One year after the release of the Biden administration's National Cybersecurity Strategy, federal agencies continue to mature their IT architectures to comply with enhanced standards for cloud modernization. Fortunately, these new federal mandates for previously recommended guidelines are pushing agencies in the direction they should be going anyway: more optimization that allows for stronger performance and better cost control. cloud infrastructure.
As the name suggests, the primary purpose of the National Cybersecurity Strategy is to strengthen cybersecurity across the government. However, these new rules also have a direct impact on how you modernize and configure your cloud architecture. For example, cloud infrastructure that enables this will need to support more robust digital identity solutions to foster a “secure and efficient digital economy.” As another example, new regulations for IoT governance require greater traceability and control of sensors and other devices, including better automated systems for patching and upgrades.
These and other obligations will continue to be on their to-do lists for years to come, as federal cloud development teams seek to evolve their architectures to become more agile, interconnected, and automated. It will be shaped. While some government agencies are choosing to modernize by relying on hybrid environments, such as cloud-native networks that work with on-premises storage and compute architectures, they are already making significant strides in moving assets to the cloud. Some institutions have achieved this.
For example, the Defense Logistics Agency recently moved the majority of its assets to the cloud, leaving only two applications on-premises.
No matter the specific IT environment, transformation is imperative to ensure compliance, security, observability, maximum return on investment and efficiency when government agencies transfer data and applications to and from the cloud. Of course, this is easier said than done. First, traditional standards and practices must be blended with modern components to ensure that all systems can communicate effectively.
There also needs to be more consensus across government on zero trust, a key element of the strategy, which can vary in focus domains and level of centralization across agencies.
Additionally, cost control remains an issue, especially given the number of strategic shifts that public and private organizations have driven to rapidly adapt to remote work scenarios, especially during the frenzied pandemic era. For example, consider the impact of doubling infrastructure costs for an application whose front end is moved to the cloud but whose back end remains on-premises.
Ensuring compliance with the right strategy
Solving the above challenges requires cloud modernization teams to conduct thorough research and planning from both a performance and cost perspective. Best methodologies employ a cloud-first approach to software development, data organization, and application refactoring. This occurs regardless of whether these activities occur in the cloud or on-premises, and regardless of the direction of migration between these destinations.
To support such an approach, agencies must ensure strong data standards, auditing, and availability across their IT assets. And he thoroughly uses his DevOps techniques for containers, microservices, and other cloud-natives, not only in the cloud but also on-premises, with support from his SaaS provider, MSP, or other third-party partners. It is necessary to utilize it effectively. Additionally, following the planning and implementation stages he can increase his odds of success by adopting four key priorities.
— Adopt a results-oriented mindset. Conduct a thorough analysis involving both technical and domain experts to clarify the desired outcome of your modernization task and work toward that outcome using only the data and tools necessary to achieve that outcome. Design.
— Strengthen open standards and interoperability. No single technology can solve all problems. This emphasizes interoperability between multiple best-of-breed technologies. Open standards and common protocols for ITSM, log management, patching, and other critical functions are essential to achieving this interoperability.
— Take a direction-agnostic approach to migration. The cost management example above emphasizes that migration is not a one-way journey to the cloud. Streamline your IT investments based on the best candidates to solve your performance, security, and cost issues, including cloud, on-premises, and third-party SaaS and MSP vendors.
— Make sure your automation is based on knowledge management. Automating applications and functions without applying proper business context to the underlying processes can limit the effectiveness of tools at scale. Ensure knowledge management is part of the process by involving domain experts to validate business context before automating and scaling.
Cloud adoption requirements under the National Cybersecurity Strategy provide a significant opportunity for federal agencies to optimize their cloud configurations to comply with the mandate. While every government agency must customize its approach to its unique environment and mission goals, a strong modernization strategy provides greater visibility and control across all IT assets, processes, and systems. Ensure compliance.
Lee Koepping is a Principal Engineer at ScienceLogic Public Sector.
