Showing results for 
Search instead for 
Did you mean: 

Finding the Right Balance Between Modernization and Security

Level 11

By Paul Parker, SolarWinds Federal & National Government Chief Technologist

With 2018 two-thirds over, federal agencies should be well into checking off the various cloud migration activities outlined in the American Technology Council’s Federal IT Modernization Report. Low-risk cloud migration projects were given clearance to commence as of April 1, and security measures and risk assessments will take place throughout the rest of the year. 

Agencies must remain aggressive with their cloud migration efforts yet continue to enforce and report on security measures while undergoing a significant transition. Adopting a pair of policies that take traditional monitoring a step further can help them continue operating efficiently.

Deep Cloud Monitoring

As our recent SolarWinds IT Trends survey indicates, hybrid IT and multicloud environments are becoming increasingly prevalent. Agencies are keeping some infrastructure and applications onsite while turning to different cloud providers for other types of workloads. This trend will likely continue as agencies modernize their IT systems and become more dependent on federally specific implementations of commercial cloud technologies, as called for in the ATC report.

A multicloud and hybrid IT approach can create challenges. For example, “blind spots” can creep in as data passes back and forth between environments, making it difficult for federal IT professionals to keep track of data in these hybrid environments. In addition, trying to manage all the data while ensuring adequate controls are in place as it moves between cloud providers and agencies can be an enormously complex and challenging operation. It can be difficult to detect anomalies or flag potential problems.

To address these challenges, administrators should consider investing in platforms and strategies that provide deep network monitoring across both on-premise and cloud environments. They should have the same level of awareness and visibility into data that resides on AWS or Microsoft servers as they would on their own in-house network.

Deep Email Monitoring

In addition to focusing on overall network modernization, the ATC report specifically calls out the need for shared services. In particular, the report cites moving toward cloud-based email and collaboration tools as agencies attempt to replace duplicative legacy IT systems.

The Air Force is leading the charge here with its transition to Microsoft Office 365, but there are inherent dangers in even a seemingly simple migration to cloud email. Witness the damage done by recent Gmail, Yahoo!, and Office 365 email outages, which caused hours of lost productivity and potentially cost organizations hundreds of millions of dollars. Lost email can also result in missed communications, which can be especially worrisome if those messages contain mission-critical and time-sensitive information.

Agencies should consider implementing procedures that allow their teams to monitor email paths, system state, and availability just as closely as they would any other applications operating in hybrid IT environments. Emails take different paths as they move between source and destination. Managers should closely monitor those to help ensure that the information moves between hosted providers and on-premise networks without fail. This practice can help IT professionals better understand and monitor email service quality and performance to help ensure continuous uptime.

The fact that there is now a clear and direct map to modern, agile, and efficient infrastructures does not necessarily make the journey any easier. Thorough strategies aimed at cloud and application or service (like email) monitoring can help agencies navigate potential hazards and help ensure seamless and safe modernization of federal information systems.

Find the full article on GCN.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

Level 21

Call me a Luddite, but life was better, work was more productive, customer and employee satisfaction was greater--before we moved to O365 in the cloud.

A couple of weeks ago our ISP/WAN provider had a national outage that took down our access to the cloud for five hours.  Estimated negative economic impact to our business was nearly seven digits.

Now we're spending a LOT more money contracting parallel and separate WAN and Internet infrastructure between our one hundred sites, across three states.  More complexity, more demand on our internal network staff to do the job on which we'd previously relied on contracted service providers.  Their services will remain in play; we're simply doubling them for "reliability".  That one outage, and ten months of increased latency and associated slowdowns with Office, are ending us costing us millions in recurring annual costs, over and above the lost performance and productivity from when we had our own internal servers hosting MS apps.

I don't know where the dividing line is that says "At this point we will have lost more money and productivity than we expected to save by going to the cloud."  For me, that line was crossed the first time I used O365 and Outlook in the cloud.  It was immediately apparent the cloud can't hold a candle to the speed and reliability of locally hosted apps in our six existing data centers.

And this doesn't even address the added loss of security and increased exposure to risks that accompanies using the cloud.

Level 15

"They should have the same level of awareness and visibility into data that resides on AWS or Microsoft servers as they would on their own in-house network."

