As agencies continue to further down the digital transformation path, they are finding among their biggest challenges the need to integrate and manage enterprise data.
Over the last decade, agencies have realized how important data is to drive mission successes and outcomes.
But without an enterprise data management strategy, agencies can struggle to take advantage of their data to make decisions and improve services.
The good news is the tools and technologies are better than a decade ago and are continually improving. The use of cloud services and better cybersecurity capabilities are helping agencies meet the long-held goals of secure information sharing.
Jay Fohs, the senior customer advocate for financial and healthcare agencies at Veritas, said for many public facing applications, the easy button is software-as-a-service (SaaS).
“A lot of applications that are used by agencies are somewhat common. You’ll look at your human resources, your payroll, some of your e-discovery, those type of things are very common throughout a lot of the agencies. If you put the responsibility right on the cloud provider, with that SaaS architecture, it does relieve a good amount of burden on the IT organization,” Fohs said on the discussion Innovation in Government sponsored by Carahsoft. “I think they want to focus more on some of the mission critical applications that drives services to the consumer. Those are the things that we see them trying to focus on a little bit more.”
At the same time, not every application can be moved to the cloud and digitally transformed. This is why Fohs said as agencies continue to develop their modernization plans, they need to consider two critical factors: Security of the data and the criticality of the application itself to the mission.
“Federal agencies need to ask what is their risk factor for taking this application from their data center where they manage it and are responsible for it, and giving it to somebody else?” he said. “When you look at cloud providers and a lot of the native tools that they provide, how well do they do from an availability standpoint? Those tools could be coming from a lot of different place so how are those infrastructures secure?”
What is driving modernization efforts?
That cybersecurity challenge will continue to drive a lot of the modernization decisions.
Fohs said public and private sector organizations continue to be concerned about the ever-changing cyber threat environment. He said agencies want more details about how cloud providers are developing their in-depth and protection strategies.
“We have to ensure that we maintain a specific level of security within our own rights, so that our customers are confident that there are no vulnerabilities there,” he said. “There’s so many different solutions and capabilities out there from a lot of different security vendors, it becomes challenging. Where do you prioritize that in- depth defense aspect of securing your data?”
Part of that in-depth cyber strategy is knowing your data and ensuring you can be resilient when a cyber incident does happen.
Fohs said agencies should rely more than ever on technologies such as encrypted data at rest, snapshotting and/or deduplication, and replication to ensure they can recover from an attack.
“It’s very critical that you look at the way that data protection solution is architected. Zero trust is a component of a framework,” he said. “When we talk about developing applications or utilizing tools that meet zero trust, there’s some common questions and some common variables that you should ask your vendors. It’s more important now than ever that as the data protection vendor or a storage vendor that you’re paying attention to that threat vector. If they can infiltrate your data protection system, and you don’t have a resilient platform to recover your data, game over.”
Understanding cost is key
A big consideration that underlies the second critical factor that drives modernization, the criticality of the application itself to the mission, is the cost to move it to the cloud.
Agencies have come to realize over the last decade that cloud services aren’t always cheaper, but do provide better services at the same cost.
“It’s very difficult to estimate the amount of resources you will need. It’s challenging sometimes to understand your ingress and your egress costs as it relates to your applications. Those are really, really important things moving forward,” Fohs said. “There are tools out there to help you plan that as well. Within today’s cloud provider world, you should be able to use resources when you need them and let them go when you don’t. You should understand, most importantly, the shared responsibility models with the cloud providers. I think that’s critical.”