This article is an excerpt from GovLoop’s recent guide, “5 Cloud Trends to Watch in Government.” Download the full guide here.
Government IT teams are at a crossroads when it comes to balancing citizen and user demands, technology, and security priorities. For example, there is also an enormous push to consolidate data centers and move processes to the cloud and shared services — and to do it quickly. But agencies must adopt these changes in a secure manner, without exposing government systems to hackers and potential data breaches.
For agencies at all levels of government, reconciling the need for security and protected data with storing information in the cloud can be a difficult process. This is especially true given the many IT compliance mandates and the fact that securing infrastructure and workloads are often manual processes.
How can government agencies move workloads to the cloud quickly, while staying secure, and not requiring an increase in manual processes?
The answer is automation. To better understand how automation is enabling secure cloud adoption in government, GovLoop sat down with Adam Clater, Chief Architect for North America Public Sector at Red Hat, a leader in open source technology, is automation.
At its core, automation is the use of technology to perform tasks without human assistance. And IT automation is the use of a system of instructions to carry out a repeated set of processes, which replaces manual work done to IT systems.
IT automation in the cloud helps with efficiency, delivering value faster, and solving IT and business workflow challenges.
“Automation is the cornerstone of cloud, datacenter consolidation and IT modernization,” Clater said. “No matter what aspect of IT you are engaging with, automating manual processes is proven to increase reliability by reducing manual errors, decreasing time to deliver IT assets and is key to building self-service capabilities for your enterprise.”
Clater recommended that agencies look to implement a strategy that automates application management, security and deployment in order to facilitate workload migration to the cloud.
“Automating your cloud workloads gives agencies more flexibility to deliver services faster and scale workloads and services in a way that reduces bottlenecks,” Clater noted.
The next phase that agencies are beginning to move into is automating the application of security controls. More recently, Clater explained, agencies are being exposed to automation technologies that address issues of security scanning, remediation and documentation.
“It would be next to impossible for any agency to scan their infrastructure from a security perspective without pretty extensive automation,” Clater said. “When you conceptualize the idea that you might run a hundred or more automated tests against a single host, and there could be hundreds or thousands of hosts throughout an agency’s infrastructure, automation is really key to that.”
Agencies are also integrating security automation technologies with their existing tools. This integration helps them to better track any changes on their networks or in the cloud and to ensure those changes are fully documented. As part of this documentation process, agencies must also ensure they are using pre-approved technology building blocks.
One of these instances is the OpenControl project. The project is the undertaking of an open source community working to develop the tools necessary to align security assessments and authorizations with modern, continuous software development and delivery. Agencies such as 18F, the National Institute of Standards and Technology, and others contribute code to the project, as well as vendors like Red Hat.
“Red Hat is one of the largest contributors to the OpenControl project,” Clater said. “We’ve been making a lot of code commits to automate documentation around our products.”
One other manner in which Red Hat that helps government automate processes and security compliance in the cloud is through their automation engine, Red Hat Ansible Automation. It automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and more. Using Red Hat Ansible Automation, agencies can standardize common tasks, freeing up resources and ensuring consistency and compliance around security.
To truly unleash government innovation and take full advantage of moving services to the cloud, the public sector must turn to automation. When repetitive labor and processes are solved by deploying automation technologies, then and only then will IT managers truly have the needed freedom to spend more time exploring and adopting new technologies, rather than spending their time keeping the lights on. Integrating automation practices will help balance the scales and provide agencies with a more solid platform for future cloud growth.