Commercial cloud adoption by federal agencies has moved to a third phase: improving mission delivery. Initial cloud use centered on R&D and hosting software development. Then came the goal of reducing the government’s data center footprint.

Now, said Bob Ritchie, chief technology officer at SAIC, a growing number of agencies combine multi-cloud use with a development, security and operations (DevSecOps) framework to establish an iterative approach to modernizing their technology use.

“Agencies that adopt the cloud to drive mission outcomes are able to move up the stack to DevSecOps and then get to a data-centric security posture that leads to leveraging artificial intelligence,” Ritchie said. This occurs, he added, “even in sensitive enclaves of data and at different classification levels.”

Ritchie pointed to SAIC’s work on the Air Force Cloud One program, a multi-cloud environment designed to develop and host mission-specific applications.

“It really personifies how cloud is a journey, and cloud maturity and multi-cloud maturity is a journey,” he said. As a sort of value-added broker, SAIC helps the Air Force use Amazon Web Services, Microsoft Azure, Oracle and Google clouds, each for optimizing a specific application.

The effort started out as a Phase 2 initiative focusing on how the service could leverage cloud for more efficient and optimal business systems, such as human resources or financial management, Ritchie said. One goal for the service was to free up funding that it could then devote to “winning the next fight and staying on the competitive end of defending our nation,” he said.

Now, the original cloud services providers host the business applications, while more recent additions, such as Google Cloud Platform, host activities like AI development, Ritchie said. “That has allowed us to evolve from what used to be a web app–centered business cloud to, now, a full-scale weapon system–enabling cloud ecosystem.”

Where’s are federal cloud uses headed?

Ritchie said using the cloud as a data center will only get an agency so far in terms of efficiency and savings. More effective is reengineering and reprogramming natively in the cloud, using agile DevSecOps methodologies, he said. That tactic lets an organization introduce automation and AI to speed processes and aid decision-making, Ritchie said.

“Getting to a position of decision advantage is really where we see the commercial cloud space being leveraged to the fullest extent,” he said.

A growing challenge for agencies is managing multi-cloud so that agencies can get the most value out of an array of providers. Ritchie said SAIC has developed a set of services, Cloudscend, that can aid agencies in their multi-cloud maturity journeys. SAIC starts with an exploratory exercise to understand an agency’s cloud maturity, from the individual system or application level to sustained, automated operations in the cloud.

With that information, an agency can plot a journey of explore, migrate and operate, Ritchie said, which “is then underpinned by continuous security that helps drive rapid and continuous authorities to operate.”

Those authorizations to operate (ATOs) are no small matter. ATOs rank high on agencies’ concerns for cloud operations, he said. To squeeze time out of the ATO process, an IT group should ensure each iteration of an application inherits the security from its preceding ATO version, he advised.

A speedy and reliable ATO process in turn frees up an agency’s propensity to innovate, knowing new functions, applications and mission deliveries won’t get buried in ATO approvals, Ritchie added.

Reality sinks in: Cloud is not one size fits all

SAIC conducted a cloud survey of federal officials ranging from IT people doing migrations up to C suite managers overseeing policy and acquisition strategy. It showed that nearly three quarters of agencies already view themselves as multi-cloud users, Ritchie said.

The results “buoyed our confidence that agencies are starting to appreciate that it’s not one size fits all,” he said. “No one cloud provider is going to give them everything that meets their diverse mission. They need this kind of heterogeneous ecosystem.”

Still, only 30 percent of respondents said they’d reached a high level of cloud maturity with respect to DevSecOps, automation and cultural adoption. A chief issue? The range of cloud options coupled with the vast array of services available from each CSP. That produces analysis paralysis, Ritchie said.

“That ties directly to why we established the Cloudscend solution set. That exploratory and analytic phase is key to not only understanding where you’re at in terms of your IT portfolio and your data centric security posture, but also where do you need to go from a mission perspective so that all of your modernization and migration trends are all aimed at that north star.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.