“You need to stop questioning whether the cloud is secure. You’ve got to start questioning whether you know how to use it securely,” said Drew Firment, ch...
Federal agencies made large strides in cloud advancement during the COVID-19 pandemic. The time away from the office forced the government’s technology teams to take a hard look at how they were storing and sharing data.
Now, with the cancellation of the Defense Department’s JEDI contract in favor of the Joint Warfighting Cloud Capability to add additional cloud vendors, multicloud seems to be the new buzzword favored in Washington technology circles.
DoD noted when it nixed JEDI that it intended to push for a multicloud environment, and the Homeland Security Department and other departments are also pursuing a multicloud future for their component agencies too.
According to Gartner, around 75% of organizations that use the cloud deliberately now adopt a multicloud strategy, up from 49% in 2017. Most organizations use a mix of Amazon Web Services, Microsoft Azure and Google Cloud Platform.
But it may not be in an agency’s best interest to rush into the multicloud world just yet, advised Drew Firment, chief cloud strategist at Pluralsight.
“Unfortunately, we have a little bit of the tail wagging the dog with multicloud,” Firment said. “Doing one cloud is hard enough. There are a lot of differences in shared security models across the different cloud providers and differences in how agencies are going to manage costs associated with them.”
Plus, there’s the training aspect. It’s hard enough to get a team trained on one cloud, let alone multiple teams on multiple clouds, he said.
That doesn’t mean agencies should give up on their multicloud dreams, though.
Firment said the multicloud environment has plenty of benefits, but an agency needs to be mature enough in its cloud use and management to take advantage of them. That should be a main factor when expanding to use multiple cloud platforms, he recommended.
“I don’t necessarily think that it’s a very pragmatic decision for those that are in the early stages of cloud adoption,” he said. “My mantra is: Pick a cloud. Get good at it. Master it. Then, make informed decisions about how to leverage other cloud providers.”
Once an agency masters one cloud, it may find there are some gaps in service that need to be filled. At that point, it might make sense to look to apps or services available from other cloud providers, Firment said. But initially, there is no sense in buying a farm when you only need a plot of land, he added.
“The clear benefit for very mature organizations is the opportunity to leverage best of breed services for specific use cases,” he said. “From a software as a service perspective, that’s a lot easier. You don’t have to build the underlying infrastructure to be able to support SaaS. If I want ChatGPT from Microsoft or another particular app, that’s great, right? That’s pretty much software as a service.”
Firment said the best way to make an informed decision about multicloud is to become cloud smart and develop in-house expertise. Agencies should educate their technology teams on the offerings from AWS, Azure and GCP so they can choose the best approach for their mission needs.
In addition to ensuring their tech teams become peppered with cloud subject matter experts, agency IT leaders also need to better understand the security aspects of managing cloud services, Firment said.
“You need to stop questioning whether the cloud is secure. You’ve got to start questioning whether you know how to use it securely,” he said, adding that biggest cybersecurity issues result from vulnerabilities introduced through human error.
“It will be increasingly important for professionals to acquire expertise and skills with automation and orchestration tools — often tied to the concept of infrastructure as code with cloud computing services,” Firment said. “Leveraging automation in a multicloud environment can be used to increase the efficiency of the development process while also decreasing security risks often caused by manual configuration errors.”
There’s also the increased complexity of security to consider as the agency’s cloud infrastructure becomes more abstract through multicloud use. More cloud platforms and more providers increase an agency’s attack surface.
“You generally have that one pane of glass with one provider. Well, once you have multiple clouds that gets more complex,” Firment said, requiring a mature cloud team that can manage an advanced level of abstraction.
Agencies are currently relying heavily on third parties to provide the skilled workforce they need to handle multicloud environments.
Firment says agencies need to both train their employees and prepare the next generation for multicloud.
“But what is the best route for building this workforce? Can a new IT workforce with cloud skills be recruited and on-boarded, or should the existing federal IT workforce be upskilled and retrained to give them the cloud knowledge and skills that agencies need?” he said.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.