Nearly every agency using commercial cloud computing does so in a multicloud fashion. They choose an array of cloud providers based on their different applications needs and on the services each particular cloud offers.
The result? Cloud computing quickly becomes complicated. An analytical application might run in the Google cloud, development environments in AWS and identity management systems in Microsoft Azure. An agency might have a customer relationship management application from one software as a service vendor, a financial system from another and, increasingly, data and applications residing in edge computing resources.
The reality of multicloud is that it’s “a giant mesh of things,” said Lakshmi Ashok, vice president of enterprise service management at Leidos. The challenge is staying on top of the security and governance challenges multicloud environments present, she said during the Federal News Network Cloud Exchange 2022.
Peter O’Donoghue, chief technology officer for the Leidos Civil Group, suggested that agencies think of cloud as a ubiquitous platform “upon which we can deploy machine learning algorithms, upon which we can now actually hook augmented reality, to have new perspectives and to be able to deliver our mission in ways that we never thought of before.”
Building on knowledge as you expand into multicloud
Agencies that have their first cloud instance likely have developed a deep understanding of that cloud and have specialized their tooling to ensure applications run properly, O’Donoghue said. But as they add layers of services from multiple clouds, “those big thinkings and big learnings now have to be abstracted because you’re not just using the single provider,” he said.
In multicloud, “you actually have to come up with a way to have observability, to be able to manage, to govern, to secure, to assure compliance, to assure cost effectiveness across a pretty diverse and heterogeneous environment,” O’Donoghue said.
One saving grace now, Ashok said, is that commercial cloud providers know their customers want interoperability as part of their cloud services. It’s also important, she said, to provide a single interface to agency staff and to constituents.
“I would also want the flexibility of saying, ‘I want to pick this cloud for this. I want to pick that cloud for that,’ ” Ashok said. “However, I want a standard user experience. I want to have single sign-on, for example, for multicloud. I want to be able to reach those services quickly and have a fast turnaround.”
The abstraction of diverse services must extend to the application developers the agency uses too, she said. That’s needed to give developers the widest choice of languages and tools.
Admittedly, managing multiple application programming interfaces and multiple infrastructure is a challenge, “but the most important challenge for me is inter-cloud data,” Ashok said. “How do you enable effective data transfer between clients?” That’s especially important because a single citizen-facing digital service might invoke resources from across the cloud mesh.
The most effective way to approach cloud complexity is from outside in — from the end user perspective, she advised. If dealing with customer experience, the question becomes how you ensure low latency and identity security. If dealing with internal staff such as developers, it’s how to let them pick and choose the services they want by abstracting the multiple clouds’ catalogs of services.
Gaining capabilities from automation in the cloud
Multicloud presents a rich set of services and capabilities, and one that’s constantly expanding and innovating. So “how do we tame multicloud?” O’Donoghue said.
Managing these increasingly complex environments includes not just keeping things running, given all the interdependencies, but also ensuring rapid new application development and deployment. Those activities have to sync with agencies’ development, security and operations (DevSecOps) programs and also their authorities to operate (ATOs), he noted.
“How you think about getting your ATO and your risk management framework adherence — taking your old wine and pouring it into the new bottle of cloud — can be very difficult,” O’Donoghue said.
The answer has three components:
Partnering with a systems integrator or managed service provider “to be able to assemble everything into a framework that is compliant, that government can understand and use, and to pay for and to be compliant with different regulations,” Ashok said. That can help ensure the agency’s mission needs are being met as well, she added.
Standing up “platforms where you’ve got a high focus on automation of service management,” O’Donoghue said. “That’s really, really important.” Automation can help establish what he called a smart service catalog to which an agency can add products that have been automatically vetted for governance, compliance and security in a kind of continuous stream, he explained.
Building in resiliency. “Cloud is very different from your regular data center,” Ashok said. It has regions, availability zones, multiple vendors and multiple services. That means “you have to carefully balance your application requirements to your architecture.”