By Rick Rosenburg, Vice President and General Manager, Rackspace Government Solutions, Rackspace Technology
Federal agencies kicked into IT modernization overdrive during the pandemic and, as 2022 approaches, agencies are looking for ways to capitalize on investments and continue to accelerate transformation. One of the key investments has been in the cloud technologies that largely enabled operations across the government during the past year. And now, agencies are looking to expand capabilities, shore up security and optimize their investments in both cloud infrastructure and solutions.
To achieve these goals, agencies need to invest in a comprehensive multicloud strategy to address the complexities and challenges inherent to managing and optimizing cloud investments and capabilities while emphasizing security, workforce optimization, and resource availability. While using multiple cloud vendors is not new, crafting a multicloud strategy is – and it is complex, especially when it comes to addressing security and compliance, so Federal agencies seek a clear path forward.
A Work in Progress
The Advanced Technology Academic Research Center (ATARC), in partnership with Rackspace Technology, AWS, VMware, and Carahsoft, recently surveyed Federal IT professionals to take the pulse of the Federal multicloud world to better understand the current landscape, the most significant challenges, and how agencies can move faster on the path to implementing a multicloud strategy.
First, it is encouraging to see that many organizations are utilizing the capabilities of multiple cloud vendors and thinking about optimizing their investments. Thirty-seven percent of respondents report their agency uses multiple clouds (infrastructure and solutions), and 60 percent have started on a cloud strategy journey. Federal IT professionals understand that it is necessary and critical to their operations. Thirty percent of respondents rank business agility as the number one benefit of cloud adoption – followed closely by legacy modernization, improved citizen experience, and optimizing IT investments.
And while agencies are taking steps in the right direction to utilize vendor-provided cloud solutions and services, budget is reported as the most significant barrier in making that shift, followed closely by workforce skillset and procurement challenges.
Another significant barrier holding agencies back is understanding cloud security and compliance requirements. Nearly one-third of respondents report their agency struggles with a basic understanding of their annual security and compliance requirements – where only 40 percent of responders give a strong rating on their agency’s understanding, whether they are procured or developed in-house.
FedRAMP – A Mixed Bag
One of the most important programs for ensuring cloud solutions meet Federal security and compliance procedures is the Federal Risk and Authorization Management Program (FedRAMP). Survey responses showed that most Federal agencies understand FedRAMP’s significance, with 62 percent agreeing that FedRAMP helps streamline the procurement of secure, trusted cloud solutions. However, FedRAMP authorization levels vary widely, with 43 percent of agencies reporting that their highest FedRAMP impact level implemented is moderate, while 32 percent noted high FedRAMP.
Even though Federal IT leaders see the benefits of FedRAMP, 41 percent say that the program hinders modernization through a slow ATO process. Respondents agree there is room for greater collaboration between government and industry to accelerate FedRAMP authorization and avoid the pressure and risk of alternative or shadow IT procurement.
Multicloud as a “Business” Model
Cloud modernization is critical in government agencies’ lowering their cybersecurity risks and improving Cyber posture, optimizing operations, and maximizing the potential in leveraging other emerging technology applications (e.g., artificial intelligence and machine learning). Choosing cloud does not actually mean choosing a vendor; it is a business model. Rather than thinking of cloud (and multicloud) as a destination, agencies should think of cloud as a great strategy requiring planning for the complete lifecycle and utilizing multiple vendors to maximize their capabilities and outcomes.
Using multiple cloud technologies brings new challenges and complexities to every phase of that lifecycle – design, build, secure, manage, and optimize – because agencies have to manage multiple public, private, and hybrid clouds. So, it’s vital to know what, where, and when to migrate for workloads, data, and applications – and the security and compliance required to maximize value and reduce risk and cost associated with missteps that necessitate multiple moves. For example, buying AWS does not mean that all of your cloud security comes along with it. AWS protects the perimeter of the cloud, but everything else inside the permitter needs to be secured on top of that. It means understanding all the data applications and workloads and what goes where and at what level of security.
The complexity that comes along with multicloud can be overcome. The key is a fully baked multicloud strategy that puts security first, optimizes internal resources, and utilizes the right industry partners, services, and solutions. When done right, agencies realize all the benefits of streamlined operations and optimized cloud environments with unified governance and security.
About the Author
Rick Rosenburg is the vice president and general manager of Rackspace Government Solutions at Rackspace Technology. He oversees services in support of government agencies and holds 35 years of leadership experience across companies that have supported the Federal government’s technology needs. Prior to Rackspace, the government services vet held leadership roles at NTT Data Services, Seros, and Dell Services Federal Government.