As GDIT’s global chief information officer and vice president for supply chain, Kristie Grinnell leads the company’s enterprise IT strategy and initiatives. Having helped move GDIT to the cloud, Grinnell now works with federal agencies to support their enterprise IT transformation initiatives. Grinnell began her career as a manufacturing engineer at GM who turned her analytic skills into high-profile positions as CIO for GDIT, chief of staff and global IT strategy executive for PricewaterhouseCoopers, and later as director of planning and governance and as director of client delivery enablement for CSC.
In this FedScoop interview, Grinnell highlights some of the critical considerations agencies should keep in mind as they move more of their IT operations into a hybrid cloud environment.
FedScoop: We hear people talk often about hybrid cloud environments. How would you describe what makes up a hybrid cloud environment? And why is it important to government agencies?
Grinnell: Hybrid cloud actually means different things to different people as cloud has evolved over time. First and foremost, I think about it in terms of what as-a-service are you getting. Hybrid cloud could be infrastructure-as-a-service, software-as-a-service, platform-as-a-service, database-as-a-service, you-name-it-as-a-service. You could get a little bit of software-as-a-service from here and infrastructure-as-a-service from there.
The other way you can consider hybrid is it could include on-prem — something I do in my own data center — and something I get from a cloud service provider. It could be a service within a public cloud or a private cloud, like the community clouds that we see in the government’s secret clouds. And then it could be services from multiple cloud providers — AWS, Azure, Google, Oracle, IBM — and the services they have.
But hybrid environments are important to our government agencies, because the cloud is not one-size-fits-all. Depending on your data requirements, your security requirements, where your end-user is coming from as they access whatever workloads you’re putting into the cloud, and the interoperability you need with your other systems, agencies need to be able to choose the right [mixture of] environments for the cloud, or for the job. It is rare that you would find one cloud is the best for all of your data and workloads. And, government agencies need to be able to manage and govern these multiple environments as one hybrid enterprise, seamlessly and efficiently.
FedScoop: Technology and services available via the cloud keep evolving at blazing speed. How can Government agencies ensure they’re taking proper advantage of these services to further their mission, while ensuring appropriate security and contractual support?
Grinnell: You hit the nail on the head. Speed and agility are obviously compelling reasons to move to the cloud. However, the type of data and how and who can access the data should be your first consideration. Once you’ve ensured the security of the environment, then you can start thinking about how you can take advantage of all of the other technologies in the cloud with speed and agility. An enterprise architecture — a secure, standardized way of getting to whichever hybrid cloud environment you want — allows you to build on the speed of the cloud. Standards around how you operate in the cloud and leveraging containerization so you have portability, can plug and play within the cloud capabilities and change out services as you need them.
Because cloud capabilities and technologies are changing so quickly — Cloud Service Providers (CSPs) are introducing new capabilities in their cloud environments with every release that they do — you need to be prepared to use them or say that you don’t want to. And a good, sound enterprise architecture helps you make this decision.
Then as you define the service catalog that you need within each of the clouds, you can really create that ability to move at the speed of the cloud, which is why we’re all there, right? We want to have the agility and the speed of moving with the technology and capabilities that are available for us in the cloud. This is where a contractor and the right partner comes in: You need a contractor that understands each CSP’s capabilities; a contractor that can secure your cloud environment; and a contractor that helps to build the right technology and process standards to unleash the power of the cloud.
Having that deep mission understanding, you can start to connect the dots: For this customer mission, with these needs, I would use this cloud in order to get you there because it provides you this level of security or this level of agility or this level of capability that enables the customers’ mission. And GDIT does all of that being a partner to all of the major cloud service providers.
FedScoop: Large corporations and government agencies, with hundreds of thousands or even millions of users, have many diverse needs as well as sub-entities moving at different paces. How do you align a large constituency like that around the cloud? And how does that affect your technology solution?
Grinnell: This is every CIO’s challenge, right? Number one, we’re stuck with this legacy technology stack that has grown over time — sometimes through acquisition, sometimes trying to do things on the cheap to get the job done quickly — or something that’s just evolves without a real strategy. So you have all this technical debt. And you must think through, “What is that going to look like and what is my roadmap to get there?” Then you have all of these customer needs that are very different — and different viewpoints of what the cloud can offer you and which cloud you should go to.
