As agencies adopt multi- and hybrid-cloud environments, they should consider an as-a-service model with zero trust network access as their foundation for secure access.
The COVID-19 crisis is transforming Department of Defense operations as more employees access government networks remotely and data and applications are spread across data centers and the cloud. The pandemic has amplified the need to ensure both secure access and collaboration capabilities, as well as transparency across disparate data centers and cloud environments.
Shifting security from on-premises appliances to a cloud security-based model is the next critical step to maximize efficiencies while allowing users to connect to government networks from personal devices and services from any location.
I had the opportunity to speak with the Air Force’s Chief Transformation Officer Lauren Knausenberger at a virtual event in June about DOD’s progress in managing its cloud computing environment, Cloud One, which works with a zero trust framework and uses an enterprise infrastructure as a service with a pay-per-use scalable model.
“We're trying to lay that foundation so that we can rapidly onboard technologies, we can get capability to our warfighter, and we can do it at the speed of the mission,” Knausenberger said.
Through the Air Force’s renewed commitment to its Cloud First goal, it has increased efficiency and productivity. The entire workforce is now connected in Microsoft Office 365 and has a number of applications sitting in Cloud One. When the pandemic struck, the Air Force IT team ramped up 250,000 connections in two weeks, which allowed all employees to maintain connectivity. Alongside this work, the Air Force is refining its transactional path and deploying collaboration tools focused on improving the user experience.
As agencies plan their migration to hybrid cloud environments, there are key factors that should be considered, including cloud providers, utilization costs and secure access to resources in data centers and clouds in this new “work from anywhere” world.
First, agencies must determine the real costs associated with data management -- whether it is in the cloud or in their data center. They should aim to have the flexibility to move between clouds, calculate metering and provide self-service options to users or component divisions. This will take a deep educational push for all leaders as the IT cost center will have to evolve.
Enterprise IT as a service enables an agency to pay for just the amount of the service consumed, which reduces total cost of ownership. The trick is to only consume what the organization requires and restrict unnecessary usage.
Agencies should focus on simplifying the security architecture with an approach that is agile and scalable enough to support their current infrastructure architecture and shift to, or maintain, a hybrid cloud environment.
Second, they must adopt concepts that have been thrust into the limelight with the increasing number of data security breaches. The new buzzwords in the IT security world are “secure access service edge” and “zero-trust architecture.” Both change the focus of security from network-based to data-based, while realigning the security capabilities in a simplified architecture that’s in-line with the data’s necessary path. Agencies should secure access to the cloud with zero trust.
As the Air Force has improved transparency and secured its data and user access across clouds and data centers, Knausenberger said: “We now have a situation where folks are connected and can collaborate.… We have had some incredible connections made in the innovation space. People that did not previously know someone else was working on something, and they've been able to drive [innovation] incredibly quickly.”
Across DOD, agencies are recognizing that keeping pace with technology is likely a losing battle without offloading workloads to industry through as-a-service models. The Navy consolidated its IT infrastructure into the Navy-Marine Corps Intranet in 2001. The Army is in the midst of a two-year plan to move to enterprise IT as a service across three pilot programs, one of which will launch at nine different locations over three years.
As defense and civilian agencies adopt multi- and hybrid-cloud environments, they should consider an as-a-service model for many aspects of their environment with zero trust network access as their foundation for secure access. IT teams can move workloads between clouds for optimal performance and ensure visibility, security and an improved experience for all users.
NEXT STORY: DHS, DISA look to clouds for FOIA management