Bring Choice, Control and Speed to Your Cloud Environment MARKET TRENDS REPORT
Executive Summary As agencies move increasingly into the cloud, the infrastructure is becoming a complex, many-tentacled beast with more elements than agency staff can track. Driven by the mandates of the federal government’s Cloud Smart policy and digital transformation efforts, agencies have been steadily migrating applications and services — including some that are mission-critical — into complex, hybrid and multiple cloud environments. Meanwhile, they also must maintain compliance with Federal Information Security Modernization Act and Federal Risk and Authorization Management Program (FedRAMP) requirements, and manage an agile, DevSecOps approach to software development that can spin out new capabilities without regard to costs and security. The resulting stew of cloud services has impaired the visibility into infrastructure IT teams need to manage them. Legacy systems and processes compound the challenges. Rather than an adopt-buy-build model with scheduled tech refreshes, agencies must recognize that the infrastructure will always be in flux. What agencies need is a multi-cloud strategy that enables them to adapt quickly as requirements change, essentially building a continuous improvement process into the system. To learn more about developing a multi-cloud strategy, GovLoop teamed with cloud and virtualization provider VMware. This report will look at the challenges an evolving cloud environment brings, what agencies need to know about a multi-cloud strategy and how they can go about getting their infrastructures under control.
2
MARKET TRENDS REPORT
By The Numbers
$7.8 billion 71%
of federal agencies say the Cloud Smart policy is driving cloud adoption.
81%
Projected federal spending on cloud in 2022.
of federal agencies are already using multiple cloud platforms.
74%
of multi-cloud customers cite complexity as their biggest challenge.
89%
57%
93%
19.6%
of organizations still expect to have a meaningful on-premises footprint in three years.
of organizations are either committed to or interested in a hybrid cloud strategy.
of enterprises identified the skills shortage as a top challenge with multicloud environments.
of organizations are moving advanced workloads to the cloud in 2021, up from 15.5% in 2020.
BRING CHOICE, CONTROL AND SPEED TO YOUR CLOUD ENVIRONMENT
3
Meeting the Challenges of Today’s Cloud Environment Challenge: Cloud often exceeds an agency’s grasp
Solution: Multi-cloud, Not Just Multiple Clouds
Cloud operations can easily evolve too quickly for agencies to control spending and effectively manage services and, most importantly, security. As a result, an agency can soon find itself handling a hybrid environment involving multiple clouds, a growing number of users and countless Internet of Things devices attached to the network. The impact materializes in several ways.
Agencies need to gain visibility into their cloud environments and implement a holistic multi-cloud strategy to improve efficiency, control costs and secure their increasingly complex environment.
Complexity. The layers and scale of fast-growing hybrid, multiple-cloud environments make it difficult to gain visibility into identities, users, services and other elements. The cloud has many pieces. Not all of them work together, but there are too many of them to take on separately, whether the goal is improving the efficiency of operations or security. “When we look at the security framework, we cannot look at security in just one of the cloud service providers,” said Keith Nakasone, Chief Federal Strategist at VMware and former Deputy Assistant Commissioner for Acquisition Management at the General Services Administration. “We now have to look at the security framework across the multi-hybrid environment.” Skills Shortage. As technology changes, the skills needed to manage it change, too. This requires training current employees, although that likely won’t be enough. Smaller agencies may not have much of an IT workforce to begin with, and even large agencies can’t handle every aspect of the cloud, including both on-premises and off-premises environments. Today, subject-matter experts must understand not just their areas of expertise, but also critical issues such as how everything fits into their organization’s overall security framework. Speed. DevSecOps and the continuous integration/ continuous delivery pipeline constantly feeds the cloud’s capabilities, but also increases its complexity, spending and potential risks. Compliance. Cloud’s complexity and the skills shortage can make it difficult to perform audits and meet compliance requirements, potentially putting authority to operate agreements at risk.
4
A multi-cloud approach should be comprehensive, providing a single set of management tools that enables teams to secure consistent configurations and policies across the environment, regardless of the variety of applications and clouds in use. It delivers three key benefits: Choice. A multi-cloud management platform provides a consistent operating model across any hyperscale provider, such as Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud and Oracle Cloud. It gives agencies the flexibility to select the right cloud for a particular service — based, for example, on its FedRAMP authorization level or Department of Defense (DoD) Impact Level certifications — while minimizing the impact on operations and applications. Control. A platform that provides a single set of tools across the infrastructure gives teams the visibility they need to monitor cloud environments. With consistent crosscloud governance and compliance, they can better track spending, manage services, mitigate risk, and quickly identify and remediate any security issues. This approach has been shown to reduce overall cloud infrastructure costs by up to 60% by allowing agencies to optimize among private, hybrid and public clouds. A multi-cloud architecture also provides resiliency when one cloud suffers a breach or outage. Speed. A multi-cloud platform can reduce the time it takes for cloud migrations from years to months. Some organizations have seen an 82% increase in getting software into production and a 32% increase in developer productivity. With ready access to security-compliant infrastructure and app catalogs, developers can build and deploy applications faster — and without compromising security.
