Cloud computing discussions often focus on applications and data — and how to develop or optimize both for hosting in commercial clouds. But something less discussed is how the growth of cloud use has changed the way IT organizations must approach enterprise management.
“It changes in profound ways,” said Jason Rapalski, vice president and director for the digital modernization accelerator at Leidos, during Federal News Network’s DoD Cloud Exchange 2023.
Workloads and their associated security mechanisms have become increasingly portable, and agencies routinely move them from cloud to cloud, or from a data center to an edge computer.
“And when they move … this really changes a lot of things that you’ve got to think about,” Rapalski said.
He identified fives questions that IT teams must ask and answer:
How is governance going to be set up?
How is the agency going to manage its cloud environment?
Who’s going to take care of those resources?
How will configuration management across all these areas be handled?
What necessary security changes need to occur?
“One of the things that becomes very important to think about — that’s different from an on-premise environment — is the cost of the dynamic nature of the cloud,” Rapalski said.
Rapid scaling up of an application can also scale up cost, so “you need to able to plan for how you’re going to manage that cost,” he added.
Factoring in cyber, data management demands of cloud use
Maintaining cybersecurity policies and specific safeguards becomes of paramount concern for enterprise management, Rapalski said.
All elements of what might be called distributed enterprise management entail data gathering and analysis to understand what is going on continuously, he said. For security purposes, for example, managers would want to know how their tools are performing in the various subenvironments of the enterprise.
Enterprise management in the cloud era also extends to data, Rapalski said.
“When you’re contained in your data centers, it’s very easy to know where things are,” he said. “As you expand to multiple clouds, now you’ve got data going in many different places.”
Given that bureaus and offices may have acquired their own cloud services, agencies might find “certain centers of gravity have been established with their data that they hadn’t planned for,” Rapalski said. “You have to start thinking about different ways to plan for this, realizing that the movement of data can actually be one of your big cost factors.”
Baking in your enterprise management requirements
IT organizations must plan ahead to ensure workloads and security controls operate properly regardless of where they’re hosted. They must also ensure other technical policies, such as those for backup and recovery, stay in place.
“Having design plans and concepts for how you set up your cloud environments really helps,” Rapalski said. “You create concepts of secure landing zones to be able to build those things out with those policies already in place.” When policies and security mechanisms are attached to the workloads, authorities to operate will move with them. And you’re able to move them smoothly back in-house should the need arise.
Cloud enterprise management must encompass the wide area network, which now extends to intercloud communications.
It all adds up to the need to render applications into containerized micro services, Rapalski advised. Today, that’s possible because most cloud services providers offer Kubernetes.
A containerized approach gives an organization more manageable portability, he said. “You know that those environments are going to be consistent when you’re moving workloads from one cloud to the next cloud.”
By the same token, he added, it’s wise to avoid reliance on cloud native services unique to one provider because that can prevent full interoperability.
Two other elements help with enterprise management in multicloud infrastructures, Rapalski said.
One is what he called an enterprise visibility component, a service that lets the IT staff monitor the enterprise from a single dashboard. It should include financial operations “to be able to understand your costs and understand where different aspects of your environment are impacting cost. You need to know the cost to know whether or not something’s happening efficiently.”
The second is a federated authentication component to let the organization monitor who is logged onto which components of the enterprise. “This becomes really key as folks are looking toward zero trust,” Rapalski said.