A year removed from the delivery of the Biden Administration’s National Cybersecurity Strategy, federal agencies continue working to mature their IT architectures to comply with enhanced standards for cloud modernization. Fortunately, these new federal mandates on what had previously been recommended guidelines are driving agencies in a direction they should be going anyway – toward more optimized cloud infrastructures that enable stronger performance and better cost management.
As the name implies, the National Cybersecurity Strategy’s main objective is to enhance cybersecurity across the government. However, these new rules also directly affect how cloud architectures should be modernized and configured. For example, cloud infrastructures capable of doing so must support more robust digital identity solutions to foster a “safe and efficient digital economy.” As another example, new regulations for IoT governance require more traceability and control for sensors and other devices, including better automated systems for patching and upgrades.
RELATED
These and other imperatives will shape the to-do list of federal cloud development teams for years to come as they seek to evolve their architectures to be more agile, interconnected, and automated. While some agencies choose to modernize by relying on hybrid environments, like cloud-native networks working with storage and compute architectures on-prem, others have already made major progress moving assets to the cloud.
For instance, the Defense Logistics Agency has moved the majority of its assets to the cloud in recent years, leaving just two applications on-prem.
Whatever the specific IT landscape, the transformation imperative is for agencies to ensure compliance, security, observability and maximum return on investment and efficiency as they transfer data and applications to and from the cloud. Of course, this is easier said than done. At the outset, there’s a need to blend legacy standards and practices with modern components to ensure all systems can communicate effectively.
There’s also a need for more government-wide consensus on zero trust – a lynchpin element of the strategy whose standards can vary in domain focus and level of centralization, depending on the agency.
Additionally, cost management remains an issue, especially given the number of under strategized migrations that public and private sector organizations pursued in the frenzied pandemic era to adapt to remote work scenarios quickly. Consider the impact of double infrastructure costs for an application whose front end was moved to the cloud, with the back end left back on-prem, for instance.
Ensuring compliance with the right strategy
Solving the above challenges requires cloud modernization teams to conduct thorough research and planning from both a performance and cost standpoint. The best methodologies embrace a cloud-first approach to software developement, data organization and application refactoring – regardless of whether these activities are happening in the cloud or on-prem, and regardless of which direction a migration may be going between these destinations.
To support such an approach, agencies must ensure strong data standards, auditing and availability across the IT estate; and they should thoroughly utilize containers, microservices and other cloud native DevOps techniques– not just in the cloud, but also on prem and even with support from SaaS providers, MSPs or other third-party partners. Furthermore, the odds of success can be increased by embracing four key priorities in the planning and implementation phases:
— Adopt an outcome-focused mindset: Conduct thorough analysis that includes both technical and domain specialists to clarify the desired outcome of a modernization task, and then architect toward that outcome with only the data and tools that are necessary to achieve it.
— Enforce open standards and interoperability: No single technology solves every problem. This places a premium on interoperability across multiple best-of-breed technologies. Open standards and common protocols for ITSM, log management, patching and other critical functions are essential to enabling this interoperability.
— Take a direction-agnostic approach to migration: The cost management examples mentioned previously underscore that migration is not a one-way street into the cloud. Rationalize the IT investment based on whichever destination – cloud, on prem or a third-party SaaS or MSP vendor – is the best candidate to resolve an issue with performance, security or cost.
— Ensure automation is grounded in knowledge management: Automating an application or function without adequate business context applied to the underlying processes can limit the tool’s effectiveness at scale. Ensure knowledge management is part of the process by looping in domain experts and validating the business context before automation and scaling.
The cloud adoption requirements stemming from the National Cybersecurity Strategy provide federal agencies an important opportunity to optimize their cloud configurations as they work to align with mandates. While every agency must customize its approach to suit its unique environment and mission objectives, a strong modernization strategy can ensure compliance through better visibility and management across all IT assets, processes and systems.
Lee Koepping is Chief Technologist, Public Sector at ScienceLogic