search

ombegov / cloud.cio.gov

Federal Cloud Computing Strategy Website
Other
13 stars 6 forks source link

security and a vision for cloud computing #5

Open dwagner4 opened 6 years ago

dwagner4 commented 6 years ago

I understand why people dig in their heels and have to be dragged into the cloud kicking and screaming. It is inevitable that the large number of SysAdmin, Devops and Cybersecurity positions maintaining all those disparate networks and data centers distributed throughout the government will be consolidated into a small number of highly paid/trained experts maintaining a few government cloud infrastructures. It will be workforce carnage.

With the cloud most of agency IT will be configuration of SaaS applications and helpdesk. Vital skills will be UX, Business Analysis, Data Science and possibly AI. We already see the future with email, file storage, and applications like Salesforce, etc.... the amount of in-house software development will also shrink drastically and that will look more like lamda functions and hosted services. No one will be using their own computing stack (probably too strong, there will always be a few needs at the bleeding edge).

From a security perspective, complexity is the hackers friend and the cybersecurity threats are becoming exponentially more complex. The idea that we can implement architecture, train personnel, patch systems and monitor conditions on thousands of network islands is absurd. If it were a software application, I'd have to say that "big O" is exponential and it will blow up if we try to scale. Human error only will kill it. In fact, this is where we are. Hackers just have to find the one point where someone hasn't kept up or the system is obsolete. We have to cover everything with a system that has implementation lag, variable skill levels and bad communication. Current clouds may have issues. Developing secure government clouds (public and/or private) is the only viable long term security solution.

I suggest transitioning quickly, like ripping off a band-aid. Hybrid solutions are painful and increase difficulty and complexity. Migrate fast, reduce personnel/contractors and save a boatload of money.

bpierce998 commented 6 years ago

Agree that we would like to see 'secure government clouds (public and/or private)', and sooner rather than later is spot on. A couple of legacy systems that we run out of existing DOI datacenters benefit greatly from the proven services that surround a hosted environment, and the cost/benefit equation definitely should be considered rather than a one-size-fits-all outsourcing model which relies too heavily on external, for-profit providers.