How can the DoD employ a Cloud Strategy that is flexible and secure while reducing the number of “experts” necessary to implement and maintain the infrastructure?
Let’s start by breaking down the issues at hand. When you move from your own datacenter to the cloud there are multiple challenges in Networking, Security and very importantly with People and Process Challenges.
- Restricting access-based IP addresses and ranges prevents segmentation
- Multi-cloud network dependencies impede connectivity
- Lack of network automation, orchestration, and predictability
- Workloads exposed to lateral attacks in cloud subnets
- Root workload SSH exposure through key sharing
- Lack of consistent security controls across clouds
People and Process Challenges
- Network configuration errors impact agility
- Lack of network and security programmability slows DevOps
How do we make it more palatable to move to the cloud and still maintain a semblance of control?
Moving to the cloud requires some planning. Not every cloud provider is the same. However, connecting and protecting applications and data across on-premises and separate cloud providers has become as obscure and difficult as buying brand new hardware and software with only having to learn from “what someone else said” and not from real experience in your own environment. BTW, if it didn’t work in your on-premise environment the odds of it working in your cloud environment is almost nil.
Using native security controls to connect and micro-segment workloads and containers between local resources, availability zones, regions and across cloud providers is not only ineffective and inconsistent, but too complex to maintain at scale. The result? All too often we’ve seen teams inadvertently expose workloads to the public Internet by a simple security group error or Internet gateway change. This inability to quickly micro-segment and peer workloads across AWS, Google and Azure zones, regions, and between their on-premise environment forcing customers to consider writing their own control plane at considerable time and cost.
Utilizing software defined segmentation technology as building blocks for connecting on-premise to cloud environment should help to mitigate many of challenges mentioned above when building a hybrid cloud. Customers have eliminated the complexity, attack vectors, and costs associated with traditional security controls by adopting a unified identity-centric model for cloud and on-premises environments that is simpler and more secure. By deploying zero trust networking infrastructure as code, the security and network perimeter is moved from the network edge to the host, making policy orchestration explicit and programmable. With Software-Defined Segmentation, protection is automated, and workloads are made invisible to unauthorized machines, giving DevOps the agility and peace of mind, they seek.
In upcoming blogs, I will go further explaining a few of the industry best practices and how IMPRES Cyber Operation Solution (CSOI) can be successful in building hybrid cloud.
Chief Technology Officer
IMPRES Technology Solutions
Key to setting IMPRES apart from its competitors is their employees, most of whom are former operators in IT for Federal agencies or commands, thus bring with them actual experience as to the needs of this sector. In my 30 years of experience in the IT landscape, I have notably served in the US Army and worked for organizations such as IBM, Microsoft and DELL in a variety of positions from Senior Architect to Director/Enterprise Technologist. I lead the IMPRES’ mission to deliver Cyber Security, Cloud, and other IT solutions to fit the best interest of the client.
I enjoy working with OEM’s as a liaison and architect in my current role. This allows me to design, and build solutions including updates to OEM hardware and software and to create holistic solutions that can integrate with existing environments that meet or exceed the current challenges of today’s landscape.
In addition to being a Chief Technology Officer, I am a dedicated BSA Scoutmaster. I work with Scouts to provide guidance and training with merit badge requirements and lead contingents to World Jamboree and each of the Boy Scouts of America’s National High Adventure programs. As with all facets of my job and life, it isn’t about what I want, it is about what those around me need and how can I help.
eMail me with your IT questions, agency challenges or to say hello.