Whether you’re managing one workload or fifty thousand, the right strategy for your agency’s AWS cloud will feature the same basic tenets. Lessons from today’s largest AWS ecosystems reveal the core elements of advanced cloud brokerage from orchestrated governance to layered security.
GDIT brings the real-world experience, operating more than 30 cloud brokerage programs on Amazon Web Services (AWS) and managing more than 50,000 cloud instances across a wide variety of government agencies.
What lessons can organizations of every size take from one of the largest AWS implementations to use within their own environments? When a customer asks for our first-hand view of working with the government to provide AWS at scale, we often begin with our four key tenets of cloud brokerage: Governance, Brokerage, Automation and Security. Enterprises that address these critical areas position themselves to realize the cost savings, agility and other benefits the AWS cloud can offer. Whether you’re focusing on the business side (e.g., cost control) or on the technical side (e.g., identity and access management), you can use these ideas to create a seamless cloud strategy that works for the enterprise as a whole, no matter the scope and make-up of your cloud infrastructure. The goal is to make things as simple as possible for your users while reducing risks and ensuring the right security to prevent data leakage.
When it comes to the first tenet, Governance, it’s important to ensure compliance that includes the implementation of policy-based enforcement and control of cloud resources, providing set workflows and checkpoints for service orders. Another essential is a cloud cost optimization tool for invoicing and billing, cost allocation, right sizing and best practices to help maximize the business value of cloud and efficiently allocate resources. That’s not always easy when you have thousands of discrete AWS billing statements and need to untangle orders and internal chargebacks. With so many statements, the use of a standardized tagging taxonomy simplifies the task. Additionally, incorporating transparency into your service level agreements (SLAs) across multi-clouds is critical, providing one unified view, potentially by integrating your legacy SLA tools with new cloud assets.
In terms of Brokerage, we again want to keep things simple for the customer. We do that by implementing provisioning services to manage resources across multiple environments and keep track of user actions. Cloud services are managed through an intuitive service catalog that’s easy to navigate and expand. Dashboards provide visibility into the entire cloud ecosystem, with ad hoc options and consistent reporting across agency, department and application owner. Complementing those elements is self-service. A simplified portal that integrates with your ticketing system can empower users to place orders and resolve issues themselves rather than increasing help desk workloads or creating “rogue” AWS accounts.
Users may sometimes make manual interventions that introduce errors. This can be addressed by infusing Automation — the third of our four key tenets — into your cloud strategy. With automation, you can maintain configuration control access across multicloud environments and ensure compliance with security and software updates. You can integrate with existing enterprise investments and better manage capacity and resources by automating the tracking and management of cloud provisioning. That should include the use of resource tagging to track consumption across multicloud environments.
Our fourth tenet is Security, which presents unique challenges in the cloud but is essential to national security. As emerging threats increase in an evolving cloud technology landscape, enterprises must shift the focus from protection to prevention. Prevention, in turn, needs to center on adaptive cyber defense and the deployment of artificial intelligence, machine learning and automation for detection of threats at the edge.
Many agencies currently have too many cyber tools and aren’t able to apply them uniformly and lack integration of standards. Common frameworks are contending with increased complexity in hybrid cloud environments and need to free up cyber resources to focus more on research and automation upgrades. Ultimately, enterprises need sound identity and access management with multifactor authentication and a Cloud Access Security Broker to enable centralized security monitoring and management across all cloud resources. The best approach is to integrate cloud native tools with legacy cyber assets in order to maximize the value of your existing investments.
The GDIT Cyber Stack offers a path to layered cyber defense in the cloud that creates protection from state-sponsored and terrorist threats, spearfishing and malware, insider attacks and more. Through the GDIT Cyber Stack, we give agencies a comprehensive modular ecosystem of cybersecurity capabilities that map to the Secure Cloud Computing Architecture. We designed and built this suite of solutions in the AWS GovCloud region and integrate it with AWS native security services. Enterprises can select the GDIT Cyber Stack as a physical or virtual platform, on-premise or in the cloud. Orchestration, automation, and a governance model provide for efficient, integrated operation of all GDIT Cyber Stack components.
Adversaries thrive in complexity. That’s why it’s increasingly important for the government enterprise to take the simplest possible cloud approach that covers the four key tenets of governance, brokerage, automation and security. This is a lesson that applies not just to the very largest implementations, with their tens of thousands of instances, but to all of the varied AWS cloud journeys agencies are taking today in pursuit of greater agility and performance at lower cost.