“…for the Federal Government, cloud computing holds tremendous potential to deliver public value by increasing operational efficiency and responding faster to constituent needs.”
A decade ago, the Office of Management and Budget (OMB) announced its shift to a “Cloud First” strategy, to make its IT infrastructure more cost effective, faster and more flexible for the federal government. The goal was to reduce the federal government’s data center footprint by one third by 2015. Although much progress has been made in the last 10 years, the federal government’s overall usage of cloud computing lags significantly behind the private and state and local government sectors.
Federal IT managers have expressed concerns over cloud environments, primarily related to three issues: security, executing a cloud migration, and a lack of skilled staff to manage a cloud environment.
Security: NIST, FISMA, FIPS, FedRAMP, ITAR, STIG, SRG, IL2, IL4, IL5, IL6, CJIS, HIPAA, CMMC
While the above may look like alphabet soup to some, simply put, those letters all add up to a very foundational need in computing: governments require specific standards of security and compliance. These requirements vary by organization and are shaped by workload as well as data classification/protection. The types of data, while not classified, can include personal identifiable information (PII), controlled but unclassified information (CUI), and covered defense information (CDI) which could impact national security.
In spite of all of these concerns, public and government cloud workloads are predicted to have 60 percent fewer security incidents than those in traditional on premises private clouds as well as data centers. A well-architected cloud migration will encrypt data in transit, authenticate access to cloud-based applications, provide around-the-clock monitoring, and support intrusion detection. The larger three Cloud Service Providers (CSPs), Amazon Web Services (AWS), Microsoft, and Google invest billions annually into the security of their cloud computing platforms. Simply put, no single Federal government agency has the budget, specific to security, to equal that of the industry leading CSPs.
Moreover, cloud services offer governments the ability to secure and automate the repeatable tasks and activities reducing the overall amount of human intervention, human errors, thereby allowing personnel to focus on higher value tasks which support their mission(s). This virtually eliminates the data and processing errors humans introduce which can weaken an overall security posture and cause unintended service interruption.
Migration: Knowing the path
The federal government issued a Cloud First mandate, but without a clear path on how to implement it because “it depends”. Many agencies don’t know how to begin a cloud migration, and state and local governments often lack the internal resources to take on the task.
But agencies don’t have much choice these days other than to jump in, since cloud computing offers many benefits at a scale they just don’t have within their budgets to provide their users on premises. The rapid shift to remote, working in response to the global pandemic, only exacerbates the need for the flexibility and access the cloud provides. To help agencies get started, Red River has developed a Cloud Delivery Framework. The Red River Cloud Delivery Framework consists of 4 phases:
- Perform a capital expenditure investments assessment and analysis as well as timing of contracts as compared to your cloud journey roadmap. This should include hardware contracts, software contracts, and the associated maintenance contracts.
- Operational expenditure investments as well as the timing of contracts as compared to your cloud journey roadmap. Does your organization have the skilled workforce needed and if not, how do you create a workforce training and certification strategy as well as successfully implement it?
- Perform an automated assessment, over a 30+ day timeframe, to include complete inventory of assets deployed to make sure you know what’s there and are discovering any “shadow IT”
- Consider your level of cloud integration, whether it’s a simple “lift and shift” or will require more comprehensive application refactoring – Lift “Tinker” Shift, re-platforming, or drop and shop (SaaS)
- Establish a mitigation plan in case of service disruption or loss of data availability, including a strategy for backup, recovery, and business continuity of operations
- Define the migration plan, timeline, and milestones. This should include rollback plans should
- Track performance of the migration against defined milestones
- Review lessons learned per milestone and mature the migration process as needed
- Ensure your workforce is trained, certified, and ready to evolve their positions for the cloud environment(s) leveraging the power of cloud, automation, and focus on higher value tasks
- Have a plan for 24x7x365 sustained support of your cloud environment with Managed Services
The best solution is to partner with a knowledgeable company who has the past experience, and CSP competencies to ensure your cloud transformation is successful. You’ll want one who has experience in both migrations and government cloud environments. They can give you a clear-eyed assessment of what you need in your cloud environment, which CSP platform features best meet your organization’s requirements, and plan your migration to prevent any downtime or data loss.
No commercial cloud and government cloud are 100% identical. One provider’s commercial cloud may be feature rich with tons of documentation to get you started where the Government cloud capabilities are generally a scaled back set of IaaS, PaaS, SaaS features/functions. You’ll find in government clouds the services available are documented at a high level but the more you dig in the commercial documentation on how to perform tasks won’t work in the government clouds. This is where it is key to partner with a cloud services company who has the knowledge, experience, and recognition from the Cloud Service Providers by way of competencies. Each CSP has a means of formally auditing cloud services companies. This includes a list of requirements, detailed past performance system documentations outlining validated customer cloud projects. These audits often have stringent requirements around following a Well Architected Framework for delivery execution of cloud migrations as well has maintaining a list of highly certified technical staff. We are seeing more and more commercial customers, who have government contracts, migrate to the Government clouds in order to meet contractual obligations.
Managing the Cloud Environment: Bring in experts.
This one is relatively simple: outsource your cloud management. As an example, the Department of Defense was not founded to run data centers. They were brought to life in order to protect the homeland, our freedoms, and our interests abroad as a nation. As budgets for IT continue to shrink within the government it makes sense to get back to the “mission” of the organization and remove excess costs which divert funds from the “mission”. Look for a managed service provider with experience in the federal government and its compliance requirements, as well as in cloud managed services, specifically. Monitoring and managing cloud demands specific resources, and it is likely that you need a different set of IT professionals to manage your day-to-day and drive technology innovation around the clock all year long.
A cloud managed service provider can:
- Insert the right amount of automation to successfully manage your IT needs
- Address increased continuous governance and continuous compliance demands
- Defend against internal and external security threats
- Keep pace with process and technology innovation
- Keep an eye on and report cost optimization within your cloud environments to control “cloud cost runaway”
Today’s public agencies have more data and larger distributed workloads, and both are continuing to grow exponentially. Government cloud managed services can help manage those workloads, while streamlining processes, analyzing data, supporting remote work and delivering citizen services. The benefits of government cloud far outweigh maintaining the status quo on premises.
Red River holds the AWS Government Competency, AWS GovCloud (US) Service Delivery Program Skill, AWS CloudFormation (Infrastructure as Code) Service Delivery Program Skill, the EC2 on Microsoft Windows Service Delivery Program Skill, and is an accredited AWS Managed Services Provider Partner. From Microsoft, we hold the Gold Cloud Platform Competency, Gold Cloud Productivity Competency, Gold Small and Midmarket Cloud Solutions Competency, Gold Application Development Competency, and the Silver Security Competency. We are a Google Cloud Platform Reseller. Red River has 25 years of experience providing technology to the federal government.