5 ways the public cloud can go wrong for DOD agencies
Governments around the world are taking a leap into the cloud. New deployments are popping up every day, in large part because the cloud model has the potential to help agencies save on infrastructure and storage costs, pay “on-demand” for the services they use and access computing resources from any location.
But listing the benefits is easy. The real challenge is evaluating whether a cloud solution can provide these advantages while still meeting the unique privacy, security and compliance needs of large and complex government agencies.
This is especially true for the Defense Department, which has gone on record about seeking a balanced approach to cloud computing, ensuring that key concerns such as security remain a top priority during the transition.
As defense agencies embrace cloud computing, many are finding that cloud solutions deemed good enough for consumers can’t handle their unique requirements. So here are a five things to think about when evaluating whether a cloud solution is truly ready to support your mission.
1. Total cost of ownership
We all love low sticker prices, but determining the total cost of ownership (TCO) of an enterprise cloud solution is far more complex. To do this, it is important to think big picture. There are long-term costs around accessibility, device support, interoperability and scalability that have to be factored into ROI considerations. If a consumer cloud solution doesn’t come equipped with enterprise-level tools, it will have to be supplemented with expensive third-party “add-ons,” which increases complexity while negatively affecting your agency’s bottom line.
Say a defense agency just bought a consumer cloud productivity solution that doesn’t allow it to encrypt messages, sort e-mail or designate a file as confidential. Now that agency has to go shopping for those capabilities. It’s like entering a Smart Car into a NASCAR race. Even though the sticker price was great, after you replace the engine, modify the body, buy new tires and slap on a new paint job, you end up spending more than Dale Earnhardt Jr. spent on his car.
And because your car was patched together, and not built for this type of race from the start, you’re less confident in your prospects for success.
2. Security and privacy
Most of us use cloud-based e-mail applications for our personal mail, and as much as we care about our privacy and data security, our concerns pale in comparison to the highest level security requirements of defense agencies. These organizations are responsible for protecting highly sensitive information that directly affects our national security and economic stability. Security certifications are important, but there are other factors to consider as well. In defense agencies, IT leaders typically start with one very important question: Where is my data located? Data location matters. Does it stay in the U.S.? Who has access? What other data lives in that environment?
It’s also important to remember that all data isn’t created equal. Some types of information are more sensitive, which is why many defense agencies operate mixed or “hybrid” IT infrastructures consisting of both cloud and on-premise resources. For example, a defense agency may want e-mail and collaboration in the cloud, but financial or classified mission data on-premise. This requires a solution capable of offering both options and integrating the two environments to simplify usability and management.
There shouldn’t be a penalty for moving to the cloud. Defense agencies shouldn’t have to sacrifice functionality to take advantage of cloud computing. They should be able to enjoy the same innovative tools and capabilities they’ve come to expect from their traditional on-premise software in both connected and disconnected network environments.
As DOD expands its cloud portfolio beyond e-mail to include collaboration (such as chat, document collaboration and video conferencing), Web hosting, and enterprise resource planning (ERP) solutions, there can’t be a decline in functionality. A guarantee of functionality will involve thorough testing and deploying pilots.
4. Records compliance
In the cloud, records should never be lost in translation. Important documents must remain consistent as they move in and out of the cloud. That’s particularly critical for defense agencies, where official documents are essential to daily operations.
Some cloud offerings do not maintain such data integrity, and can potentially disrupt formats, discard data or removing key features like watermarks. Considering the volume of sensitive intelligence reports managed by defense employees on a daily basis, this information is too important for record inconsistencies. That goes for archiving and data retention policies as well. Regulations put forth by the Government Records Act, the E-Government Act of 2002 and National Archives and Records Administration must be observed in the cloud just as they are in any other environment.
Defense agencies need confidence that their cloud provider is there when they have product questions, experience service disruptions or are ready to upgrade to a new service. This comes in the form of customer support, service-level agreements and product road maps.
Complex defense enterprises can’t have their personnel spending time searching the Internet for information on how to use a certain cloud-based tool. They need access to experts who are available and accessible 24/7. Guaranteed uptime and robust SLAs are paramount for defense agencies, which can’t afford to be without mission-critical computing resources for extended periods of time.
And lastly, defense agencies should demand clear product road maps in order to know where their cloud solution is headed. Enterprise-ready cloud solutions should have a long-term vision and coherent development process that matches defense needs and risk tolerance.
Look before you leap into the cloud, because not all “best of breed” solutions are created to support the needs of defense environments. Evaluate which applications are good targets for the cloud by looking at the sensitivity of the data the application maintains, and then map your risk tolerance to the cloud providers security features and deployment model that best meets your needs (public, private and hybrid).
Conducting the right research on the front end will prevent any hidden surprises, helping you choose the best solution for your agency’s unique mission.