While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
More than two years ago, the Recovery Accountability and Transparency Board became the first federal agency to move a governmentwide information system to a public cloud. Our initial migration of Recovery.gov to a public-cloud provider was the beginning of what is now a multicloud enterprise solution. The Recovery Board has moved a wide variety of its IT services to the cloud, implementing the federal government’s first civilian, compliance-focused hybrid-cloud environment.
To achieve this success, the Recovery Board had to address a number of serious challenges as we sought to match the work our agency performs with the most efficient cloud services available. As the stewards of a groundbreaking project, the Recovery Board’s IT team didn’t have an example to follow, but our experience can provide an example for other agencies looking to implement a hybrid cloud.
With a project of this scope, planning is critical to success. It is essential to perform a thorough analysis of the entire enterprise and make strategic decisions that move each workload to the right operating environment. Security, efficiency and cost-optimization are key drivers.
Given the variety of cloud services and their ability to drive down costs and deliver a superior user experience, an enterprise must master the various technologies and interfaces of multiple cloud providers, secure its connections to each provider, establish security and monitoring capabilities for each provider, and manage authentication and authorization.
The Recovery Board performed a rigorous discovery and analysis phase to develop a scalable strategy that would match the best cloud services to current and emerging business needs. By following a systematic planning and execution process, we were able to make effective decisions and execute a phased implementation approach. The planning phase clearly articulated the migration approach and roadmap for the entire system. The execution phase allowed individual program teams to build upon prior efforts.
Assessing what we needed and where we wanted to go allowed the Recovery Board to match different cloud options to its needs. The cloud services we employ include:
Analyzing the agency’s needs and options helped us make the best decisions as we implemented the plan. For example, the Recovery Board selected Microsoft Office 365 Government Community Cloud to reduce the maintenance and licensing costs associated with commodity services such as e-mail. In making this choice, we sought to minimize disruption for existing users, avoid user retraining costs and ensure the security of e-mail data. Using the hybrid Microsoft Exchange deployment model, the Recovery Board can route all traffic through its cloud hub while making the shift to the Office 365 cloud transparent. End users will have the same client throughout the migration.
Storage services also have reduced costs, offering efficient backup and offsite storage options. The adoption of such services ensures a common security construct with robust, independent monitoring.
Making the best use of a variety of cloud services is just part of the story. The key is how our agency integrates and manages those services securely.
The Recovery Board has designed a cloud hub that allows the agency to use multiple cloud services at the lowest cost while reducing risk, adding value and increasing the speed of developing new applications and services.
Our research made clear that we had to be able to use multiple cloud services from a variety of providers. However, given the emerging marketplace for cloud services and cloud brokers, we needed an approach tailored to our organization that could deliver results in three to six months. Thus, we leveraged the cloud hub concept and security architecture provided by a our lead systems integrator, Smartronix.
The Recovery Board’s IT Team designed a solution that used the cloud hub as an intermediary to provide secure, reliable and flexible access for computing, storage and network resources. This ensured that we did not have to set up costly point-to-point connections and implement a consistent security stack. The cloud hub provides a technology stack consisting of a firewall between the enterprise and the cloud service provider; a router that provides VPN services; and computing services that host integrated security and service management.
The cloud hub model ensures that customers can consume cloud services at a pace that makes sense for the individual enterprise and without the common concerns about accessing the cloud. The trusted connectivity component is critical, because it means that agencies do not have to spend time and money to establish connections to each cloud provider — security is ensured through inline devices that provide an independent and trusted connection gateway. This permits monitoring and inspection of all traffic entering or exiting the agency’s cloud services.
Cloud computing services offer great promise for optimizing spending and delivering an agile response to business needs. However, it is critical to plan and develop a scalable approach that can leverage multiple options. A cloud hub is essential for success, as it provides trusted connectivity and the hardware and software needed to ensure secure and reliable connectivity between users and cloud service providers.