DoD Cloud Exchange: Splunk’s Bill Wright on transformation challenges

“All too often, we discuss the benefits without the proper dose of reality,” said Bill Wright, senior director for North American government affairs at Splunk. Speaking, Wright added, “And the fact is digital transformation is hard. It’s hard, but it’s necessary.”

It’s necessary because the military is racing to reestablish its offset over rivals, Wright said at Federal News Network’s second annual DoD Cloud Exchange. Given the importance of cyberspace and information dominance, that pursuit demands an updated approach to information technology.

“The DoD stands at a critical juncture where adopting cloud capabilities — and doing it at speed and at scale — is essential if we are as a nation are going to maintain our military advantage,” Wright said.

Drilling down into the cloud piece of digital transformation, Wright said that among the top challenges he sees DoD organizations dealing with is managing a multi-cloud, hybrid environment. With microservices and containerized applications distributed across the enterprise, Wright said, agencies need the ability to cut through what he called a noisy environment. In that way they can detect and troubleshoot incidences quickly.

Whether because of a lack of asset visibility or an ever-expanding attack surface, “it’s difficult to secure a multi-cloud environment,” Wright said.

Cybersecurity: It’s all about data

Wright characterized the challenges of managing and security in a hybrid, multi-cloud environment as primarily a data problem.

“Government agencies, especially Department of Defense agencies, are creating more data than ever before,” he said. “And all too often, they maybe fail to capitalize on the valuable information that they’re collecting. What can be gleaned from this data?”

Yet data analysis capabilities are crucial for Defense agencies “to truly modernize their IT infrastructure and enhance security,” Wright added. Useful analysis is a technical issue, in that agencies need the tools to deliver the total visibility and the data analytics they need. And it’s a human capital issue, as the government competes with the private sector for people with the right data science and cybersecurity skills.

For all its challenges, digital transformation using a multi-cloud, hybrid approach has significant benefits, Wright said.

“What we’re hearing from our customers, including DoD, is that they’re always looking for three things: flexibility, agility and cost savings. And that, in a nutshell, is the value proposition of a multi-cloud strategy,” he said.”

Pandemic showed value of digital transformation

“A cogent well-thought-out cloud strategy will allow you to move quickly, be adaptive, innovate faster,” Wright said. “I think we saw a lot of this during the early days of the pandemic. Those agencies that leveraged cloud fared far better scaling and staying up and available for citizen services.”

The same tools and strategies agencies use for visibility into cyberthreats are also useful for other technical issues. They can help agencies foresee problems potentially leading to downtime. They can also give what Wright called “more granular transparency into costs, usage and capacity” to control cloud costs.

Moreover, a multi-cloud strategy also enhances the national security mission, he said. “It can be much more difficult for an adversary to take down digital services, if those services are distributed across multiple clouds,” Wright said. “With this multi-cloud strategy, you can have a cloud in reserve as a fallback position if primary clouds are taken down. Again, that kind of redundancy, that kind of resilience, is increasingly important, especially in this current global threat environment.”

IT practitioners in DoD have an emerging new policy framework under which to pursue and drive transformation. Wright cited the new DoD cybersecurity initiative for continuous monitoring of commercial clouds.

Beyond monitoring, he noted, the policy enables continuous authorization to operate (cATO). The use of cATOs “is an improvement upon the risk management framework that was sort of its predecessor,” he said, calling it “a great step from being on a passive footing to a more proactive approach to cybersecurity.”

To listen to and watch all the sessions from the 2022 Federal News Network DoD Cloud Exchange, go to the event page.