MARKET TRENDS REPORT
Best Practices for Multi-Cloud Strategies Following industry best practices in cloud implementations should be part of all agencies’ procedures. Some of the most important practices involve the cultural change that is necessary when transitioning from largely on-premises operations to a hybrid, multi-cloud environment that operates in fundamentally different ways.
Collaborate
Follow the Money
A layered, complex cloud environment can be full of blind spots, whether they involve inactive user accounts, misconfigurations or other problems that can lead to service outages or cyberattacks. So, collaboration is essential.
Financing cloud operations, particularly in multi-cloud environments, can be a challenge for agencies that traditionally have been limited to yearly allocations and buying products and services individually. “Now we have to look at our acquisition process to build cloud solutions,” Nakasone said. “We’re now building out acquisitions to be more agile, more flexible, and be innovative.”
Agency employees should regularly ask themselves what they might be missing and look to form collaborative partnerships with agency and industry contacts who have experience in these situations. Nakasone said public/ private engagements should be more common “to ensure that we’re leveraging private and public best practices.” Collaboration also is critical among agency teams because the cloud is too big and diverse for any one group to track alone. For instance, DevSecOps and security teams working together can help deployment be both fast and secure. Knowledge sharing among stakeholders also is important in discovering blind spots.
Although additional changes in the acquisition process may eventually occur, agencies need to get a handle on the shift from capital expenditures to operational ones, focusing primarily on services rather than products. One way to manage that is to focus on understanding cash flow and risk. By measuring their internal cash flow mechanics against their risk profile, they can get a clear understanding of what’s financially viable — while also building their funding case to take to agency executives.
Lead from the Top As with any cultural change, executive buy-in is critical to cloud operations’ success. A lack of support from the top is a key reason why only about 30% of projects succeed. IT teams need to tie their cloud strategies to an agency’s overall mission, and show how the mission benefits from a multi-cloud strategy.
BRING CHOICE, CONTROL AND SPEED TO YOUR CLOUD ENVIRONMENT
5
Case Study: Defense Agency Acelerates Deployment via Hybrid Cloud
Agencies migrating operations to the cloud experience a significant change in how they operate, which brings challenges, both expected and unexpected. But they also can experience substantial gains in app velocity and reductions in cost.
By collaborating with recognized industry leaders to address specific needs, the organization was able to quickly implement a solution that not only fulfills their original requirements, but is also built to accommodate continuous improvements and future needs.
In one example, a DoD component needed to accelerate development of several applications for a specialized system used for tracking.
As agencies’ cloud infrastructures grow into hybrid environments with multiple cloud providers and constantly changing cloud offerings, a comprehensive multi-cloud platform is important to seeing those kinds of results regularly. Without a multi-cloud approach, they risk losing visibility into and control over the infrastructure. Some individual deployments may pay quantifiable dividends, but the potential for unseen risks and unaccounted costs could outweigh the advantages.
Using traditional methods of procurement and development, the new applications would take years to get through the process from solicitation to production, just like the legacy application they were replacing. But with VMware’s help, the organization implemented a cloud-based software package that was developed and deployed in about six months, and at about a tenth of the cost of the legacy application.
HOW VM WARE HEL PS The first company to successfully virtualize the x86 architecture, VMware is a leading provider of cloud computing and virtualization services with particular expertise in multi-cloud architectures. The company has developed extensive partnerships with other organizations, from system integrators to original equipment manufacturers, which provides critical expertise and experience in deploying and managing a multi-cloud environment. “From a subject-matter expertise perspective, we’re not just focused on one, we’re focused on many,” Nakasone said.
6
VMware’s solutions cover the range of cloud operations, from migration and modernization to scaling capacity on demand and accelerating disaster recovery. They also enable efficient and secure DevSecOps development and take secure computing to the edge via containers and Kubernetes. The company’s experience with cloud and multicloud architectures is built to help agencies transition to responsive and cost-effective digital government, both technologically and culturally. Learn more: vmware.com/go/federal
MARKET TRENDS REPORT
Conclusion Agencies have always had to balance cloud’s advantages and potential pitfalls. As the cloud grows, the stakes get higher — the benefits of a flexible, scalable, constantly changing infrastructure can be enormous, but so are the risks of not having control over it. An environment that involves on- and off-premises operations and possibly a mix of public and private clouds defies clear visibility and easy management when its components are handled separately. A true multi-cloud approach that incorporates a single set of controls is necessary. With it, agencies can gain visibility into the infrastructure, apply configurations and policies across the board, lower costs, and maintain security while also meeting federal compliance requirements. Ultimately, it helps agencies with digital transformation and provides services more efficiently and effectively.
A B O U T V M WA RE
ABOUT GOVLOOP
VMware Government Solutions provide the digital foundation for the evolution and transformation of government IT, enabling agencies to improve mission outcomes and meet constituent expectations for modern, efficient and cost effective services. VMware’s interoperable cloud, app, networking, security and workspace solutions form a flexible digital foundation that enhances mission delivery, ensures continuity of operations and resiliency, and improves citizen and employee experiences while safeguarding data.
GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 300,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com.
BRING CHOICE, CONTROL AND SPEED TO YOUR CLOUD ENVIRONMENT
7
1152 15th St. NW Suite 800 Washington, DC 20005 P: (202) 407-7421 | F: (202) 407-7501 www.govloop.com @GovLoop