Finding the balance between modernization and security
- By Paul Parker
- Jun 19, 2018
With 2018 nearly half over, federal agencies should be well into checking off the various cloud migration activities outlined in the American Technology Council’s Federal IT Modernization Report. Low-risk cloud migration projects were given clearance to commence as of April 1, and security measures and risk assessments will take place throughout the rest of the year.
The challenge posed by the report is both striking and daunting. Agencies must remain aggressive with their cloud migration efforts, yet continue to enforce and report on security measures while undergoing a significant transition.
At the same time, federal IT professionals must take steps to ensure continuous availability so as not to lose productivity. As agencies proceed with their IT modernization efforts, they must do so with caution. Adopting a pair of policies that take traditional monitoring a step further can help them continue operating efficiently as they enter the new era spelled out in the ATC report.
Deep cloud monitoring
As a recent SolarWinds IT Trends survey indicates, hybrid IT and multicloud environments are becoming increasingly prevalent. Agencies are keeping some infrastructure and applications onsite while turning to different cloud providers, such as Amazon Web Services and Microsoft, for other types of workloads. This trend will likely continue as agencies modernize their IT systems and become more dependent on federally specific implementations of commercial cloud technologies, as called for in the report.
While a multicloud and hybrid IT approach offers numerous benefits, it also creates challenges. For example, “blind spots” can creep in as data passes back and forth between environments, making it difficult for federal IT professionals to keep track of data in these hybrid environments. In addition, trying to manage all the data while ensuring adequate controls are in place as it moves between cloud providers and agencies can be an enormously complex and challenging operation. It can be difficult to detect anomalies or flag potential problems.
To address these challenges, administrators should consider investing in platforms and strategies that provide deep network monitoring across both on-premises and cloud environments. They should have the same level of awareness and visibility into data that resides on AWS or Microsoft servers as they would on their own in-house network.
In short, being able to monitor their entire server and application footprint, regardless of where it exists, is essential. Doing this from a centralized viewpoint can minimize complexity, alleviating one of the primary concerns surrounding network modernization.
Deep email monitoring
In addition to focusing on overall network modernization, the ATC report specifically calls out the need for shared services. In particular, the report cites moving toward cloud-based email and collaboration tools as agencies attempt to replace duplicative legacy IT systems.
The Air Force is leading the charge here with its transition to Microsoft Office 365, but there are inherent dangers in even a seemingly simple migration to cloud email. Witness the damage done by recent Gmail, Yahoo! and Office 365 email outages, which caused hours of lost productivity and potentially cost organizations hundreds of millions of dollars. Lost email can also result in missed communications, which can be especially worrisome if those messages contain mission-critical and time-sensitive information.
Agencies should implement procedures that allow their teams to monitor email paths, system state and availability just as closely as they would any other applications operating in hybrid IT environments. Emails take different paths as they move between source and destination. Managers should closely monitor those to ensure that the information moves between hosted providers and on-premises networks without fail. This practice can help IT professionals better understand and monitor email service quality and performance to ensure continuous uptime.
Unlike these murky information pathways, the road toward IT modernization is now clearly marked, thanks to the efforts of the ATC. But as agency IT professionals tasked with managing modernization can attest, the fact that there is now a clear and direct map to modern, agile and efficient infrastructures does not necessarily make the journey any easier. Thorough strategies aimed at cloud and application or service (like email) monitoring can help agencies navigate potential hazards, and ensure seamless and safe modernization of federal information systems.
Paul Parker is chief technologist – Federal and National Government, SolarWinds.