Government agencies tend to be more reluctant than some others when it comes to adopting the hybrid data center, but that’s to be expected.
Even the relatively well-funded and well-staffed private sector can barely keep their hybrid operations secure, particularly as COVID makes them even more vulnerable.
So, it’s hard to blame government IT when it errs on the side of caution.
However, this does not abate rising demand for online public services pressuring agencies to develop digital capabilities at breakneck speed, while also juggling growing volumes of sensitive and personally identifiable data.
Then there are the aftershocks of remote work. Public servants will continue to expect remote access to the files and applications they need, increasing the use of cloud vendor services that aren’t on-prem.
How can government IT pros lead the agile shift to cloud and hybrid infrastructure, while balancing valid concerns in cost and security? Fortunately, a handful of strategies can go a long way.
1. Hire and empower security experts
Cybersecurity is a non-negotiable for any government organisation, but it’s also complex and difficult to successfully implement. IT teams don’t have to go this alone.
Seek collaboration with other cybersecurity, compliance, and risk assessment teams, tapping into their expertise to ensure best practice and governance-based implementation of cybersecurity and compliance protocols.
While one-pass security is never enough, a clean start can help defang future threats and reduce the risk of exploits leading to breaches.
Moreover, leaders should empower their experts to advocate security throughout all levels of the organisation.
There are lots of options, from one-on-on education to expert-led cybersecurity town halls. Learning from past breaches and attacks can be an effective way to teach security best practices to employees, consultants, and vendors.
Compliance teams should be given access to digital infrastructure to perform risk analysis and suggest proper documentation and protocols. A little hassle upfront can save days of pain, embarrassment, and costs down the line.
2. Grow deep monitoring capabilities
In the past, monitoring was simple, when all infrastructure was on-site with root access to all elements. Government IT teams were able to directly access, and keep their data and systems safe.
But the shift to hybrid and virtualised infrastructure will require powerful new monitoring tools to be employed.
It will also require new mindsets and habits — from passive security event monitoring to ongoing discovery and infrastructure monitoring of the entire hybrid infrastructure, around the clock.
This intense level of monitoring is possible with today’s integrated SIEM monitoring tools which feature a mix of detailed logging, compliance reporting, and automated threat detection and response capabilities designed for the virtual network.
This allows organisations to go from observation to detection and reaction within minutes. This high visibility allows IT to fine-tune threat response plans, allowing for decisive action, when attacks inevitably occur.
3. Focus on efficient but tested disaster backup and recovery
For most government organisations, the burning question shouldn’t be if or when a cyberattack will occur, but how they will recover.
Many organisations have found themselves crippled and unable to respond, simply because they missed maintenance of a few critical system and data backups.
The shift to scalable hybrid cloud infrastructure has also made uploading even huge data volumes available to almost everyone on the team.
This creates opportunity for every IT pro to lend their process awareness, tribal knowledge, and technical expertise to help ensure backups cover all critical operational areas.
Government IT pros will find their monitoring tools useful in this regard. Visibility over the full attack surface constantly probed by cyberattacks guides IT teams on where to secure critical data in unexpected places, systems, and processes.
But backups are just part of the equation — reliable, ongoing, and verified recovery testing and assurance is the other. There’s a reason this is the most commonly overlooked step.
The process of reinstating systems can be considerable depending on government department size and the complexity of its data and infrastructure. Invest accordingly.
Systems recovery for a local council, for instance, will be relatively simple compared to a judicial agency due to factors like the higher security profiles and data sovereignty.
Government IT should analyse and “walk” the topography of their constantly evolving hybrid infrastructure.
Then, based on discovery, create a comprehensive and timeline-sensitive backup and recovery plan to aid in getting operations back online quickly.
4. Tap into automation and agile methodologies
One of the advantages of the cloud and hyperconverged components of hybrid operations is management interfaces supporting Agile methodologies.
DevOps and containerisation tend to get the most focus, but all cloud infrastructure benefits from API over command-line management.
Because they’re designed from the outset to be automatable, fewer resources are required to continually measure, update, and improve security profiles and service quality.
For example, containerising large service applications allows them to be orchestrated and — in the event of a recovery — quickly terminated and re-instantiated to get operations back on track.
And employing the DevOps methodology to security allows for scrutiny, tests, and feedback to be performed throughout development, resulting in battle-tested and ready-for-action security policies.
Selecting a hybrid launchpad
As is often the case with complex and/or broad-spectrum infrastructure initiatives, determining where to start is a common challenge. Typically, teams focus on the “modern” or legacy side of hybrid infrastructure, but not both.
That’s natural; both on-prem and cloud ops teams face a skills gap with the technologies and methods of the other. Legacy on-prem is also simply more difficult to wrangle, primarily because it’s the area of operations with decades of investment and interdependencies.
Throughout my career, some of the best recurring advice I’ve received has been to resist the urge for huge, high-profile initiatives. Start small.
Nurture team interest in greater cybersecurity hygiene; implement automated monitoring and alerts; prioritise disaster backup and recovery… and the bulk of the remaining efforts can fall into place with team focus and upskilling.
When it comes to hybrid data center infrastructure, the private sector was out the gate early. But now it’s the public sector’s moment to take advantage of the same technology, but with fewer teething pains.
It’s a great time for government agencies to leap forward with proven hybrid operations tech, even if the details are still a bit messy.