When government agencies plan a secure move to the cloud, they should look to existing guidelines and regulations to protect data, and look to established solutions to ease the move, said panelists at an FCW webinar on June 21.
“First and foremost, leveraging FedRAMP–that is critical to how you are going to best leverage cloud,” said Francisco Salguero, deputy CIO at the U.S. Department of Agriculture. “You have to understand, what OMB [Office of Management and Budget], GSA [General Services Administration], GAO [Government Accountability Office], what all these agencies are doing to help us move forward in the cloud.”
Salguero emphasized the importance of controls in FedRAMP certified products, as they help address security concerns. He also explained that the USDA wanted more than a quick reassurance on a vendor’s certifications–the agency sends its security team to vendors to examine evidence and artifacts to make sure all certifications are in order.
Salguero made his message clear to vendors: “One of the very first questions you’ll hear out of our mouths is… ‘Are you FedRAMP?’ If you’re not, then that’s an area that, from our perspective, it’s not worth the time and effort to move forward.”
Troy Rogers, Federal sales engineer for Rubrik, highlighted the certifications his company has, including a spot on the Defense Information Systems Agency’s (DISA’s) approved product list. “Rubrik made an investment in our Federal practice to ensure we would have those (certifications),” he said.
When agencies find the right solution, moving to the cloud presents an opportunity to optimize their systems.
“To me, what we found to be those critical steps is truly understanding your environment, and what I mean by that is application rationalization,” said Salguero. “Do you really need to be in the cloud?… Do you need to refactor [applications]? Or do you need to modernize them or sometimes, even completely retire them?”
“Taking advantage of multiple cloud vendors means that you can have the ability to get better pricing from them… but that is more than likely going to cause fragmentation. That fragmentation of data means that you’re going to have data in multiple locations, and you may not necessarily be able to identify where that data is or how to access it,” said Rogers, who plugged Rubrik’s Polaris product that provides the capability to index and locate items across multiple clouds and on-premises systems.
Salguero stressed the importance of keeping the end-goal in mind throughout the transition.
“Here in the Federal government, our mission is not necessarily IT. Our mission is to support the USDA, rural America, our farmers, producers and ranchers. Those are the people we have to deliver services to. By leveraging the cloud, we’re able to focus our resources toward that,” said Salguero.