4 emerging cloud trends transforming unstructured data management
- By Saimon Michelson
- Apr 28, 2021
The modernization of unstructured data management is central to government’s digital transformation initiatives. In this context, agencies are leveraging cloud technologies to streamline infrastructure management, enable secure data collaboration across locations and help ensure compliance.
Four primary trends are shaping data management modernization in government:
1. Transition from on-premises to multiple cloud options
Agencies have three options for cloud deployments: build a cloud environment in an on-premises data center, rely on infrastructure as a service (IaaS) or use a third-party data center provider certified by the Federal Risk and Authorization Management Program (FedRAMP).
The first option utilizes a traditional on-premises data center to build a private cloud with object storage solutions. Based on its classification, data is separated among discrete networks (e.g., NIPR, SIPR, Top Secret). Accordingly, each deployment of an application or service requires a separate instance for each network. From a design standpoint, data should reside in a centralized core, with extensions and replications of the data in field offices, at the tactical edge and on military platforms such as ships, for example. Such an edge-to-cloud design concept enables remote control and information sharing of data generated at the edge. For example, data collected on a ship can be shared with the core for data analysis.
The IaaS model is appropriate for small to mid-size agencies that lack the time, resources or expertise to host and manage infrastructure on their own. Many defense organizations, for example, leverage Defense Information Systems Agency as their cloud infrastructure provider for compute and storage services. However, IaaS should not come at the expense of security. This means using solutions that give cloud managers exclusive control over the encryption keys.
In the third option, agencies can enjoy full cloud capabilities without having to build and maintain the data center by leveraging third-party FedRAMP-certified service providers to support their missions. This not only saves time and money, but it also certifies that classified data is always protected. To ensure compliance, federal agencies should follow best practices to verify their entire stack -- from infrastructure to application -- is FedRAMP-certified.
2. Common data repository for unstructured data management
Unstructured data management has traditionally been predicated on the replication, presentation and protection of data. This has been facilitated by the logical separation of NIPR and SIPR networks, as well as encryption and other security measures mandated by FIPS 140-2 and FedRAMP standards, respectively.
The common data repository is revolutionizing the way agencies manage their unstructured data by providing secure access and presentation of data to anyone, anywhere on the globe. Leveraging an edge-to-core delivery model, the common data repository streamlines access control and data protection. Data created or updated at the edge is replicated to the core and then replicated out to the other edge caching locations. Users can work offline and sync files with the core as soon as they reconnect. Most importantly, this type of "fire-and-forget" repository enables multiple users to work collaboratively on the same data to support missions without having to manually synchronize data and supervise uploads.
3. Leveraging infrastructure as code to automate DevOps activities
As agencies adopt cloud architectures, they require faster and less expensive ways to deploy infrastructure and services across sites worldwide. Infrastructure as code is a template for ongoing configuration management that helps streamline the maintenance of large-scale, distributed systems. By supporting the automation of IT processes, IaC enables agencies to reuse code and manage definition files (using tools like Ansible and Terraform) for infrastructure just as they do for source code. For example, a few lines of code can be written to tick a checkbox across 50 system instances, or to create a replicated file-share across hundreds of remote edge sites.
Beyond speed, automation helps ensure compliance through timely patching processes, as well as ensuring consistent application delivery across the organization. Military organizations, for example, can leverage IaC to configure infrastructure for urgent missions. They can provide soldiers in the field with a technology stack that is deployed in an automated manner without snags or delays (even if the edge is disconnected from the core).
4. Securing cloud networks though a zero-trust approach
As agencies move to cloud networks supporting users at hundreds of edge locations, many are adopting a zero-trust approach for their infrastructure and applications. Addressing today's cyber threat landscape, zero-trust ensures every access attempt is verified regardless of the source.
Zero-trust cloud architectures improve upon on-premises network segmentation by not implicitly trusting any user. Moreover, the cloud introduces new constructs that help tighten control, such as identity management, granular rules for accessing a resource or enforcing information sharing between the application server and database. Agencies that are thinking about re-architecting for multicloud or moving to a DISA or FedRAMP model have a golden opportunity to incorporate solutions that support zero-trust to further strengthen their security posture beyond maintaining zero-trust and segmentation at the network level.
Saimon Michelson is field CTO for North America, CTERA.