The State Department is taking a mission-oriented mindset when deploying cloud services to operate effectively within a multi-cloud environment and to avoid unnecessary costs, an agency official said on August 26 during an FCW webinar.
The State Department is a far-flung agency with about 110,000 users, 275 worldwide locations, 50 locations in the U.S., and 47 different reporting organizations that all have their own unique security categorization requirements and business use cases that require IT support. Therefore, the agency adopted a multi-cloud approach to gets its arms around those numerous sectors and missions, said Brian Merrick, the State Department’s Cloud Program Management Office director.
“With such a large number of disparate business requirements, it’s really important to think about having more than one cloud provider to meet those needs,” he said.
However, before deploying any cloud services, the agency needed to adopt a mission-oriented approach. Merrick said the State Department had to sort out its various mission purposes and make sure the correct tools would be utilized for each mission, whether using on-premise servers or cloud servers.
“You can end up wasting a lot of money and [creating] suboptimal solutions at times, which can create security vulnerabilities if you’re not using the tool that’s optimized for the job,” said Merrick.
Merrick also explained that utilizing the same provider for platform management and security controls capabilities within different sectors of the department can be very challenging and costly. Therefore, the agency has consolidated its cloud servers and began providing those capabilities.
According to Merrick, this enables big benefits on the security side because it limits threat vectors. It also means there are fewer areas on which to focus limited resources, and a better rate of shared security controls across the enterprise.
And, he said, when organizations need to get authorities to operate, there are fewer controls that each system owner needs to manage. That reduces cost, time to market and increases security and consistency, Merrick said.