ENTERPRISE VISIBILITY SPONSORED REPORT MONITORING AND MEASURING ARE CRITICAL FUNCTIONS
Are Hybrid Clouds the Answer?
As more federal agencies move to the cloud, the hybrid cloud model remains the most viable.
Software-as-a-Service product. That provides predictable pricing, freedom from licensing complexities and avoidance of development costs. An agency has to determine whether or not the SaaS can work consistently with government processes and policies.
From a service standpoint, agencies face a host of questions and decisions when it comes to planning and conducting cloud migrations. The Federal Risk and Authorization Management Program, or FedRAMP, has taken some of the risk out of medium-security applications
Cloud computing has clearly moved into the mainstream mix of federal information technology. For the last five years, White House policy for federal agencies has indeed been Cloud First.
which has done extensive work on cloud computing, agency cloud metrics revolve around three components of service. NIST calls service selection, service agreement and service verification the trifecta of cloud service.
The term “cloud first” was never precisely defined, but the Office of Management and Budget has made
it clear it wants agencies to use a rigorous decision-making process for migrating IT to cloud providers. It needs agency IT shops to shift their mindsets from assets to services.
Each of those three areas has an associated set of metrics. These
vary according to individual agency requirements, so there’s no single universal matrix. Still, the final service level agreement will govern whether or not an agency gets the type and quality of service it requires. So the decision process is significant.
This mode of thinking has
already started to take hold at the
state government level. It’s clear
the reality of cloud computing and migrating services to the cloud is more complicated than simply issuing a policy mandate, though. Agency IT leaders must plan for and account for each step along the way.
Because so many agencies have legacy applications that are impossible to virtualize or even rework for the cloud—or some that have national security implications—the hybrid cloud model prevails in the federal market. Even within the hybrid model, though, there are many varieties and options.
From an applications standpoint, cloud hosting can go one of several ways. Simply re-hosting might be simplest method, but an agency could run into latency issues or incompatibilities with the cloud provider’s infrastructure. Plus the application might not be able to take advantage of a primary cloud benefits like scalability.
FEDRAMP APPROVAL
Clouds may be commercial multi- tenant, commercial single (government) tenant, or other federal services such as the Agriculture Department’s National Finance Center. Either full-time government or contractor staff may operate and administer those agency- built clouds.
One way around this is to refactor
the application. Then you’d have
two versions of the same application running. This would limit the agility between cloud and government-owned facilities. Revising or rebuilding the code can be expensive. It can also lead to cloud vendor lock-in. On the other hand, those actions might constitute an opportunity to modernize an application.
in the cloud. The General Services Administration (GSA) and its partners are working to streamline the process of accrediting cloud providers.
For purposes of cybersecurity, capacity planning, and performance, the hybrid cloud model continues to emerge as the leading choice. There are many data sources the network operations center and the security operations center must incorporate in their analysis, but the hybrid model continues to provide the most flexible capabilities.
Often the decision to host an application leads to the ultimate application solution; simply replacing the application with a commercial
FedRAMP approval has become essential for vendors and a check-
off for contracting offices and CIOs. Among cloud vendors with FedRAMP certification, agencies still have many considerations. One thing they have in common, however, is ensuring agencies consistently get the required levels of performance.
Any cloud planning project must
start with the end-game in mind. An agency CIO must be able to maintain security and integrity of data and ensure application availability and performance for which the agency is paying.
According to the National Institute for Standards and Technology (NIST),
GameChanger
Shutterstock.com