Moving on-premises software into such an environment typically requires a complete re-architecting of those applications.”
Read more insights from SAP National Security Services’s CSO, Brian Paget.
“In most agencies, it’s impossible for any person to get an understanding of all traffic flows and behavior. Agencies need access to normalized data presented in easy-to-consume visuals to ensure compliance, reduce outages and prevent incidents. Similarly, multi-cloud environments incorporate a wide variety of services and products, and it is essential to have a unified view that links what’s in the cloud (or clouds) and what’s on premises. A digital twin can supply that single source of truth and ensure that applications are readable across clouds and on-premises systems and that the network’s security posture is not being invalidated. And just as robust GPS apps will find the most efficient path, a digital twin knows all the possibilities and can answer agencies’ questions about the most efficient, secure and cost-effective way to route cloud activities.”
Read more insights from Forward Networks’s Technical Solutions Architect, Scot Wilson.
Download the full Innovation in Government® report for more insights from these government multi-cloud thought leaders and additional industry research from FCW.