One year after the delivery of the Biden administration's National Cybersecurity Strategy, federal agencies continue to work to evolve their IT architectures to meet enhanced standards for cloud modernization. Fortunately, these new federal mandates on what were previously recommended guidelines are pushing agencies in the direction they should be going anyway — toward more optimized cloud infrastructures that enable stronger performance and better cost management.
As the name suggests, the main objective of the National Cybersecurity Strategy is to enhance cybersecurity across the government. However, these new rules also directly impact how cloud architectures are updated and configured. For example, cloud infrastructures capable of doing this must support more robust digital identity solutions to promote a “secure and efficient digital economy.” As another example, new regulations for managing the Internet of Things require more traceability and control for sensors and other devices, including better automated systems for patching and updating.
These and other imperatives will make up the to-do list of federal cloud development teams for years to come as they strive to evolve their architectures to be more agile, interconnected, and automated. While some agencies are choosing to modernize by relying on hybrid environments, such as cloud-native networks that work with on-premises storage and compute architectures, other agencies have already made significant progress moving assets to the cloud.
For example, the Defense Logistics Agency has moved the majority of its assets to the cloud in recent years, leaving only two on-premises applications.
Whatever the specific IT landscape, the transformation imperative is for agencies to ensure compliance, security, observability, maximum ROI, and efficiency as they move data and applications to and from the cloud. Of course, this is easier said than done. First, there is a need to blend legacy standards and practices with modern components to ensure that all systems can communicate effectively.
There is also a need for greater cross-government consensus on zero trust, a key element of the strategy whose parameters can vary in focus and level of centralization, depending on the agency.
Additionally, cost management remains an issue, especially given the number of non-strategic migrations public and private sector organizations have undertaken in the hectic pandemic era to adapt to remote work scenarios quickly. Consider the impact of dual infrastructure costs for an application whose front-end is moved to the cloud, leaving the back-end in place, for example.
Ensure compliance with the correct strategy
Solving the above challenges requires cloud modernization teams to conduct comprehensive research and planning from a performance and cost standpoint. The best methodologies take a cloud-first approach to developing software, organizing data, and rebuilding applications – regardless of whether these activities occur in the cloud or on-premise, and regardless of the direction in which the migration process between these destinations may go.
To support this approach, agencies must ensure strong data, audit and availability standards are in place across the IT sector; They must take full advantage of containers, microservices, and other cloud-native DevOps technologies – not just in the cloud, but also initially and even with support from SaaS providers, MSPs, or other third-party partners. Furthermore, the likelihood of success can be increased by adopting four key priorities in the planning and implementation phases:
– Adopt a results-focused mindset: Conduct a comprehensive analysis that includes both technical and field specialists to clarify the desired outcome of the modernization task, and then plan to achieve this outcome using only the data and tools necessary to achieve it.
Enforce open standards and interoperability: No single technology solves all problems. This places great importance on interoperability across many best-in-class technologies. Open standards and common protocols for ITSM, log and patch management, and other important functions are essential to enable this interoperability.
– Take an agnostic approach to migration: The cost management examples mentioned above emphasize that migration is not a one-way path to the cloud. Rationalizing your IT investment based on the destination – cloud, on-premises, a third-party SaaS vendor or MSP – is the best candidate for solving a performance, security, or cost issue.
– Ensure that automation is grounded in knowledge management: Automating an application or function without proper business context applied to the underlying processes can limit the effectiveness of the tool at scale. Ensure knowledge management is part of the process by bringing in domain experts and validating the business context before automating and scaling.
Cloud certification requirements emerging from the National Cybersecurity Strategy provide federal agencies with an important opportunity to improve their cloud configurations as they work to comply with mandates. While each agency must customize its approach to fit its unique environment and mission objectives, a strong modernization strategy can ensure compliance through better visibility and management across all IT assets, processes and systems.
Lee Copping is a senior public sector technologist at ScienceLogic
