Cloud utility models: What federal agencies need to know
- By Greg Kushto
- Sep 28, 2017
When it comes to cloud adoption, federal agencies continue to lag behind the corporate world, where cloud computing passed the point of ubiquity some time back. It’s no wonder, as federal IT teams face constant challenges -- excessive workloads, staff shortages, limited resources, compliance issues -- all of which come part and parcel with miles of bureaucratic red tape.
Even so, federal agencies are gradually warming up to and embracing cloud benefits -- the opportunities presented by containerization, the scalability and the potential for nearly loss-proof data storage, for instance. One way or another, the transition is happening, and agencies must prepare for the logistics. That includes cloud’s pay-as-you-go utility model, in which service is purchased according to need.
Eventually the cloud utility model will permeate the public space. But for now, roadblocks still exist, and the biggest one is mental: We need to approach the utility model with a different mindset.
Cloud security: Myth vs. reality
When transitioning any system in the federal space, the first consideration should always be security. In terms of IT, federal agencies sometimes become trapped in an "if it ain’t broke don’t fix it" mentality. This often stems from a fear of the unknown -- especially with cloud. Making the change usually means moving files and/or processes from a server in the next room to a data center potentially thousands of miles away.
While the transition can be complicated and risky, the concerns surrounding cloud security aren’t always based in reality. Yes, agencies should consider their risk tolerance. Yes, they should carefully determine which data and processes can be kept in the cloud. But the discussion shouldn’t be skewed by myths of the cloud as insecure, because that’s all they are: myths. Cloud providers have time and money to invest in security measures that federal agencies often can’t implement because of budgetary and regulatory constraints. Agencies get access to these benefits through the utility model, thus avoiding massive up-front costs.
Agencies may have reservations about cloud storage for sensitive information, and that’s understandable. Undoubtedly, some files are too sensitive for anything short of an air-gapped, on-site storage system. But this shouldn’t disqualify other data. After all, much of the government’s data is public domain and thus not subject to strict security measures.
With utility comes scalability
Federal agencies cope with a fair amount of cognitive dissonance, particularly in terms of technology. On one hand, there’s a demonstrated desire to evolve and innovate. In addition to stiff competition for talent from the private sector, federal IT also faces endless threats from hackers unencumbered by bureaucracy, regulations and barriers to innovation.
At the same time, however, agencies face all the challenges that hackers and private-sector teams do not -- and then some. Of course, nothing paralyzes growth and innovation more than fear of the unknown and the complacency it can cause. And there’s no sharper example of this than the mindset around cloud.
In our current reality, agencies are used to buying hardware in bulk and clinging to it until regulations or system failures force change. And while many agencies might hope to retain existing solutions while scaling up, the high costs of scaling an on-site system make such a scenario almost impossible. With the cloud utility model, however, IT managers can scale their subscription to match their agency’s growth.
Keeping up with IT’s shifting landscape requires agencies to adapt their approaches. Forcing pioneering technologies into outmoded processes and vice versa is a battle lost before it begins. To capitalize on new systems, agencies must consider ceding some degree of ground to the new guard. Instead of just repackaging old processes, we must consider how new technology can enhance an agency’s mission, be it through cost savings, efficiency, security or otherwise.
The IT landscape relentlessly changes. We face constantly evolving threats, and agencies can’t afford to be outpaced. Meeting these challenges requires not only accepting the inevitable transition, but acting on it and embracing it. Whether for budgetary or compliance or security reasons, the time to prepare is now.
Greg Kushto is director of security and enterprise networking at Force 3.