Why the Federal Cloud Ecosystem Will Remain Hybrid

Secure access to trusted hybrid multicloud partners is key

Brian Bonacci
Mark Elszy
Why the Federal Cloud Ecosystem Will Remain Hybrid

When it comes to IT, government agencies often take a page from the private sector, and according to the 2020 State of the Cloud report, 87% of enterprises have a hybrid cloud strategy.[i] While hybrid was frequently viewed as an interim step on the way to cloud, that is no longer the case. Some workloads may always need to remain on-premises for regulatory, security, performance or cost reasons, although these limitations are beginning to decrease. As a case in point, major public cloud service providers (CSPs) such as AWS, Microsoft and Google have invested in delivering cloud services on premises through Outposts, Stack and Anthos respectively. These services provide a common workload deployment process for both on-premises and cloud-based environments.[ii]

The U.S. Federal government has followed a similar path with Cloud Smart which superseded Cloud First as the federal cloud computing strategy in 2019. Now federal agencies have more options for deploying hybrid cloud infrastructure, including numerous FedRAMP cloud services, blueprints for deploying shared and unique private clouds and an endless combination of each. Other developments that continue to indicate strong federal commitment to hybrid multi-cloud include:[iii]

  • milCloud 2.0, the Department of Defense (DOD)’s on-premises hybrid cloud services platform managed by General Dynamics Information Technology (GDIT), recently switched to VMWare and added AWS. This gives agencies a new option to quickly migrate to private or public cloud without any new task orders or contract actions. As of Feb 1, the DOD had migrated 1,288 virtual servers to milCloud 2.0 across 71 entities and programs.
  • Single vendor cloud contracts such as the Commercial Cloud Services (CS2) and Joint Enterprise Defense Infrastructure (JEDI) are giving way to multi-vendor contracts such as the Cloud Computing Enterprise (C2E) contract, which was recently awarded to five major CSPs by the Intelligence community. In the interest of maintaining vendor-neutrality, the government has also issued a separate solicitation seeking a managed services provider who can deliver multicloud integration, management and governance support.
  • The National Security Agency (NSA) has issued zero trust guidance for securing sensitive data in key federal agencies with granular access control, complete visibility and orchestrated threat detection across hybrid multicloud environments and dynamic policy enforcement for advanced data protection.

Regardless of which cloud strategy a federal agency pursues (public, private, hybrid, fit-for-purpose, general purpose), keeping data safe will depend on direct and secure interconnection that delivers high-performance, low-latency access to clouds, networks and partners.

Regardless of which cloud strategy a federal agency pursues, keeping data safe will depend on direct and secure interconnection that delivers high-performance, low-latency access to clouds, networks and partners."

Do You Have a Digital Edge Strategy for Your Government Agency?

Learn about Artificial Intelligence (AI) Data Marketplace deployed on Platform Equinix®, several upcoming webinars on digital strategy and the Global Interconnection Index report customized to solve government’s challenges.

Learn More
digital-edge-network

Secure cloud computing according to DISA

Anticipating the need to provide hybrid multicloud interconnection, the Defense Information Systems Agency (DISA) published the Secure Cloud Computing Architecture (SCCA) to provide a standard process for protecting applications and data hosted in commercial cloud environments. It includes the following:[iv]

  • Cloud Access Points (CAPs) that provide connectivity to approved cloud providers and protect DoD networks from cloud originated attacks.
    • Boundary CAPs are colocated at commercial meet-me points to maximize performance and scalability.
    • Internal CAPs are located at DISA data centers to separate DOD networks from cloud hosted elements.
  • A Virtual Data Center Security Stack (VDSS), a virtual network enclave security to protect applications and data in commercial cloud offerings.
  • Virtual Data Center Managed Services (VDM) that host security and privileged user access.

Interconnection will be crucial for federal cloud security

As policies, reference architectures, and other guidance like the above evolve, private interconnection is expected to play a key role in federal cloud security. As a case in point, the House Armed Services Committee 2021 National Defense Authorization Act (NDAA) report included the following language regarding DOD’s use of efficient peering sites for improving data security:[v]

“The committee is aware of the importance of private network and cloud interconnection to address fragmented Department of Defense internet architecture and the ability to successfully migrate services to the cloud. The committee understands that the use of secure, advanced, internet exchange points mitigates cyber vulnerabilities, improves data security, increases system reliability and resilience, and reduces processing time latency. Therefore, the committee directs the Chief Information Officer of the Department of Defense to provide a briefing to the House Committee on Armed Services, not later than July 31, 2021, on the Department’s deployment of private, low-latency network and cloud interconnection at global peering locations.”
As policies, reference architectures, and other guidance like DISA’s Secure Cloud Computing Architecture evolve, private interconnection is expected to play a key role in federal cloud security."

Placing CAPs in a vendor-neutral, globally distributed interconnection platform such as Platform Equinix® enables direct and secure access to the world’s largest ecosystem of clouds, networks, partners and other digital ecosystems with dynamic exchange options. Network service providers like AT&T, Lumen and Verizon, as well as cloud technology service providers like Dell and systems integrators like GDIT are already part of the Equinix ecosystem

Platform Equinix also provides proximate, low-latency access to a marketplace of leading options for integrating physical and virtual services for optimal performance and control. And leveraging software-defined interconnection via Equinix FabricTM makes it easy to move to an agile and secure hybrid multicloud infrastructure. The article, “Cloud Is Not A Destination – It’s an Operating Model,” outlines three simple steps for achieving this.

To learn more, schedule an interactive virtual Digital Edge Strategy Briefing and download the U.S. Federal Government Digital Edge Playbook.

 

[i] Flexera, Cloud Computing Trends: 2020 State of the Cloud Report, May 2020.

[ii] CloudBolt, Why Hybrid Cloud is Here to Stay.

[iii] Nextgov, How the Defense Department’s MilCloud 2.0 Effort is Evolving, Feb 2021; FedScoop, AWS cloud now available on milCloud 2.0, Feb 2021; Federal News Network, CIA cloud program awarded, CISA cyber program under protest, Nov 2020; Bloomberg Government, CIA Competing Single-Award Cloud Integration Contract: Top 20, Dec 2020; AFCEA, Closing All DOD’s Cyber Doors with Zero Trust, Feb 2021; NSA, Embracing a Zero Trust Security Model, Feb 2021.

[iv] DISA, Secure Cloud Computing Architecture.

[v] Congress.gov, William M. (Mac) Thornberry National Defense Authorization Act For Fiscal Year 2021, July 2020.

Placing cloud access points in a vendor-neutral, globally distributed interconnection platform enables direct and secure access to clouds, networks, partners and other digital ecosystems with dynamic exchange options.
Brian Bonacci
Brian Bonacci Former Senior Director of Federal Partnerships and Channels
Mark Elszy
Mark Elszy Director, Federal Sales