Stackarmour

Driving cybersecurity and digital transformation with cloud

Enterprises – especially in regulated industries – need to demonstrate compliance with NIST, HIPAA and GDPR to address an increasing set of privacy and cybersecurity threats. Cloud computing platforms provide a ready-made solution, but most organizations struggle with how to begin the transition. Here are some relevant lessons from large cloud modernization and migration programs.

Commercial cloud computing platforms provide a complete set of computing, security, governance and compliance services that are supported by standardized and externally certified processes and procedures. AWS has invested in obtaining several widely used accreditations such as FedRAMP, SOC-2, ISO 27001 and many more. Further, cloud service providers like Amazon Web Services (AWS) have strong management and operations processes to help protect digital assets and allow organizations to innovate. All these investments make it easier for public sector and regulated markets to leverage these existing services to improve the security posture rapidly.

Large US government agencies – including US Treasury, Food and Drug Administration (FDA), GSA and NASA, among others – have successfully implemented transformation programs based on accredited cloud services. State agencies like the District of Columbia’s Health Benefits Exchanges (DC-HBX) have also adopted cloud-based digital transformation services to not only deliver health benefits insurance services to citizens of their state, but also pioneered a shared services delivery model with other states such as the State of Massachusetts to deliver efficiencies.

All these programs have some common patterns and approaches that are essential for public agencies looking to transform and modernize through cloud technologies. Any cloud initiative must have clearly defined goals and objectives. Public sector organizations have an urgent need to fill their security backlog and continue to deliver citizen facing services with scarce resources and limited budgets. These factors make cloud-based solutions an ideal transformation platform.

Create a Center of Excellence

Given the complexity and paradigm change, it is critical to establish a digital transformation office or center of excellence staffed with motivated and qualified experts with hands-on delivery experience. Some of the more successful examples of such organizations include GSA’s 18F, Treasury’s Treasury Digital Service, and Defense Digital Service (DDS) amongst others. Smaller organizations like the DC-HBX designated an empowered technical team to pursue cloud-based modernization strategies. The Digital Transformation team establishes the infrastructure to help jumpstart the modernization journey. The composition of the digital team is important – it must include technologists, business subject matter experts and security professionals to ensure that compliance and security requirements can be met.

Governance and Shared services

A critical part to ensuring the economic benefits of adopting cloud platforms is the adoption of a Shared Services-based Consumption Model. The design of a Shared Services based governance and cloud adoption framework allows for greater security and lowering of the overall cost of operations. There is a great deal of flexibility and models to choose from (e.g., the District of Columbia’s Health Benefits Exchange and the State of Massachusetts partnered up to deliver health benefits insurance by using a common AWS-based cloud platform). This helped fund the development and operations of the overall platform. Other organizations like the US Treasury developed their own cloud-based platform called Workplace.gov Community Cloud (WC2) to deliver FedRAMP approved cloud services to other offices and bureau’s. The ability to offer cloud-solutions based on a shared services delivery model allows for cost sharing, reduces duplication and accelerates the delivery of solutions.

Application Rationalization

Creating a rapid and highly self-service driven application rationalization framework is critical to gaining momentum. Most successful cloud modernization initiatives are high on code, actionable examples, and rapid problem solving in place of powerpoint, word documents or excel spreadsheets! Creating a Cloud Adoption Suite with pre-fabricated cloud decision trees that help create a common understanding of cloud modernization is essential. The stackArmor Cloud Adoption Suite is equipped to help organizations jumpstart their cloud adoption and migration effort by covering key decision points including – is my application ready to move to the cloud? Should we use IaaS, PaaS or SaaS? What is the estimated cost to operate in the cloud? How can we quickly test or evaluate cloud-solutions? How do we secure our applications and data in the cloud? The Cloud Adoption Suite provides a holistic approach to assessing all aspects of the cloud migration lifcycle including whether to rehost, replatform or rearchitect using the Migration wizard. Developing such tools also creates digital assets that can be leveraged across the organization. It is critical to avoid analysis paralysis and avoid “doing too much too soon” thereby slowing down the application rationalization effort.

Agile and Iterative

Successful cloud modernization and transformation efforts need strong and effective communications strategies to drive change as well as the ability to deliver quick wins. This is only possible with agile and iterative techniques that use best practices like iterations, sprints and creating backlogs to delivering initial operating capability. In many ways executing a cloud migration project is like creating a “product”. We have successfully supported organizations like US Treasury with their cloud modernization effort called Workplace.gov Community Cloud (WC2). Also, GSA 18F’s catchy Cloud.gov service and other agencies including HHS/FDA. As a result we have successfully captured and created a proven playbook that we call stackArmor Agile Cloud Transformation (ACT).

Organizations especially in regulated markets should look to leverage FedRAMP accredited cloud services to meet the increasing threats and compliance needs. Learning from other examples and experiences can help avoid potholes and accelerate the cloud adoption journey.