For many organizations, moving to the cloud can be such an intimidating effort that they don’t even know where to start. Federal, state, and local government cloud experts recommend that organizations stop worrying about where to start, and to “just do something” to move themselves along on their cloud journey.
During an August 26 event hosted by NextGov, Michael Anderson, chief information security officer (CISO) for Dallas County, Texas, and Shane Barney, CISO at the U.S. Citizenship and Immigration Services (USCIS), agreed that the first step in starting the cloud journey is the scariest one.
“Where to start? That is seriously one of the biggest, daunting tasks,” Barney said. “Cloud is a big thing to take on. It worries a lot of organizations, especially if they have very little experience with it.”
“Just do something,” he advised. “Something is better than nothing, and even if your resources only allow you to do a few steps forward, at least it’s that much more forward.”
Although some organizations may not want to take that first step in cloud adoption for fear of failure, Barney says that doesn’t matter in the long run, because failing will still accelerate agencies in the right direction.
“Establish a quick, high-level document of where you want to go and move,” Barney said. “Even if you make the wrong decision, get ready to pivot. You know, fail fast, fail forward is the mantra, and that is a really key principle I think in moving and getting started and getting going.”
Anderson agreed that some of the nitty-gritty technical cloud talk – such as micro-segmentation – can scare organizations away from even starting their move to the cloud. In order to combat the anxiety of starting the process, Anderson advises organizations to decide what their “crown jewels” are, and then to take it one step at a time.
“Knowing where to start, that has been the most difficult piece. Now add to it the micro-component, and for a lot of folks, it just gets so daunting that they literally don’t know what to do,” Anderson said. “My advice to anyone starting this journey is to develop a set of criteria to take care of – that which is most important first – and then start working your way out little by little until you’ve got all of the business units taken care of. And then at that point, you’re really postured well to move into a micro-segmentation.”
By taking that daunting first step to move to the cloud, the experts agree that organizations will see a number of benefits – automation being one of them.
Barney said automation allows USCIS to follow the National Institute of Standards and Technology (NIST) cybersecurity framework with ease. Those risks are addressed through automation, which then allows his agency to free up its resources – such as its people – to “have the time and energy and the bandwidth to go and be curious about the infrastructure, be curious about our systems and how they’re configured and set up.” He added, “You know policy within the Federal space … has yet to catch up with that.”
To close the event, Barney offered up policy recommendations for the Federal government, saying policy needs to evolve with the technology and threat environment.
“On policies, it has to remain fluid,” Barney said. “Cloud is an ever-changing environment and the threat environment is changing even more so. So, if we create policy today that’s very static, very narrow, very perimeter, sort of structurally-based, or we’re going to put up all these big walls and these moats, we’re going to be right back where we are today.”
“What we really need to do is create policy that can adapt and change just as fast and just as quickly as the environments changing, so that we can actually become proactive towards that as opposed to reactive,” he added.