Over the past year there’s been a big change of federal agency policy from Cloud First to Cloud Smart. Even with the Cloud First mandate, a lot of workloads remain on-premises. Now, agencies want to be smart about moving to the cloud.
Moving to the Cloud
One of the biggest stumbling blocks in transitioning from on-premises to off-premises services is knowing which applications to move first. The Federal CIO Council’s Application Rationalization Playbook encourages CIOs to consider both business value and technical fit when making such decisions, since the best candidates are applications that are high in both. However, you also want to consider those applications with high business value and low technical fit like an old monolithic application that needs to be modernized.
In addition, COVID may have reorganized your agency’s priorities, so reexamine your existing plans. If you did an earlier rationalization of your portfolio, you should take another look. The unemployment modernization effort that you had on the back burner — may need to move to the front burner while other things are pulled back.
Securing the Cloud
Many people still think that the cloud cannot possibly be secure. The reality is that that the scale in terms of the systems and the number of security professionals helps ensure things are secure. But agencies must ensure that their security posture is consistent — whether it’s on-prem or in a public cloud. Automating it allows consistency, ensuring that you’re not creating holes in one environment while another is secure.
Embracing Open Source
Government agencies can be wary of open source applications — but a great idea is a great idea no matter where it comes from, and open source is a great way to share best practices with a community. For one example… [think about] all the taxpayer money that has been spent on locking down a web server running Red Hat Enterprise Linux over and over again in the government. A lot of the “authority to operate” (ATO) paperwork hasn’t been reused at all.
Wouldn’t it be great if that paperwork were available so other agencies could not only use it, but improve upon it and make the security even stronger? That’s what [Red Hat’s] Compliance as Code project is, which allows people to get that ATO a lot faster and for a fraction of the cost – and that’s all thanks to open source.
Transitioning from Proprietary to Open Source
Agencies expect the divide between proprietary and open source to be more binary than it is. You don’t have to go all open source or all proprietary. Instead, pick the right blend that works for you. For example, you can run a proprietary database on an open source operating system on a proprietary hypervisor. Agencies can do so as well if they decide where to standardize, where to be in the stack and where to lay that open substrate.
Do you want it at the operating system level? At the Red Hat Enterprise Linux level, you could have on-premises data centers, public cloud, multiple different cloud vendors. Or do you want to go higher up the stack at say the Platform-as-a-Service layer where you use OpenShift and Kubernetes? That allows you further abstraction and more focus on the actual mission applications themselves. The important thing is making going to the cloud a conscious decision.
Achieving Success in the Cloud
The U.S. Citizenship and Immigration Services has taken their legacy monolithic applications and broken them down into containerized microservices on top of OpenShift, which can run on the public cloud or be on prem; the portability is right there.
But the agency did not just lift and shift the application over. They looked at the people and the processes — like changing from a waterfall model to agile and DevOps. Changing those processes — adding security, shifting security left to put that forefront with the developers and operations teams instead of as an afterthought — helped foster a very strong culture that encourages employees to focus on the mission.
Visit our website to learn more about the GovForward: Multicloud Series and FedRAMP through our additional resources.