This blog post is an excerpt from GovLoop's pocket guide, " Security Operations in Government: Breaking Down What You Need to Know." Download the full guide here.
As government agencies increasingly turn to SecOps, they are also turning to the cloud and seeking the assistance of commercial cloud service providers to successfully migrate their platforms. Agency leaders will also need to continue refining security-based techniques to lower their risk profiles. More importantly, agencies should view cloud adoption as an extension of their own security environment rather than completely surrendering visibility of their environments to vendors and cloud service providers.
The challenge from a security operations standpoint is when agencies migrate to cloud, it can be difficult translating the right data between operations. They need contextual awareness and visibility of their entire infrastructure. Agencies should look to multi-instance cloud and capabilities where IT and security professionals can have holistic visibility and control of their data in newer platforms.
To discuss how agencies can best leverage SecOps and fully harness multi-instance capabilities, GovLoop sat down with Bob Osborn, Chief Technology Officer, and Brian Crosby, Enterprise Architect in the Federal Sector at ServiceNow. ServiceNow provides multi-instance cloud solutions to help agencies harness a holistic architecture for their security and operations teams.
When cloud services first went live in the late ‘90s, the architecture was built on database systems originally designed for making airline reservations, tracking customer service requests and running financial systems. These database systems, however, were built on multitenant clouds where users share the same software and infrastructure.
Cloud providers can build and maintain a centralized system, but this multitenant cloud has drawbacks in terms of comingled data. Because your organization relies on the cloud provider to isolate your data from everyone else’s, the data can potentially become commingled with other organizational databases or structures. When your data is not physically separate and only relies on software for isolation, this can have major security implications for government.
That’s where SecOps and multi-instance platforms come in. “A lot of SecOps has evolved from a national need,” Crosby said. “There have always been cyber warriors patching systems to make sure they’re up to date. But at first, there was this idea that you couldn’t have security and operations in the same toolsets. Security and operations then evolved based on the number of devices and applications you had.”
A multi-instance architecture gives every agency its own unique database, making it virtually impossible for data to be commingled with any other databases. The multi-instance architecture is deployed on a per-customer basis rather than being built on large, centralized database software and infrastructure.
“The differentiator with multi-instance capabilities is you have the visibility and control over data in one platform,” Osborn said. “You can then put controls in place that lock the data or mask it for anyone who doesn’t have access to those data fields. You have full control over who has access to that data, and can rapidly deploy new capabilities.”
In addition to these benefits, multi-instance cloud offers:
- True data isolation where hardware and software maintenance on unique instances become easier to perform.
- Advanced high availability where ServiceNow’s multi-instance cloud is replicated between two paired and geographically diverse data centers in eight regions around the world.
- Customer-driven upgrades allow each individual instance to be upgraded on a schedule that fits the security and compliance requirements according to the needs of each unique government enterprise.
The biggest piece of advice to agencies? “Just get started,” Crosby said. “Don’t wait any longer because you can’t keep up with things going at computer speed.”
With multi-instance cloud, agencies can decrease the opportunity for human error as much as possible and ensure more seamless operations. “You need to help teams identify, eradicate and mitigate security incidents,” Osborn said. “You need multi-instance capability to bridge the gap between security and operations.”
In short, the multi-instance architecture puts users in control of their cloud. This is how the enterprise runs its mission-critical applications. With data isolated, agencies can run a fully replicated environment that provides extremely high availability and upgrades on their schedule. That way security and operations teams can be more agile while ensuring their data is kept in the cloud safe and sound.