Although public sector organizations have been moving toward a multi-cloud operating model for some time, the COVID-19 pandemic accelerated the trend and forced new discussions around transformational cloud strategies. Today, several public sector agencies are seeing tangible benefits in terms of continuity, resiliency, management efficiency, and security.
“Multi-cloud is not a product or a vendor or a location, it’s a mindset,” said Matt VanSickle, Chief Technology Officer for the State of Montana, speaking at the 2021 Public Sector Innovation Summit sponsored by VMware. “And that mindset really starts with automation and security. And from there, you build on that mindset to deliver those services to the organizations you support.”
VanSickle was responding to Ranil Dassanayaka, Vice President of Architecture & Engineering, GEH, at VMware, who asked public sector leaders in one of the summit’s panel discussions how they are approaching the multi-cloud world. (Watch the full panel discussion here.)
Christine Finnelle, CTO at the U.S. Marshals Service, said her agency is on track to be a 100% multi-cloud agency within the next two years. “We’re almost…50-to-60% cloud-enabled already. And it’s a mix of IaaS and SaaS-type services that provide us a base for those multi-cloud, connections and services to be delivered,” said Finnelle.
The increase in FedRAMP offerings has made it much easier for the U.S. Marshals Service to adopt multiple cloud services while reducing operational overhead, Finnelle said. And while the agency still has some legacy applications that require modernization, the bulk of the effort has been what Finnelle calls a “lift and shift” approach, which not only provides ease of migration to the cloud in a multi-cloud world, but also provides the increased capabilities and security protections that the cloud offers at no additional cost to the base services.
Gary Washington, Chief Information Officer at the U.S. Department of Agriculture, who also spoke at the summit, said the USDA’s multi-cloud approach is based on the federal government’s Cloud Smart strategy.
“Our multi-cloud strategy continues to grow and mature,” Washington said. Today, 81% of the agency’s applications are in the cloud. Given the large number of missions USDA has, “we’re not really dedicated to one single cloud provider or technology,” he said.
“Our approach is to enable our mission and our multi-cloud approach,” Washington said. “We’ve been on this journey for the last for more than four years now. And we have seen tremendous benefits from taking this approach.”
Balancing innovation with security and compliance
Just as the addition of new FedRAMP offerings has streamlined the U.S. Marshals Service’s ability to deploy new cloud offerings quickly and securely, the federal government’s standardized approach to security and risk assessment for cloud technologies is having a positive impact on the state and local level.
“What we’ve done is focus on pre-vetted vendors, focusing on FedRAMP vendors already having that [secure] ecosystem set up,” said Montana’s CTO Matt VanSyckle. “And so when a business user comes to us with a design plan, we can immediately respond based on that pre-vetted idea.”
Another improvement has been the increase in the number of cloud tools available at FedRAMP High — the strongest FedRAMP security control baseline. “FedRAMP High status is important to us,” said Finnelle. “There are some very cutting edge, cross-cloud tool sets that are FedRAMP certified, and those that we’ve used on-prem now are adapted to the cloud models. And so the vendors that have done that are the ones that we adopt so we have that visibility and transparency.”
However, even with pre-vetted vendors from the FedRAMP program, VanSyckle advises his public sector colleagues to test their response plan to different security issues that may come up in any cloud environment. “That’s been the key to supporting that balance of innovation and security,” he said.
Best practices and lessons learned
Although multi-cloud environments are becoming easier to establish — and generating increasing benefits — all three public sector experts agreed that one size does not fit all.
The need to adjust approaches “applies whether we’re talking about legacy apps or migrating to a SaaS platform, or refactoring it within a commercial landing zone and using commercial tools to manage it. We believe each application has a unique customer interface and experience set,” said USDA’s Washington. “And as we go down this journey, we try to be more thoughtful about [how we] engineer applications in the cloud so that they will provide business value, and also minimize the costs that we have.”
VanSyckle advises his counterparts to have an agile mindset and a Plan B. “If you’re going to go into a certain product, or a certain vendor or a certain cloud…have a plan if you need to transition out and have that written down,” he said. “So planning the agile mindset upfront helps across the board and in multi-cloud environments.”
The future of multi-cloud environments in the public sector hinges on scalability, flexibility, and security. Agencies want to be able to spin up services, servers, storage, and tools leveraging a multi-cloud plane of operations.
“Now with the cloud, there’s that option for the advancement and expansion to things we haven’t even thought of yet,” said Finnelle. “We don’t want to have a proprietary back-end OS in one cloud and another one in another cloud and not be able to talk or create multiple data lakes. We want something that’s federated, something that’s seamless.”
Learn more about the “Multi-Cloud” strategies and how VMware is helping to accelerate public sector innovation.