But we’ve learned there are a couple things you have to do. The first is, by putting in place that enterprise architecture we talked about, you have some standards of how you’re going to bring people to the cloud, use the cloud and which clouds you should use in order to meet that customer mission.
Secondly, you have to realize that you have to meet all of those needs in a different way. And this is where it’s not about technology. It’s really about organizational change. And how do you bring the hearts and minds along to help your customer feel comfortable and understand that the cloud is secure, because we have built a sound enterprise architecture with the right cyber controls to ensure it is; that you’re not going to lose complete control, because we have chosen the right cloud experience for you based on your needs; that this isn’t going to break your budget, because we are buying what we need, possibly shutting down applications and releasing data center real estate costs we no longer need; and the more exciting part, which is that we are going to keep pace with technology and move at the speed of the cloud service provider rather than be stuck with our technical debt. We can now leverage advanced technologies for you in the cloud. And that you don’t have to do it on your own.
All of those things have to be brought together so that your customer, as you’re moving them to the cloud, feels that their needs are going to be met. And focus on the mission. Focus on the warfighter. Focus on the citizen. Understand what those needs are and match them up to the right cloud experience. Put that strategy and roadmap in place to drive it, and the organizational change construct to get there, and you can start to move faster every time.
FedScoop: Government agencies have highly sensitive workloads. How can agencies maintain control of their data and ensure security that does not risk unexpected disclosure?
Grinnell: This is where you have to really understand your data first. Data is what we’re securing at the end of the day, and your access to that data. Then you choose which cloud is applicable for the security needs and user experience of that data, and the type of security controls that you need to put in place. Do I need it to be FedRAMP certified? Do I need it to be IL (Impact Level) 5 or IL6? Once we get that, then you can really think about that enterprise architecture again.
Most agencies — not all — are going with the concept of zero trust, where we are thinking about having to validate user access before you give them access to your data, which gives you that sense of control … before they come in through those security controls.
And then, thinking about your experts managing all of these services and the mind-shift that has to take place, from what on-prem security would look and feel like versus when you go to the cloud. You want to make sure you’re not thinking physical security and how you would work in your own on-premise data center — but switch your thinking to virtual security. You have to secure how you connect to the cloud. You have to secure your application in the cloud. You have to secure access to data within the cloud and applications that connect to what is in the cloud. This is the enterprise architecture and standards you build to secure, integrate and operate within the cloud.
FedScoop: The cloud’s elasticity — and the AI and machine learning services available from cloud service providers (CSPs) — offer never-before-seen opportunities to understand massive amounts of data. What are some of the challenges and solutions to realizing the benefits of agency data in the cloud?
Grinnell: That’s right. This is where GDIT’s expertise really comes into play, because with the amount of cloud instances we have and cloud professionals we have, we know how to take advantage of those opportunities. Many of our customers value the fact that we are able to do this in an agnostic way. We’re in a position to give them an unbiased view of what’s best for them at a given point of time and help them navigate between CSPs.
That’s important for several reasons, but in particular, to avoid a degree of vendor lock-in and making sure they get a rich suite of services. GDIT is not only a technical resource, but we’re mission-savvy. We understand our customers’ business and can help advise them on ways in which they can augment their rules and workforce to be able to optimize the cloud with a common set of tools.
Security is always key before you can use any of those opportunities, you have to think about the security that’s involved with them and getting that required level of access.
Then once you have all of this data in the cloud, you have all of this scalable, agile storage and compute power with out-of-the-box capabilities that come with each different service provider. AWS provides something different than Azure which provides something different than Oracle — and each one of those capabilities should be thought through as to how you want to use that data and take advantage of the power of the cloud. This could simply mean more storage for your security logs in the cloud or it could mean more calculations that can run faster to analyze those logs. Or maybe both.
So the sky is really the limit. And we’re doing some really cool things with different customers in the cloud, based on the need that they have and the data they have. If you tried to do that in your own on-prem data center, you’d be waiting years to get enough storage and compute power, because you’d have to procure the hardware, set it up with all the cables and wires, install and configure the right software and test it with the security and all of those things. So it really gives you a great opportunity.
Learn more about how GDIT is helping agencies design systems that deliver increased speed, savings and security.
This article was produced by FedScoop, and underwritten by GDIT.