Supporting Critical Infrastructure in the Cloud

This blog post is an excerpt from GovLoop’s recent guide, “Your Guide to U.S. Critical Infrastructure.”

The requirements and considerations for safeguarding critical infrastructure continue to expand. Increasingly, government missions rely on information technology to execute. Often, these systems are connected to an even wider array of other tools, devices, and networks that comprise the nation’s infrastructure.

As a result, many agencies are challenged to support their critical infrastructure goals with a scalable, high-performance IT infrastructure. In an interview with GovLoop, Adam Clater, Chief Cloud Architect at Red Hat, explained how government can meet that challenge through open source solutions that support intelligent cloud deployments.

Red Hat is a leading provider of open source solutions for the public sector. When an agency is considering a transition to the cloud or an even more complex move from one cloud to another, open source tools and expertise can help ease the transition and ensure security.

First, Clater emphasized the need to start small. “That’s really the most important thing. Find a project within your datacenter that’s going to be low impact, and build a team around it for the transition,” he said. Then, he suggested building a culture around that success and use that to build momentum towards bigger projects that could be made more efficient with cloud.

Next, Clater recommended automating transition considerations and cloud capabilities as much as possible. “By leveraging open source technology, agencies can begin to automate their processes within their datacenter quickly, in a way that everyone who’s participating within the entire IT infrastructure can understand and be part of that selection and transition process,” Clater said.

That way, organizations can make intelligent decisions about how to transition and which providers to use, as they build a more robust IT infrastructure in the cloud.

Finally, organizations must ensure that as they move their IT infrastructure off-premise, they maintain full visibility into both cloud and local networks. A holistic view is key to ensuring your infrastructure – and the critical assets you support – are constantly secured and performing during cloud transitions.

Of course, many agencies have moved beyond only using the infrastructure-as-a-service model today. “The conversation used to be about moving to the cloud,” Clater said. “But now we see customers no longer talking about whether they are moving to the cloud, but which providers they’re going to use to support their applications.

However, Clater explained that as agencies select applications to place in secure cloud environments, they often ignore the need to continually secure the application itself. Instead, they trust the cloud provider to instill security into operations.

“When we start talking about security and we start talking about certifications, we also need to make sure that we’re talking about the security of our software supply chain” said Clater.

That means not only knowing what security controls are in your cloud environment but also what software is used within the platform and its applications. You also need to know who created the software and how it is to be maintained over the life of your mission. That’s where open source vendors play a role.

Using trusted vendors to vet security based on open source standards is key. As Clater noted, “When agencies start migrating applications, that’s when leaders should be saying, ‘I know that the open source project has capabilities that are important to me, but has a trusted third party guaranteed that I’m using, for example, FIPS 140-2 compliant encryption, or adhering to other standards required by my security organization?’”

Agencies should confirm software meets all required standards through third-party validation. Moreover, Clater recommended pulling in partners at all stages of the process to make sure cloud migrations are seamlessly executed without risking the IT infrastructure or the critical assets they support.

With so much on the line, it’s not an option to have security or performance lapse during cloud migrations. Nevertheless, agencies have to seek new and scalable solutions if they are going to support increasingly digital and interconnected critical assets and keep the nation running. Open source technologies and services can help government make that seamless transition.