The rapid shift to telework has affected federal agencies’ use of cloud technologies and tested their security posture in unprecedented ways. The Department of Defense in particular was especially challenged, as some of the services needed 10 times the number of available virtual private network seats in order to shift to remote work. Once they got enough capacity, the DoD followed the private sector trend of extensively using collaboration tools like Zoom, Slack, Microsoft Teams and Webex — the use of which has the more than doubled since January.
Predictably, as organizations use more cloud services, threat actors follow close behind with attempts to access accounts and exfiltrate data. According to the “Cloud Adoption and Risk Report: Work From Home Edition,” cloud threats within government rose by a whopping 773 percent.
All of this occurred while the DoD was in the midst of making a secure transition to cloud, which, for a large, complex enterprise like the department, has been anything but simple. It’s clear the DoD will continue to leverage cloud-native technologies from providers such as Amazon Web Services, Microsoft, Google and Oracle. What isn’t as clear is exactly how — or whether — the DoD will migrate the entire enterprise to the cloud in a multi-cloud model or architecture, or to retain some assets on premises in a hybrid cloud model.
Given the diverse needs of the Defense Department, an approach that provides the most flexibility and choice seems optimum.
Here is a perspective on both options, but first a word on terminology: Technically, “multi-cloud” is a subset of “hybrid cloud.” We’re using “multi-cloud environment” to mean that nothing is on premises.
Multi-cloud architecture
The DoD already operates in a multi-cloud environment comprised of both public and private clouds. During COVID-19 and even before, department IT staff needed to spin up new cloud assets to meet a variety of workforce requests. According to conversations with our customers, disparate clouds have been arriving more quickly than ever before, extending the DoD’s multi-cloud architecture.
Securing a multi-cloud architecture is challenging, as each cloud operates differently from the next, and there is no “one size fits all” way to implement security. One mission might be leveraging infrastructure in Google Cloud, while another wants to take advantage of its investments in AWS. Or a Navy mission using cloud infrastructure in Azure might want to share data with an Air Force mission that uses a custom mission app in the Oracle cloud, and they would want those collaborations to be secure.
In other words, the security needs to transfer between and among clouds as data and other assets are shared.
Hybrid-cloud architecture
If the security requirements are complicated for multi-cloud, they are even more so for a hybrid cloud environment, where some of the data, infrastructure, services and applications reside on premises.
However, the reality is that as much as a multi-cloud architecture might be technologically more attractive, and a little easier to scale, the multi-cloud option does not seem to be a practical choice for an enterprise like the DoD. While a command center at a headquarters operation might be perfectly suited to cloud architecture and services, individuals sent on reconnaissance missions could encounter bases that have only on-premises equipment, and limited or no bandwidth to enable cloud services. Their missions could be put at risk if they were not able to access the data they need because it’s hosted in a cloud to which they no longer have access.
There are also cases where an organization such as U.S. Special Operations Command would have logistical requirements such as managing day-to-day operations — moving supplies, running payroll, ordering tents — that could easily be met using cloud-based assets. At the same time, SOCOM or other organizations would also have more sensitive mission requirements such as specific location information and plans which they might choose to hold on premises. The department needs to be able to decide on a case-by-case basis, depending on mission.
But what of the DoD’s plans to modernize? Fortunately, even though hybrid cloud is an older architecture, it is now seeing a resurgence. The hybrid cloud market has the potential to grow by $67.62 billion, according to a recent analysis by Technavio. Additionally, the growing popularity of Kubernetes — an open-source tool for orchestrating containers that can span both on-premises and cloud-based architectures — has helped push hybrid cloud into the technological mainstream.
Securing a hybrid cloud environment is challenging, as the same robust security must reside on the device, in private clouds and in public clouds, as well as on all exchanges between and among them. The DoD needs a secure hybrid cloud environment built on an interoperable architecture with zero-trust principles so that they know data and missions will not be compromised, preserving the DoD’s need for flexibility as missions evolve, both during the current pandemic and well into the future.
Ken Kartsen is the senior vice president of the public sector for McAfee.
