Whose cloud is it anyway? Without a doubt, cloud computing has entered into the peak on the vaunted hype cycle. Vendors are touting the virtues of their clouds as the calls of “come to our cloud” echo through the social mediasphere and even old fashioned media streams. I even have dreams – more like nightmares – wherein a late night infomercial host spouts with very assertive voice; “come to our cloud – it slices, it dices, it blends, automates and even manages!” Although these clouds no doubt add value and have a role to play in the ecosystem of cloud service providers, a major question remains. Which cloud is right for your agency?
Not all clouds are created equal. Clouds are built to address the common requirements of their intended user community. Security and service levels need to be carefully considered. The following figure depicts an evolving strategy and model for Federal cloud adoption. In this model of a hybrid and optimized Federal cloud, we see that at one end of the spectrum, [A], security requirements and service levels are relatively low. Such an environment is conducive to public facing workloads. Although still substantial, security requirements for public data are considerably less than other data types. Service levels, such as availability, hover at only three 9’s (e.g., 99.9%). At the other end of the spectrum, both security and service level requirements are extremely high [C], demanding the strictest confidentiality, integrity, availability, and service level performance (e.g. 99.999%). Examples might include applications and data that directly support national security, defense, transportation or other critical infrastructure missions. Generally, such stringent requirements are best met by a private cloud. A private cloud gives agencies total control over the configuration, management, compliance and security services necessary to ensure the high performance of mission critical applications and associated level of security assurance.
Between these two lay sensitive but unclassified workloads [B] such as core financials, human resources, procurement, and other application services involving personally identifiable information (PII). Their security and service level requirements are higher than public facing services, but somewhat less than truly mission critical workloads. Architectures built to support FIPS-199 moderate or high levels are usually sufficient. Since these workloads tend to be common and commoditized, external cloud service providers such as the Federal Shared Services Centers, commercial shared services providers, or internal agency-wide service providers are options.
Security and service levels, therefore, are driving the formation of “communities” of members with shared requirements. A hybrid cloud model is taking shape along these lines. Federal agencies with private clouds need control over monitoring, management and mobility, which requires an open standards API-based framework. Moreover, the ability to maintain compliance efficiently within a holistic incident detection and response capability is necessary. In this manner, Federal agencies will gain the considerable value cloud has to offer and avoid the pitfall of “cloud silos.” The ability to secure, manage and control the cloud environment from one central location with modern management frameworks becomes an imperative in the hybrid cloud model. Based on their dynamic nature, clouds require a new level of control and management that helps orchestrate and protect themselves. But this is only the beginning. The real mission value becomes evident when services support end user communities of interest.
And this brings us back to where we started. Which cloud is right for your agency? It’s not one cloud at all. Rather, it’s a hybrid cloud that consists of multiple clouds – private, virtual private and public - to meet the varied requirements of your agency. These clouds are tied together and controlled from within your private cloud but still have the flexibility for you to choose which workloads you want to run and where you want to run them. Your cloud is a flexible, agile hybrid cloud that you control.