Becoming Cloud Smart(er)

Roman_Pillars_Gov-building.jpg

I was a big supporter of cloud technologies during my CIO career. In fact, my team and I at the Food and Nutrition Service were among the first in government to create a cloud-based app, with the launch of the SNAP Retailor Locator in 2010. Since then, government cloud adoption increased at a slow but consistent pace. Today, many think we’ve hit a tipping point and cloud adoption is about to accelerate. OMB’s Cloud Smart strategy is coming at just the right time.

What is a Cloud Smart strategy?
OMB’s new approach is a welcome update to the original Cloud First policy, which lost some momentum in recent years.

It is broken down into three interrelated areas: security, procurement and workforce. This is a great start. However, considering the emphasis on the Federal Data Strategy in the President’s Management Agenda, I expected to see a greater focus on data management.

Most organizations plan to use multiple public clouds in addition to on-premise private clouds and non-cloud infrastructures. This reality exacerbates the challenges of cloud adoption. In this hybrid, multi-cloud environment, data management is a critical success factor. Implementing a healthy data posture before migrating to the cloud is a best practice. Without proper data management, a multi-cloud environment can quickly become a set of disconnected silos, incapable of sharing data or compounding costs and risks.

Data governance
The draft plan highlights the importance of continuous data protection and awareness. It aptly describes the agency as the “custodian of its data on behalf of the public.” This is an excellent reminder of the great responsibility agencies have to protect and secure our data in all of their environments. This is no easy task. Cloud migrations only make this more complicated.

The plan then directs agencies to establish their own governance models for cloud-hosted data. I see two issues with this.

First, this approach seems to suggest that agencies are to create a data governance plan for their cloud-hosted data only. In this age of hybrid multi-cloud, data governance in isolation is insufficient. Agencies should be required to develop an enterprise data governance strategy for all of their data.

Second, it assumes that organizations already understand what and where their data is. However, research shows this is not the case. Before you can make decisions on what to migrate to the cloud, you must first understand your data inventory. After all, how do you secure what you can’t see or don’t know that you have?

The Cloud Smart strategy should sync with the data governance requirements in the Federal Data Strategy for agencies to have a comprehensive view of their data.

Data compliance
Routine requests for information, such as an audit, FOIA request or eDiscovery often become time-sensitive and high-stakes searches and retrieval efforts. Fragmented data environments across multiple cloud infrastructures further complicate this process. Integrating technologies for automated data classification is critical.

The ability to classify data solves a critical problem; the rapid growth of unstructured data exposes organizations to potentially harmful personally identifiable information leaks. Classification technology lets organizations quickly scan and tag data, enabling a risk-based approach to data security. This reduces the chance of a data leakage. It also supports the requirement to “monitor compliance with standards and policies throughout the information lifecycle” in the Federal Data Strategy.

The Cloud Smart strategy should emphasize the need for data classification prior to cloud migration.

Data portability
If we are really going to get smart about cloud, we must plan today so we aren’t locked in tomorrow.

The motivation for a multi-cloud strategy is to take advantage of best-of-breed cloud services, avoid cloud lock-in and to have an insurance policy against cloud failure. However, most organizations do not give sufficient thought to how they would fall back from the cloud or change providers.

Agency priorities fluctuate over time and may require an organization to move workloads between environments for compliance reasons. Given rising storage and egress costs of data, it becomes even more important to be able to move applications and data between clouds for financial flexibility. Organizations need agility. Enterprise data management provides this by establishing the data ownership and application portability necessary to exit a cloud.

It’s also important to remember that cloud outages occur. So, a multi-cloud strategy must include the ability to migrate data and workloads TO the cloud of choice, and WITHIN zones and regions associated with that cloud for the purposes of disaster recovery.

The Cloud Smart strategy should address the migrations FROM the cloud to another platform, including other commercial clouds and privately managed clouds in a data center.

Final thoughts
The Cloud Smart strategy reflects the maturation of federal IT thinking on cloud. The current draft isn’t perfect, but it’s a great start.

I strongly encourage the Cloud Smart and the Federal Data Strategy teams to work together to ensure agencies focus on proper governance, compliance and portability for our data.

In the end, cloud, like all technologies in government, is a mission support tool and the mission always relies on data. Cloud migrations and data management are intrinsically linked and we must treat them that way. The success of our nation’s digital transformation depends on it.

This content was originally published by GovLoop on October 15th, 2018, and the original article can be found here via govloop.com.

GL_Featured_Contributor_Badge_02_300x300.png