The federal government is committed to investing in cloud services — a trend that will likely continue to increase in the foreseeable future. According to Gartner, government cloud spending is expected to grow, on average, 17.1 percent through 2021.
Many of the agencies invested in moving to the cloud have deployed multi-cloud environments. Rather than placing all of their eggs in a single basket, they’re taking an à la carte approach, picking and choosing the providers that offer the best services — both on-prem private clouds and off-prem public clouds — to meet their needs.
There are a number of benefits to employing a multi-cloud strategy. Here are three of the top reasons why it might be ideal for your agency:
Gaining better flexibility, interoperability and portability
Multi-cloud environments offer enormous flexibility. You can use different cloud providers for a variety of solutions and services, and can implement any combination of public or private clouds. You can also take a hybrid cloud approach that combines on- and off-premises solutions.
In addition to greater flexibility, there are a variety of reasons agencies use multiple clouds or vary their hosting strategies. Some organizations may wish to move between clouds to ensure better uptime and reduced risk of service disruptions; if one provider experiences an outage, they have a backup which they can rely on, mitigating the chances of lost productivity. And different cloud providers may offer unique strengths that pair nicely with the primary goals of the agency. In these cases, a multi-cloud strategy makes perfect sense.
Supporting a better cybersecurity posture
Multi-cloud environments also offer security benefits. Most cloud providers — and certainly those sanctioned for government use — have automated security built into their offerings. The right mix of providers can provide agencies with a level of security that effectively takes the onus off personnel to manually secure the cloud’s physical environment, but the operating system and application stacks still need to be secured.
Automation frameworks can be used to automate compliance and security policies. When evaluating the available solutions, four tools stand out for their commitment to compliance and security: SaltStack, Ansible, Chef and Puppet. Specifically, SaltStack provides automated, event-driven security policies that allows agencies to keep their virtual machines in specific, secure states. Ansible is an open-source automation engine that allows agencies to easily configure a secure infrastructure. Chef and Puppet are open-source tools that allow organizations to automate infrastructure management. Together, these configuration tools will help you install and manage software on existing servers while keeping your agency compliant and secure.
Even with these tools, keep in mind that public clouds do a good job at physical security, but they are not securing your applications. As such, good security must always start at home. Multi-cloud can amplify weaknesses in your security policies, so make sure that those policies are strong and select cloud partners and tools that can effectively support your efforts. Be sure to practice fundamental security processes, such as continuous monitoring of data and applications. Don’t put all of your faith into your cloud providers, regardless of their stated security postures.
Containers and DevOps are critical
To reap the benefits of a multi-cloud environment, agencies should focus on automating their development processes through the use of containers and DevOps. Containers are a software technology that facilitate the repeatable deployment and portability of applications across a myrid of cloud environments. DevOps (a portmanteau of “developer” and “operations”) is a methodology where developers and operations managers work together to create and build, test, deploy and maintain applications.
Both are meant to drive automation, agility, and better security. As such, they offer important benefits for agencies with multiple clouds.
Containers are important because they allow developers to break down applications into their core components. This makes those applications highly portable and easily transferable across clouds. Meanwhile, orchestration management tools like Kubernetes can help developers automate container deployment and management, allowing them to spin up and tear down applications. Containers are an essential application development tool for a multi-cloud world.
The same can be said for DevOps. Traditional DevOps teams are focused on infrastructure and scripting, but there’s an opportunity for these teams to move beyond infrastructure management. Instead, they can focus on pipelining, repeatable service stacks, LAMP, MEAN, Java Web App, and developing reusable components that can be used across applications using verified microservices. These teams can create processes that allow them to develop applications faster than ever before and deploy those applications in virtually any cloud environment.
For many agencies, it’s becoming increasingly apparent that a single cloud deployment strategy may pigeonhole their strategy and ultimately not be enough to manage their workloads. For them, the question is not which cloud provider to use, but which cloud providers should be used in certain instances? The answer: whichever ones are most effective at meeting an agency’s goals and supporting its security initiatives.
Finally, remember who the customer is, and that they are the ones requesting change. Evaluate and prioritize adaptability, cost, predictive performance, and security. A one cloud approach will not solve all your problems. It’s important to keep an open mind.
Darren Pulsipher is an enterprise solution architect in the Data Center Group at Intel Corporation.