How do you get this from your cloud provider?

Level 13

Nice write up....however..........Idk that everyone would agree with this:  "The fact that there is now a clear and direct map to modern, agile, and efficient infrastructures...".

Level 15

Being a long time IT person, I guess I too am not seeing the benefits of pushing critical applications into someone else's data center and then relying on external communication partners to ensure that I can get to those applications.  I understand the available anytime concept that cloud infrastructure offers but in reality we are trading our data center for their data center and we are relying on slower infrastructure and increased expenditures to access our own applications and data.  Why would I give up a 100Gbps backbone in my data center for a 1Gbps internet connection?  What am I missing here? 

I realize that software piracy and licensing costs are a driving economic marker so the software developers (aka Microsoft, etc) but what benefits do we really gain from cloud migration.

Level 14

Yes.  Cloud makes the server side cheaper but harder to manage.  However it does increase the network costs as you will need multiple routes to the data which are outside of your control.  Changes are more difficult to manage and data security is partially taken out of your control (yet is still your responsibility according to GDPR).  If you are an SME I can see cost savings from cloud.  If you have 1000+ VMs and already have the hardware then all I see is management making techies redundant without realising the consequences.  Here they think cloud means no more support required in house and us techies are just crying wolf. 

Level 13

Same here re: the cloud.  We use an integration service that's based in Azure that has become mission critical and is highly time sensitive.  The outage yesterday took us out completely and it's *still* not back up.  In many years of hosting it ourselves we never had an outage that lasted more than a couple of minutes.  Doesn't sound like progress to me.

Level 21

I'm right there with you.  Putting Outlook in the cloud, and O365 in the cloud, slowed us down a LOT.

Then when we lost WAN and Internet services for five+ hours, due to  Provider issues a few weeks ago, it became even more clear that the cloud is not a suitably reliable and available solution for our needs.  We had 17,000 employees impacted by it, and untold numbers of patients affected.

Level 19

Ironically we had moved a bunch of servers to a hosting provider datacenter... it's all moving back to our own DC again now!

Level 14

I am going to have to dig in deeper into Deep Clousd Monitoring.  We are headed in that direction and of course, security is an after thought.

Level 13

More and more of our services are moving to the cloud but some services are already returning to the data centre. Think it’s going to be a case of trying to strike the right balance between service and security.

Level 21

Here's another classic outage, affecting MANY users, caused by human error today:

Ever wanted to strangle Microsoft? Now Outlook, Skype 'throttle' users amid storm cloud drama • The ...

Level 15

Thanks for sharing. We are going to O365 soon. Hopefully I have put enough bandwidth monitoring in place for it.
Level 16

Thanks for sharing.

Level 15

Monitoring is very important, but one must plan for "events." I see chatter about outages and such, just as we have redundancy in our data centers we need redundancy when we move to the "cloud." Without diverse ISPs (sometimes not even possible) there is the risk of outage from that front. I've seen many cases where companies thought that they had redundancy only to find the "weak link" was shared networks with the ISPs (not uncommon) Be sure to investigate, not just assume.

Level 15

There have been several regional outages recently. Some simply due to human error. Kind of scary.

Level 8

Thanks for posting this!

Level 13

Dang.  Hadn't seen that one yet.  Thanks for posting.

Level 12

working in the cloud is very useful but when you have electrical problem or network problem you are cut out of the world and you can't even work with office if you have paid only for the cloud solution without a local installation. I agree that working in cloud is more complex than in a local enviroment (i think about ad, development servers,and so on)

Level 15

You repeat the word "deep" and I think that is with good reason. Monitoring has become more critical than ever in that we need to see beyond the obvious. It used to be enough to know that we could get email from one person to another, now we have to be concerned with the time it takes - and more importantly, the integrity of said email.

About the Author
Paul Parker, a 25-year information technology industry veteran, and expert in Government. He leads SolarWinds’ efforts to help public sector customers manage the security and performance of their systems by using technology. Parker most recently served as vice president of engineering at Infoblox‘s federal division. Before that, he served in C-level or senior management positions at Ward Solutions, Eagle Alliance and Dynamics Research Corp.