Page 87 - Cyber Defense eMagazine September 2023
P. 87
Adopting a Cloud Smart Mindset
Cloud Smart offers specific guidance and recommendations to identify what workloads should – and
should not – be migrated to different types of cloud environments – public, private, hybrid, multi, or near
cloud.
It lays the framework for government IT modernization because it gives agencies the guidelines and
choice for how to upgrade their infrastructures. With the explosion in data collected from the data center
to the edge, the push for stronger cybersecurity, and the need to tap into the power of emerging
technologies like artificial intelligence, agencies must shift their mindsets. Moving from Cloud First to the
holistic Cloud Smart approach to modernize their infrastructures effectively will allow them to innovate
new solutions.
The architects of Cloud Smart outlined three fundamental pillars of success for cloud migration: security,
procurement, and skills. These pillars are key in helping agencies achieve the Cloud Smart strategy.
Agencies need to align the pillars to tools and services that are available today to achieve the goals of
the strategy.
Security
Data management is complicated under a Cloud First mindset. Apps built for one cloud environment may
not work properly in another part of the environment, leaving them vulnerable to cyberattacks. Accessing
data that may live in different places at different times becomes challenging when implementing zero
trust. Canceling a hyperscaler contract that is intertwined in a hybrid cloud infrastructure is extremely
difficult, leaving agencies at the mercy of that hyperscaler’s security policies.
To solve these security issues, agencies can look at near-cloud solutions that include an outsourced
physical data center that connects with other cloud providers. Companies that offer near-cloud solutions
maintain an agency’s data sovereignty while enabling the agency to maintain oversight, management,
and security of the hybrid cloud infrastructure.
Near-cloud environments typically use predictive analytics tools to monitor for threats across the hybrid
cloud environment, as well as swift mitigation tools to support quick recovery in case of a breach at any
place within the hybrid cloud.
Agencies can benefit by looking beyond cloud solutions that are already FedRAMP certified to find
products that are FedRAMP compliant. Industry can shoulder the cost burden of certification, so agency
choice need not be limited to certified products.
Procurement
Cloud procurement should be approached by looking at workloads, not destinations. That way, agencies
are basing cloud procurement on the consumption required to meet the specific needs of each workload
rather than a cloud solution to place all workloads. Agencies can realize cost savings on cloud
Cyber Defense eMagazine – September 2023 Edition 87
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.