3 things the federal government can learn from private sector IT

Across the private sector, early cloud adopters are repatriating existing cloud investments to on-premises resources to optimize costs, performance and security of various application workloads.

Federal agencies are doing likewise, as the Cloud Smart and Data Center Optimization Initiatives pave the way for a fully cloud-savvy Federal IT enterprise. According to Nutanix’s 2019 Enterprise Cloud Index (ECI), 85% of organizations are planning to shift their investments to hybrid cloud architectures and 73% are moving apps from the cloud back to on-premises infrastructures.

Three key data points from the survey can serve as a blueprint to adopt and/or adapt to determine the IT consumption model that best serves their needs:

Federal agencies will not get out of the ‘business of IT’ even with the cloud

There is a frequently used soundbite that moving to the cloud gets agencies out of the IT management and/or data center business, but the reality is so different from that ideal. Following government mandates to move more workflows to the cloud, many viewed the cloud as a panacea for data storage, management and agility. But plenty of IT upkeep comes with cloud management, and can’t be turned over wholesale to third parties to own like a utility provider.

Advertisement

For example, IT security in the cloud still requires hefty personnel and expertise to continuously monitor for security threats and vulnerabilities. While cloud service providers can include security measures to protect customer assets, security remains a shared responsibility.

Not all workloads are better off in the cloud

Enough investments have been made to demonstrate that the best benefits of the cloud are more applicable to some workloads than others. One prominent case from industry shows this is when Dropbox moved a majority of its data from public cloud to data centers in 2016, a move which reduced operational expenses by $74.6 million over the last two years. Many federal agencies are likewise repatriating data and workloads to private cloud or on-premises data centers, and the Dropbox example highlights one of the key ways this can benefit any organization that optimizes their use of cloud.

Dynamic workloads that require a lot of IT infrastructure resources for limited periods of time (or seasonally) are great candidates for the public cloud. It’s not practical to own, operate, and manage infrastructure that only really serves its purpose once or twice a year. The public cloud is a great option to cover the gap during those seasonal spikes. On the other hand, there’s no need to pay a premium to run highly static and predictable workloads in the public cloud. In this case, ownership has significant advantages.

Enterprises and agencies alike are looking to cloud computing to help support digital transformation goals, but both sectors are recognizing that the cloud is not a one-way ticket out of the data center business.

FedRAMP is only the start for cloud security

According to the ECI, and most anyone you will talk to, security remains the biggest factor impacting organizations’ future cloud strategies, with 60% of respondents reporting that the state of security among clouds would have the biggest influence on their cloud deployment plans going forward. Similarly, cloud security remains a top concern for government agencies.

While security protocols like FedRAMP are important certifications, they are not the end of the journey, and security overtrust can be damaging. Beyond relying too heavily on certifications, cloud-related breaches are often linked to human error and poor governance. One of the highest profile cloud security breaches ever, which exposed personal information of more than 100 million people, was determined to be the result of improperly configuring a firewall. It can’t be emphasized enough — security is a shared responsibility for both vendor and customer, and FedRAMP is a great starting point for that, but not a complete solution.

As organizations across all industries look to reevaluate their cloud investments, learning from the successes of past repatriation efforts is a great place to start. There is not a one-size-fits-all approach to housing any organization’s data and workloads. Maintaining and consistently surveilling data will reduce risks, improve cost efficiency and allow organizations to make better informed decisions, regardless of where the data is stored. Looking to the past successes and failures of the private sector can help federal organizations determine the safest and most efficient place for data across an organization and ultimately set them up for success as technologies continue to evolve.

Dan Fallon is the senior director, public sector systems engineers at Nutanix.