Multi-Cloud Lessons Learned From VA, USCIS

Multi-Cloud Lessons Learned From VA, USCIS

A multi-cloud environment is critical to supporting beneficiaries and agency operations.

As the federal government harnesses the advantages of the cloud, agency leaders are strategizing around the benefits of multi-cloud environments to accommodate capabilities like automation and shared services.

The Department of Veterans Affairs has been facilitating a multi-cloud approach with Amazon’s AWS and Microsoft Azure since inception, said VA Enterprise Cloud Solutions Director Dave Catasono. This started with the migration of 500,000 email accounts to Office 365 in 2017 to early 2018.

After setting up launch pads or landing zones to ensure all the basics for the cloud environments were in place for its delivery teams, the VA was able to migrate its applications and is heading toward a more mature position for automating processes.

“We really dove head first on the software-as-a-service side first,” Catasono said during GovernmentCIO Media & Research’s Cloud Summit Thursday. “We're maturing [to] a more enterprise-type approach. We're putting more enterprise tools in place to manage across those environments, we're putting more standardization and governance tools in place, and we're also looking at adding a platform layer on top — which enables common containerization orchestration and the ability to use a true multi-cloud.”

For the U.S. Citizenship and Immigration Services, a multi-cloud environment has also supported delivering services faster for its beneficiaries in three main areas — product delivery, software deployment schedules and domain-driven design for running modern platforms like Kubernetes that automate operational tasks and manage containers.

“Our strategy within USCIS is a container-first strategy,” said Enterprise Cloud Services Branch Chief Steven Grunch. “When we build new applications within the agency or when we start transforming services, we’re looking at doing that on a container platform. The way that multi-cloud has helped with that is that today, if we want to deploy a Kubernetes cluster to any of the cloud environments, all of the cloud providers make that pretty easy for us to do.”

One of the main hallmarks to running a successful multi-cloud environment is centralized governance for the procurement of cloud services in order to monitor and drive down agency costs.

“You have a centralized governing body that determines which cloud environments you’re going to use, how things are going to be procured, and those decisions are made from a central point," said Grunch. "No matter what cloud you decide to go to, all of the contracting and the procurement of those services are done through a simple contract, at least on the infrastructure side."

Grunch also noted that one of the significant roadblocks to multi-cloud adoption was governance and leadership support. Both federal experts said that clear direction from executive-level leadership and strong buy-in for a multi-cloud approach would accelerate the adoption process.

Lastly, federal agencies must also take into account security compliance and visibility of user activity in a multi-cloud environment, which may be challenging given the potential network vulnerabilities that need to be continuously checked and monitored across the cloud environments. 

Robust security compliance is achievable through cross-platform tools to scan environments from an accreditation perspective, and employing a continuous, zero-trust security model.

“If you have your tooling set up in one cloud, to be able to see what's happening from an instrumentation perspective or from a security compliance perspective, it can sometimes be a challenge to move to other clouds,” said Jose Padin, the director of sales engineering for U.S. public sector at Zscaler. “Looking at tools that create that ability to get visibility to security across the cloud is a great thing to think about up front.”

Looking forward, the panelists said that they are not only looking at improved governance and security tools to utilize in their multi-cloud environments, but they are also looking into cost management tools and automated deployment through AIOps to support various projects, such as those related to research and development, to improve services offered to agency beneficiaries.

“Our main focus is delivering innovation services and excelling our rate of innovation to get services to [our beneficiaries and staff] directly. So we’re taking advantage of all these cloud platforms and even what our on-prem infrastructure has to offer,” Catasono said. 

Standard