While businesses both big and small began migrating their infrastructure to the cloud and reaping the rewards years ago, government agencies have been a little slower to make the move. But that’s beginning to change. Today, the U.S. Army, Air Force, and Navy, along with the Departments of Justice, Agriculture, and Education have all taken their operations to the cloud, paving the way for others.
A Preference for Private Clouds
While some businesses gravitate toward public cloud giants like Amazon Web Services (AWS), Microsoft Azure, and Google because of their familiarity, the federal government has been approaching cloud migration a bit differently. Due to the level of security required for their data (among other reasons), many government agencies are choosing a private cloud environment. The private cloud offers similar advantages to public clouds, including scalability and self-service, yet provides a proprietary architecture that improves security protocols.
The Department of Defense Steps Up
The most recent government department eyeing the move is the Department of Defense (DOD). Defense Secretary Jim Mattis has made it clear that the Pentagon must take aggressive steps to embrace emerging cloud technologies to maintain military dominance. In addition, a 2017 memo from Deputy Secretary of Defense Patrick Shanahan ordered the creation of the DOD Cloud Executive Steering Group. The goal? “To devise and oversee the execution of a strategy to accelerate the adoption of cloud architecture and cloud services.”
Clearly, the cloud has government agencies of all types ready to beef up security, compliance, and performance.
Legacy systems, antiquated software, and a lack of funding can make adequate security nearly impossible—and studies prove it. The 2018 Thales Data Threat Report (Federal Edition) reveals that U.S. federal agencies are experiencing an increase in data breaches year over year. According to IT professionals working within the federal sector, an alarming 57 percent of agencies reported experiencing a data breach in the past year.
Along with data breaches, ransomware is also on the rise. As its name implies, ransomware involves a hacker finding a vulnerability within an agency’s infrastructure, gaining unauthorized access, and then encrypting all the data.
To get the data back, victims must pay a ransom (and there’s no guarantee the hacker will make good on the promise to release the data). Today, ransomware is such a serious threat that the Federal Bureau of Investigations (FBI) has even issued a new report warning of the danger; you can read all about that here.
But federal agencies aren’t the only ones in danger; state and local governments are also being targeted. You’ve undoubtedly heard about the ransomware attack on the City of Atlanta which put ATL on lockdown for nearly two weeks. Another major attack that received less media fanfare occurred in Sarasota, Florida just two years ago. It was the worst cyberattack in the city's history, with ransom demands approaching $33 million. How’d it all go down? An employee clicked on a link that read, “scanned invoice.” And just like that, 160,000 city files became encrypted.
Regulations are always in flux, and government organizations are finding themselves continuously playing catch up—at a cost. A 2017 Thomson Reuters survey reveals that 60% of companies expect to have to pay for more skilled compliance staff in the coming year. However, agencies that have adopted a cloud computing model are able to leverage their provider’s expertise to keep them in compliance; they’re saving money, and seeing results. A survey conducted by technology research company Clutch reveals that, “migrating to the Cloud encourages engaging with better security practices overall … the additional security measure enterprises implement the most is data encryption (60%), followed by identity access policies (52%) and regular audits (48%).”
Government agencies can’t afford to go dark. In fact, the FBI has invested more than $20 million to assure it doesn’t happen to them. With a reputable cloud provider, Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are maximized to avoid any disruption in activity:
- RTO: how much time can pass during a disaster before it affects a Businesses Continuity Plan.
- RPO: the amount of time in which a business function must be restored to avoid negative consequences or business continuity breaks.
Agencies need to seek out a provider with RTO and RPO rates near zero, and one that follows a Continuous Data Protection model versus periodic backups.
How are providers achieving this? The best ones have a variety of safety features in place, including:
- Uninterrupted Power Supply (UPS)
- Computer Room Air Conditioning (CRAC) versus traditional A/C
- Physical security features (HID card, PIN, biometric access)
- Encryption for data-at-rest and data-in-flight
- 24/7 surveillance
It’s also important that government agencies seek out a provider that maintains hurricane-rated structures and is positioned far from flood zones.
Ready to Make Your Move?
Transitioning to the cloud may seem complicated, but with the right provider it can be a simple and seamless process. DSM, Florida’s preferred cloud provider, is the first and only Florida-based cloud provider offering services to national, state, regional, and local government offices. Our G-Cloud achieves 99.99% uptime (possibly minutes of downtime per year versus other providers’ hours or even days of downtime), and our IT pros will work with you to ensure a smooth transition. Even better? Our experts are U.S.-based, and will be available to you 24/7 to address any questions or concerns.
DSM is proud to call the Florida Department of Agriculture and numerous other government agencies our clients, and we’re excited to work with you too. Contact us today to learn more.
The DSM G-Cloud is now available for purchase!
GSA Contract #991-268-11-1