Through a fine balance of hybrid-cloud/edge-cloud infrastructure and a “shared fate” and Zero Trust paradigm, can the risks be managed?
As governments worldwide seek greater efficiency and transparency, adopting cloud technology natively has become a viable solution despite its risks.
Cloud-native government platforms will have to dynamic, scalable, and resilient. In order to achieve this, they will need to use microservices on immutable infrastructure. The approach also has to be cloud-agnostic: deployable across cloud providers and not dependent upon proprietary tools or a single provider’s platform.
Jay Jenkins, Chief Technology Officer, (Cloud Computing), Akamai Technologies, shared his views on these considerations with DigiconAsia.net readers.
DigiconAsia: What are the challenges for government agencies in migrating to various cloud computing infrastructures?
Jay Jenkins (JJ): For government agencies that are looking to migrate to a cloud environment, some common challenges include migration cost and legacy infrastructure (other than security considerations and track records of incumbent technology service providers).
Transitioning from legacy infrastructure can be challenging, particularly for government agencies that are reliant on legacy systems. One such concern will be the mismatch between services placed on a cloud platform and its own legacy internal network infrastructure — this can result in latency or connectivity issues that render cloud services unusable with on-premises infrastructure.
To address this, government agencies looking to make the transition must first invest in systems that can meet the bandwidth demands of cloud computing, which ties into the upfront migration costs that must be considered. To ensure seamless connectivity, organizations such should look at providers that utilize the edge-cloud, where cloud computing is brought to the edge of the network, and cloud resources rendered closer to legacy systems and to end users.
In particular, government agencies looking to tap into new and emerging technologies (e.g., GenAI) will find that edge-cloud infrastructure can provide the processing power and latency that these technologies require to reach their full potential. Remember that a migration to a cloud and between clouds is a continuous one. Migrate and build, learn and adapt, repeat.
DigiconAsia: What strategies should be adopted to facilitate seamless data exchange and integration across heterogeneous environments?
JJ: Ultimately, this comes down to having a cloud-agnostic approach where applications are not developed with proprietary tools to work with a single provider platform. This allows workloads to be portable and deployable across different platforms, including legacy systems.
Ensuring this portability across heterogenous environment comes down to the government agencies’ development approach when it comes to the application architecture.
For example, when building truly cloud-native applications, key technologies like containers and microservices architecture are available. These organizations also need to consider the other services that they depend on: databases, storage, and supporting services. These also should be easily portable to other providers.
With cloud-agnostic applications, organizations are not beholden to a single provider for their development/maintenance/operating needs and their proprietary tools, avoid one of the key reasons for vendor-lock in.
DigiconAsia: Are the costs associated with cloud-native solutions in government agencies (and the government as a whole) a concern when it comes to such mission critical investments?
JJ: Compared to owning and operating their own infrastructure, governments will need to take vendor costs into consideration.
For government agencies to effectively manage cloud costs, it comes down to three key factors:
- Managing egress costs: This factor can be unpredictable in government-level work, and can lead to a phenomenon called “cloud-bill shock”, commonly associated with locked-in hyperscaler environments.
- Flexibility to scale cloud resources: Without vendor-lock in (which comes with significant switching costs), organizations can switch providers and scale down/up in order to optimize their cloud spend and find the right provider for the right workload to maximize ROI.
- Having visibility of billing and usage: This is key to ensuring fiscal responsibility for government organizations when it comes to cloud spend.
DigiconAsia: How can government agencies ensure that sensitive citizen data stored in cloud-native environments complies with national and international data sovereignty regulations and cybersecurity needs?
JJ: Cloud security, compliance, and sovereignty are normally an area of shared responsibility. Government agencies need to go beyond this to a deeper partnership using a “shared fate” model where working together is a better and more secure approach for all involved.
To effectively protect government-level cloud-native architecture from cyber threats, the agencies need to take a multi-layered approach to security strategy, instead of a one-solution-fits-all approach.
- Some common capabilities that should be integrated into government cloud security include threat intelligence, identity and access management, and continuous monitoring.
- Zero Trust Network Access solutions can provide secure remote access to cloud assets with every request, ensuring that applications are continually authenticated. Traditional cybersecurity measures like firewalls do not require continuous verification. With Zero Trust, government organizations can segment their cloud assets while ensuring that users have secure access to applications and data in both on-premise and cloud environments.
- Government agencies need to secure assets and control access in real-time, which is of crucial importance when it comes to the elevated threat landscape today. This can be done with minimal downtime and interference if a unified approach is handled correctly.
- Additionally, the risk of cyberthreats leading to denial/downtime in key services provided by government organizations can also be mitigated by the structure of a distributed/agnostic cloud approach. A distributed cloud, which is only possible with a provider-agnostic approach, offers greater resilience and minimizes downtime risk by not being tied to a single cloud provider.
DigiconAsia thanks Jay for sharing his professional cloud infrastructure insights with readers.
