The first step to overcoming cloud risks and challenges is understanding them.
Federal agencies face many challenges when modernizing their technology infrastructure, particularly when transitioning to the cloud. But those challenges are hardly insurmountable, and the fear surrounding cloud is largely unwarranted.
Whether it’s security, compliance or overall strategy, the first step to overcoming cloud risks and challenges is understanding them. Here are some of the most difficult obstacles that agencies should understand and address to limit risk during a cloud transition.
Security is the most significant barrier standing between federal agencies and cloud. The idea of allowing data to leave the confines of their own four walls makes many federal IT pros shudder. But it shouldn’t.
Although the underlying delivery platform for cloud is often significantly different than an on-premises solution, the security concepts are largely the same. Agencies should ensure that they account for these differences when developing the security program to include a public delivered cloud platform. They should evaluate cloud-appropriate security technologies and consider cloud access security brokers or identity and access management solutions that can help secure an off-premise, public or hybrid cloud solution.
Currently, there are fewer than 100 approved options in the FedRAMP Marketplace. Less than 10 meet high-impact Federal Information Security Management Act baselines. To broaden their options (and the FedRAMP market as a whole), agencies planning a cloud transition need to help guide would-be CSPs through the FedRAMP approval process.
For cloud service providers, the current approval process is both expensive and time-consuming. This limits the opportunity for smaller or newer companies to bring innovative, new solutions to the federal market. After all, gaining FedRAMP approval offers only the opportunity to enter the marketplace, with no guaranteed return on investment. The consequence? A less competitive, narrower spectrum of CSPs and limited access to innovative, cost-effective options.
Fortunately, the FedRAMP approval process is evolving. With faster approval times, more providers will join the marketplace to offer new choices.
As more vendors are brought on board, the increased competition will bring better value and higher quality solutions, giving agencies greater access to technologies that offer mission-critical capabilities, thus reducing risk and better supporting cloud transitions.
Strategy (or Lack Thereof)
If modernization is the goal, cloud adoption is simply one step toward it.
One of the most desired outcomes of modernization is the ability to move away from legacy IT structures that are difficult to scale to meet changing demands. The problem? Many mission-critical legacy applications aren’t easily transferred to cloud environments without a significant investment of time and resources. But with the ever-growing number of applications designed to perform many of the same tasks and workloads as their legacy counterparts, this challenge can be overcome.
Some legacy applications will remain indispensable. But there are many that could be traded for newer, more innovative applications that fulfill the same needs in an easier, cost-effective manner. The mere existence of these applications enables organizations to quit the business of application development and maintenance in favor of bigger-picture, strategy-oriented endeavors—including continued modernization efforts.
Sustainable Strategy, Successful Transition
No matter how thoroughly you address the risks and obstacles of a cloud transition, your approach must be practical and achievable to ensure long-term success.
Organizations must consider their existing resources to set reasonable expectations in terms of how quickly and completely they can make the cloud transition. For instance, those who can’t commit to a full public cloud transition might instead consider a hybrid cloud model that supports both a seamless public cloud integration and a private, on-premises data center.
With this approach, agencies need to explore solutions that enable security policy to easily extend from the private data center into the public cloud. Automation and simplified management become key when exploring these types of technologies.
Amid all the talk of risks and obstacles, what too easily gets lost is this: Cloud exists to make things easier, less expensive and more efficient. While the transition may require reframing how we think about IT solutions overall, the point is to make things less complicated, not more so.
Jason Parry is the vice president of client solutions at Force 3.