Page 87 - Cyber Defense eMagazine September 2023
P. 87

Adopting a Cloud Smart Mindset

            Cloud Smart offers specific guidance and recommendations to identify what workloads should  – and
            should not – be migrated to different types of cloud environments – public, private, hybrid, multi, or near
            cloud.

            It lays the framework for government IT modernization because it gives agencies the guidelines and
            choice for how to upgrade their infrastructures. With the explosion in data collected from the data center
            to  the  edge,  the  push  for  stronger  cybersecurity,  and  the  need  to  tap  into  the  power  of  emerging
            technologies like artificial intelligence, agencies must shift their mindsets. Moving from Cloud First to the
            holistic Cloud Smart approach to modernize their infrastructures effectively will allow them to innovate
            new solutions.

            The architects of Cloud Smart outlined three fundamental pillars of success for cloud migration: security,
            procurement, and skills. These pillars are key in helping agencies achieve the Cloud Smart strategy.
            Agencies need to align the pillars to tools and services that are available today to achieve the goals of
            the strategy.




            Security

            Data management is complicated under a Cloud First mindset. Apps built for one cloud environment may
            not work properly in another part of the environment, leaving them vulnerable to cyberattacks. Accessing
            data that may live in different places at different times becomes challenging when implementing zero
            trust. Canceling a hyperscaler contract that is intertwined in a hybrid cloud infrastructure is extremely
            difficult, leaving agencies at the mercy of that hyperscaler’s security policies.

            To solve these security issues, agencies can look at near-cloud solutions that include an outsourced
            physical data center that connects with other cloud providers. Companies that offer near-cloud solutions
            maintain an agency’s data sovereignty while enabling the agency to maintain oversight, management,
            and security of the hybrid cloud infrastructure.
            Near-cloud environments typically use predictive analytics tools to monitor for threats across the hybrid
            cloud environment, as well as swift mitigation tools to support quick recovery in case of a breach at any
            place within the hybrid cloud.

            Agencies  can  benefit  by  looking  beyond  cloud  solutions  that  are  already  FedRAMP  certified  to  find
            products that are FedRAMP compliant. Industry can shoulder the cost burden of certification, so agency
            choice need not be limited to certified products.



            Procurement

            Cloud procurement should be approached by looking at workloads, not destinations. That way, agencies
            are basing cloud procurement on the consumption required to meet the specific needs of each workload
            rather  than  a  cloud  solution  to  place  all  workloads.  Agencies  can  realize  cost  savings  on  cloud




            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          87
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   82   83   84   85   86   87   88   89   90   91   92