A cloud service provider provides a wide range of capabilities, including the cloud platform and infrastructure, application and storage services, and nearly unlimited scalability, along with protections for the hardware, software, networking and physical data center facilities running the cloud services.
Traditional CSPs “focus on the nuts and bolts and the building blocks of the cloud,” said Atul Mathur, Chief Information Officer (CIO) at Credence and the technical program manager on several federal agency projects. “But when the rubber meets the road, and the applications are running in these CSPs’ cloud environments, there are a lot of other things the government has to worry about.”
Agencies have security responsibilities (such as their own platform, software and data) and must meet compliance requirements such as those in the Defense Department’s (DoD) Security Technical Implementation Guides (STIGs). And they face other challenges, from dealing with legacy systems and applications, to managing operations well enough to incorporate advanced technologies such as artificial intelligence (AI), robotic process automation (RPA) and DevSecOps, a methodology that brings together an organization’s development, security and operations teams.
Three areas of particular concern:
Security. First and foremost, the most important aspect of cloud computing for agencies is the security of their data. The Federal Risk and Authorization Management Program (FedRAMP) and the Defense Information Systems Agency’s (DISA) Cloud Computing Security Requirements Guide (CC-SRG) establish the essential requirements for services delivered via the cloud, but agencies also have to ensure that they secure their platforms, applications, access control, operating systems (OS) and configurations.
Migrating workloads. Agencies need a comprehensive strategy that covers areas such as procurement, operating costs, employee training and migration timelines. Mission-critical applications may not translate easily to the cloud, and a lot of the aspects of management are not included in a provider’s cloud service.
Operations. Managing a cloud environment — particularly a hybrid, multi-cloud environment — involves a lot of moving parts, including infrastructure to support mission-critical needs, applications and services. No one can be an expert in every area, so agencies may need expertise they may not have in-house in order to address all of their challenges.
Solution: Managed Services Support
A managed cloud services (MCS) provider, particularly one experienced in working with government agencies, can offer the expertise and knowledge necessary to help agencies adopt, migrate to and manage their complex cloud environments.
CSPs can provide infrastructure management, provision cloud environments and proactively manage service level agreements (SLAs). Service management components can provide 24/7 support, ensuring that applications are up and running, giving users access to the resources they need with short response times to review alerts, manage incidents and respond to critical issues.
A managed services provider can also help agencies make the most of their environments by supporting automation — which is essential at the speed of today’s cloud operations — and DevSecOps adoption.
A provider can, for example, stand up or tear down a test environment; they can also configure files or applications in a quick, automated way, which eliminates the human error that can result from doing it manually, Mathur said. Compliance risk management, which helps ensure security while meeting the government’s compliance requirements, is an essential service for agencies.
By providing end-to-end cloud management services, a provider also positions an agency to employ new technologies, such as machine learning, artificial intelligence and advanced analytics, to derive the most value from its data and to better share it both within and outside the agency. In addition to improving an agency’s services, the streamlined approach will aid in meeting goals set forth for data-driven decisions outlined in the Evidence-Based Policymaking Act.
This article is an excerpt from GovLoop’s recent report, “Simplify Cloud Adoption With Managed Services.” Download the full report here.