5 Steps to Building Security into Hybrid Multicloud

From cloud first to trusted cloud smart in the public sector

David Peed

As the private sector began flocking to the cloud, the federal government took notice. In 2011, the federal Cloud First Policy was released to help accelerate the pace that the federal government realized the value of cloud computing. It required agencies to evaluate secure cloud computing options before making any new investments. However, adoption has been slow to date. In recent Ponemon Institute survey of 618 federal IT practitioners, 62% reported that their agency was only starting or halfway through executing a Cloud First adoption strategy. Challenges around security, migration complexity and visibility into resource utilization were among the top inhibitors mentioned.[i]

In 2019, Cloud Smart superseded Cloud First as the new federal cloud computing strategy. Suzette Kent, Federal Chief Information Officer, describes the updated policy like this: “Cloud Smart embraces best practices from both the federal government and the private sector, ensuring agencies have capability to leverage leading solutions to better serve agency mission, drive improved citizen services and increase cyber security.”[ii]

62%

Government agencies who only started or halfway through executing a Cloud First adoption strategy

What is Cloud Smart?

Whereas Cloud First was focused on “buy before build”, Cloud Smart is touting a shift to “solve before buy” to help ensure that agencies are equipped with the tools, knowledge and flexibilities they need to move to cloud according to their mission needs.ii It really boils down to helping agencies be smart about their journey to cloud rather than following a one-size-fits-all approach or trying to re-engineer custom solutions in the cloud. That means carefully evaluating options based on service and mission needs, assessing requirements, identifying gaps and making informed decisions about what applications and data should stay, move to the cloud or be replaced.

It’s an approach that seems to be working in practice. In a recent webinar on federal data center optimization progress and best practices, Monique Bourque, Assistant Director for Innovation, Engineering and Data Center Operations, Department of Justice (DOJ) shared that her agency has migrated over 100 systems and 6 petabytes of data to the cloud, which represents about a third of DOJ components. She said, “What we have found is that…breaking down the data sets [to determine] what is cloud-ready has worked well.”

65% & 61%

Security (65%) and migration complexity (61%) are the top barriers to cloud migration for federal IT leaders.

Challenges in the federal journey to cloud

Still, security (65%) and migration complexity (61%) remain the top barriers to cloud migration for agency IT leaders according to the Ponemon survey.i Finding the right cloud for the right job within mandated timelines can be tough for government IT leaders, and personnel may lack the expertise to determine which workloads should be moved to the cloud or how to effectively implement hybrid multicloud scenarios. When agencies start shifting workloads to multiple cloud providers, it can also add new security and data distribution challenges.

Less complex applications with low data sensitivity are often migrated to public clouds first, while more complex, sensitive applications remain on-premises or in private clouds. To connect the different clouds, some agencies have turned to the public internet only to find that security and performance risks introduce more hurdles. As an alternative, some agencies explore adding dedicated links (via MPLS extensions) from their network to the cloud providers, but this is costly to maintain as more connections are required over time. This approach also takes a long time to provision and locks agencies into specific network and cloud providers.

By leveraging IOA best practices, agencies can get data from where it’s being collected to where it needs to be analyzed instantly. Private connections across the network fabric reduce the attack surface area while enabling secure analysis at scale. With this type of architecture, you get increased affordability, resiliency, timeliness and agility to move at the speed of mission. Donna Hansen, former CIO of the National Reconnaissance Office (NRO) and Equinix Government Advisory Board member

5 steps to interconnecting trust in hybrid multicloud

So what’s the answer? Interconnection Oriented Architecture™ (IOA™) best practices, outlined in the U.S. Federal Government digital edge playbook, offer a proven roadmap to success. An IOA approach enables agencies to optimize networks, simplify hybrid multicloud complexity and distribute security controls, and data and analytics to the edge. A direct and secure, private interconnection approach to all types of federal cloud deployment models (public, private, government, community, hybrid) provides a level of security that public internet connections to clouds cannot provide. The IOA Hybrid Multicloud Blueprint outlines five steps that agencies can take to build a secure, trusted hybrid multicloud platform:

  • Simplify multicloud connectivity and operations by placing traffic exchange points close to users and clouds using interconnection hubs (“edge nodes”).
  • Increase multicloud security effectiveness with a trust-nothing security model (applied to traffic flows across all parties) through policy-based border control, packet inspection and real-time security analytics.
  • Minimize costly intercloud data transfers by not placing sensitive data in the cloud or moving large data sets between clouds. Colocate private data in an edge node to provide secure, low-latency access from multiple cloud platforms.
  • Scale geographical multicloud demandby distributing workloads across geographically placed edge nodes, in proximity to users and cloud availability regions to address growth in traffic, data volumes and processing. Load balance resources for scale and business continuity.
  • Build multicloud agency platformsto interconnect with citizens, other agencies and partners for direct transaction and data exchanges. Establish new flows (agency service chains) and continually adapt to changes in regulations, technologies and emerging partners and markets.

A global interconnection solution such as Equinix Cloud Exchange Fabric™ (ECX Fabric™) makes it easy for agencies to implement these steps and establish secure, direct connectivity between on-premises and cloud environments, as well as to other clouds and networks across the globe.

Learn more about enabling an interconnected government.

See how to connect to multiple clouds with private, on-demand connections

[i]Ponemon Institute, Cloud Adoption in the U.S. Federal Government, June 2019.

[ii]Office of the Federal Chief Information Officer, Federal Cloud Computing Strategy.