National security agencies are slowly coming around to take more advantage of cloud services to improve mission effectiveness.
Whether it’s the U.S. Marshal Service trying to take maximum advantage of software-as-a-service to rebuild and redesign mission systems, or how cloud plays a central role in the FBI’s Criminal Justice Information Services’ four-piece IT monetization strategy, which has a goal of moving at least 90% of all systems to the cloud, the current state of cloud in the national security community is growing.
And it’s just the beginning, said Tom Moore, the chief cloud architect and engineer for the federal civilian division at GDIT.
“Agencies are transitioning out of managing infrastructure, and in favor of adopting managed cloud services. Trust in public cloud is growing and more agencies are moving core mission systems to the cloud,” Moore said on Federal News Network’s Cloud Exchange. “This is happening in stages with low risk applications moving first, as they build cloud foundation capabilities and build confidence in those capabilities, and then move higher risk applications to the cloud.”
This idea of managed services isn’t necessarily new. Agencies have turned to industry or other federal partners for shared services for decades. But Moore said the idea of having someone else manage your network and data infrastructure is a new path for many agencies.
Moore said several factors are driving this move toward managed services. First, he said it’s the velocity of change that cloud services provide. Second, he said it’s the ability to take advantage of economies of scale to save money or reduce costs. And finally, he said agencies will benefit from the automation that comes from managed services to make it easier to move into DevSecOps and agile development methodologies.
“The business is really catching up to it is agile ways, and velocity and requests for evolving products and features is growing. In response, automation is used by platform and DevOps teams to build, test and deploy workloads to the cloud and new features are demanded by the increasing agile business,” Moore said. “As agencies move more workloads to the public cloud, the monthly cloud service bills continue to grow and get more complex. In large, multi-cloud organizations, automation is required to really ingest all of these bills and deliver actionable information, to really drive accountability and continuous optimization of those workloads.”
Moore said to make managed services in the cloud work best agencies should consider developing a different approach to governance, which balances compliant agile delivery with a self-service catalog.
“Ideally, each item in the catalog should be built with a well-architected framework and reference pattern and utilize policy-based guardrails, all with cost optimized design, and security compliance baked in,” he said. “Cloud also requires a different capacity planning, forecasting and budgeting model, and often requires application code refactoring, infrastructure architecture changes to address these cloud differences in deliver cloud value.”
The model built around the idea of planning, forecasting and budgeting for cloud services is known as FinOps or cloud financial management. The goal of using a FinOps approach is to bring financial accountability to the unpredictability of cloud services, which then lets mission owners make decisions about speed, cost and quality.
“The practice of FinOps really helps address some of these culture and governance challenges to ensure cost optimization upfront with continual monitoring and optimization over the life of a product,” Moore said. “FinOps promotes this continuous lifecycle of monitoring and optimization of cloud services and helps detect unexpected spending, spending trends and especially if there are unexpected anomalies, you can detect those before you get budget overruns. This partnership really ensures that value delivered meets the business expectation while aligning the spend with actual usage.”
Moore added the use of FinOps requires a partnership between the CFO and CIO organizations because technical engineers and architects are in the “driver’s seat of budgets because as they’re adjusting how they’re delivering applications and agile ways since cloud is predominantly on demand billing. As they’re making those changes, it’s impacting your bill.”
He said that is why agencies need continuous monitoring and automation.
Another tool Moore said agencies and private sector organizations are using to improve mission success is Chaos Engineering. This approach helps agencies build more resilient critical systems to address unknown and unexpected events and improve the intelligence and system performance and service level monitoring to counter attacks and various types of system disruptions.
“Chaos Engineering is looking at critical systems holistically, and really looking at what are the potential things that could go wrong, and really testing your design and its resiliency, perhaps in new ways. It’s really stressing that you go beyond your traditional ways. You might try and test your environment and really think about your high availability architecture in new ways. The idea here is you want your critical applications to be sustaining their availability and capabilities,” he said. “Chaos engineering is really helping agencies learn to use artificial intelligence and predictive analytics to help detect these early symptoms of potential service disruptions, and to trigger automated responses to mitigate the disruption and maintain system availability.”
All of these efforts from managed services to FinOps to Chaos Engineering help to create a foundation for agencies to deliver better mission capabilities more securely.
Moore said there are several things agencies can do to accelerate the use of these tools, including creating a cloud center of excellence to centralize expertise and address broad governance challenges.
“This capability is really essential to identify, prioritize and implement these critical cloud foundation capabilities in areas such as cybersecurity, networking, operations and cloud financial management. To future proof these capabilities, the trend is to adopt cloud native architectures, like microservices and managed services like Kubernetes to really harness the innovation being provided by cloud service providers,” he said. “Agencies are transforming their data centers into edge locations by bringing public cloud infrastructure into their on premise and colocation facilities, technologies like AWS outposts and Azure Stack, which gives them this common control plane to really deliver managed infrastructure-as-a-service and platform-as-a-service capabilities.”