The North Star Your Cloud Strategy Needs
Published 02/25/2022
This blog was originally published by Booz Allen here.
Written by Delie Minaie, Booz Allen.
Orient cloud success around mission assurance
As IT leaders throughout the federal government look to guide their agencies toward enterprise-wide cloud maturity, they are met with endless choices regarding what services, technologies, and capabilities to invest in, and at what levels. Done with purpose, cloud can pave the way for tighter security, more efficient operations, seamless integration of new technologies, and agile footing across an enterprise. Done haphazardly, it can leave agencies with a new set of challenges that are just as formidable as those they experienced with on-premises IT.
With such a multitude of paths to take and choices to make, government CTOs and CIOs may find themselves grasping for a clear point of reference by which they can track the progress of their cloud journeys and assess whether their cloud strategies remain optimized to suit the particulars of their agencies.
By making mission assurance their "North Star," agency IT leaders can get their eyes above the maze of day-to-day technical details and focus on making decisions that positively impact what matters most to their organizations, their workforces, and the American people—mission delivery and outcomes.
“With a cloud vision founded on and led by the North Star of mission assurance, IT leaders can skirt the walls of the technical maze and get to work on the investments that make the biggest impact.”
4 Measures for High-Impact Cloud Strategies
During the past 2 years, agencies across the federal government have had to undergo flash transformation to meet critical needs. The ability to consistently deliver necessary capabilities amidst changing priorities and dynamic conditions, without disruption, has never felt more pressing. From distributing COVID-19 stimulus checks to, most recently, standing up a new website for all Americans to order at-home rapid antigen tests—cloud-enabled solutions helped accelerate critical capabilities and high-impact services. And that is exactly what we mean by mission assurance.
To orient your agency’s enterprise cloud strategy toward this North Star, start by considering—and measuring progress against the following questions:
1. Are you architected for fault tolerance?
With a distributed workforce and increasing mission complexity, resilient architectures are required for high-stakes and changing environments. This is especially important in multicloud environments, with technology and services entrusted to cloud partners and vendors. Organizations need to ensure their underlying cloud infrastructure is designed to withstand scenarios such as the outage of an entire availability zone or region—and they need to ensure there’s a trusted process for data replication and failover.
2. Do you have a strategy for shared services?
In an era of expanding missions and unpredictable budgets, “do more with less” has become a familiar refrain at most agencies. Technology leaders often respond with plans to modernize and enhance legacy applications, but that approach has a hard cap on what it can achieve. Lifting applications to the cloud eliminates the heavier, budget-hungry IT infrastructure that even modernized legacy systems require—but cloud services still need to be optimized and rightsized for the mission to effectively pay down technical debt. By applying an enterprise lens to cloud operations and centralizing critical security and operational functions through shared services, organizations can reduce facility costs, consume less electricity, free IT labor bandwidth, and repurpose planned redundancy costs for mission-focused activities (See Department of Treasury’s Workplace Community Cloud for an example of an approach to shared services in the cloud that has helped an agency check all of these boxes and then some.).
3. Are your systems more secure than before?
Enterprise-scale agency platforms can—and must—be designed to consume cloud securely. The major cloud service providers (CSP) have invested billions in security operations that agencies with a security-first mindset can take advantage of through architectures that automatically embed robust standardized authentication, hardened infrastructure, and a resilient interconnected data-center availability zone. But it can’t stop there. Missions of national importance maintain data sets that are targets for adversaries. The federal government’s strategy for zero trust architecture requires full agency coordination to design a cloud infrastructure in a manner that protects data while allowing for the integration of contemporary cloud-native practices.
4. Do you have more flexibility to meet changing demands?
Before cloud, the infrastructure to support disaster-resistant operational resiliency had to be in place, maintained, and paid for even when not in use. In practice, this meant that very few enterprises could afford the systems redundancy that truly resilient IT operations require. When properly implemented, cloud enables the swift provisioning and scaling of just-in-time infrastructure, so agencies can rapidly meet surge demands and scale out new services in minutes rather than months. In times of crisis, this is crucial. Throughout the pandemic in particular, agencies that have well-established cloud environments have been able to nimbly meet the unprecedented demand peaks created by a sudden and massive shift to digitally-based—rather than in-person—services.
Key Considerations for IT Leaders
An attentive focus on the measures noted above will help ensure that cloud at your agency is oriented around mission impact and resilience. But there are still some areas that IT leaders need to watch carefully to ensure that the return on cloud investments is maximized:
- Ensure that diverse stakeholders understand the vision. Moving operations to the cloud is a major achievement, but just being “in the cloud” isn’t enough to reap its greatest benefits. Agency IT leaders must align on an enterprise strategy with mission assurance at its heart and deliberately diffuse that vision among key stakeholders throughout the enterprise. Stand up working groups tasked with ensuring that requirements are fully captured, that stakeholders are properly informed and bought in, and that changes are made with careful consideration. Teams across the organization can then understand the “why” behind the journey and the increasing value it will empower them to unlock.
- Advance security operations toward a zero-trust framework. Perimeter-centric security is becoming less and less effective against increasingly sophisticated criminal and state-sponsored cyber attackers. In response, agencies need to continue embracing zero-trust network models, which take a “never trust and always verify” approach to webbing security throughout the network. From an operations perspective, organizations can start to integrate engineering and compliance teams to ensure compliance is built into the architecture from the foundation up, and that documentation keeps up with the latest architecture and security considerations.
- Operate with purpose across multiple clouds. Most organizations are operating in a multi-cloud state, but it takes intentional effort to ensure that investment in multiple CSPs is followed up with a collective focus on driving towards the desired future state in execution. For example, how do you use the right cloud for the right workload? How do you make sure all of your cloud services communicate with one another? By establishing enterprise governance across these environments and core connectivity between them, agencies can start to embrace multicloud scale, plus gain the comprehensive visibility across their cloud landscape to adapt and react in real time.
Guided by the right vision, enterprise cloud enables increased agility, high-velocity innovation, and advanced security. With a cloud vision founded on and led by the North Star of mission assurance, IT leaders can skirt the walls of the technical maze and get to work on the investments that make the biggest impact.
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024