A Leadership Guide – Multi-Cloud Success for the Intelligence Community
From IC Insider HashiCorp
Executive Summary: The Multi-Cloud Era is Here
The Intelligence Community (IC) is moving from a single-cloud community to a multi-cloud community with the introduction of the Commercial Cloud Enterprise (C2E) contract. Leadership is planning for the impact this will have on program staffing and the way systems are engineered, tested, and deployed. Successful hybrid/multi-cloud adoption requires thoughtful, purposeful action as a broader availability of platforms and providers implies the IC must become a smarter and more discerning consumer of the myriad of service offerings.
Hybrid/Multi-cloud offers a tremendous boost in capabilities with several significant challenges to include:
- Skills Gaps
- Unified Governance
- Untenable Costs
First among them is skills gaps and shortages. Industry and government have spent the last eight years building the IC’s current cloud-capable workforce with skills designed for working with a single cloud service provider (CSP). With the reality of operational restrictions and limitations in secure environments the skills shortage challenge will hit particularly hard. Skills shortages are followed by difficulty in multi-platform operations and governance, inconsistent and unpredictable results across the organization, and continued issues with cost optimization.
These challenges are not insurmountable. Highly effective approaches include moving the cloud architecture control points up and out of any one CSP (an agnostic approach), shifting to platform teams and a platform mindset, equipping these teams with best-in-class hybrid/multi-cloud tools and solutions, and taking a pragmatic approach to portability across clouds.
This article will discuss highly effective approaches, to include:
- Platform Agnostic: Moving the cloud architecture control points up and out of any one CSP
- Shifting to platform teams and a platform mindset
- Equipping these teams with best-in-class multi-cloud tools
- Taking a pragmatic approach to portability across clouds
HashiCorp is the industry leader in providing hybrid/multi-cloud automation solutions and tooling and were created for just this purpose. HashiCorp is committed to supporting the IC on its hybrid/multi-cloud journey to enable the rapid, automated, secure, delivery of the dynamic infrastructure necessary for successful application delivery across any platform. For additional information please read the Leadership Guide to Multi-Cloud Success for the Intelligence Community white paper.
Multi-Cloud is the Reality Today
The use of multiple CSP’s is inevitable over time. According to HashiCorp’s 2021 State of Cloud Strategy Survey, 76% of survey respondents are already using more than one cloud. What’s more, the larger the organization, the more likely they are to be using hybrid and multiple clouds.
In the private sector, multiple clouds are the current reality. One example is organic adoption, where different development teams have experimented with various providers and now have apps running in production across multiple CSP’s. This usage often occurs outside the purview of central IT. Another is a merger or acquisition, where a company’s cloud strategy and roadmap suddenly churns when they are combined with another firm. In some cases organizations choose to pursue diversification, embracing the workload directed pattern of a specific cloud for a certain class of workloads while using another cloud for differing scenarios. For the IC, the move from the C2S acquisition to the C2E acquisition is the driving factor while the availability of multiple FedRAMP CSP’s has already enabled other public sector organizations to begin their multi-cloud journey.
Different Cloud Service Providers Have Different API’s and Operational Considerations
Each CSP has its own set of API’s that correspond to its respective services. Foundational capabilities (IT stakeholders) — example shown below — have different implementations and require users to learn and master the differences and complexities of each environment at each layer (infrastructure provisioning, security, networking, and application service delivery) for effective deployment and application delivery.
Even services that are quite similar across cloud providers, such as a key management service or a Kubernetes runtime can vary wildly in important and impactful ways. The further you move up the stack — into advanced databases and serverless computing — the more divergent the API’s become. Adoption of a multi-cloud approach and establishing an effective dynamic multi-platform operational environment introduces new control points and approaches for each layer of the stack (see diagram below). These technical differences bring significant complexity and increase user and human-centered problems for multi-cloud organizations.
Subtle Differences Drive Complex Organizational Challenges
Multi-cloud organizations face a common set of challenges. According to the HashiCorp 2021 State of Cloud Strategy Survey, the most significant challenge is skills shortages, followed by organizational process and consistency challenges. Of these, four challenges are most relevant to the IC and the successful adoption of the C2E environment and warrant a deeper look.
Top Challenges to Operationalize Multi-Cloud
Skills Shortages: CSP’s have hundreds of services and the multi-cloud ecosystem is even larger. Effective use of this multi-platform environment requires deep proficiency across scores of products, processes, services, and technologies. Each CSP is different, and the skills and expertise of technical staff often do not translate across clouds. With the operational complexity, rapidly changing service offerings, and uniqueness of each CSP, it is very challenging to find technical talent proficient in one cloud platform let alone multiple clouds. As organizations use multiple CSP’s and consume more services and capabilities it becomes exponentially more difficult to find engineering talent, standardize “golden workflows”, deliver consistent and predictable operational environments, and achieve desired outcomes.
Cultural Transformation is Siloed and Uneven: Purely organic usage of CSP services becomes untethered from a common culture, or a common way of working. This is especially true of large, distributed teams. Pockets of exemplary behavior exist, but they are not uniform. For government organizations where teams are comprised of agency personnel and contractors from different companies, these top-performing groups exist in a sea of “technically acceptable” teams. Often, the bottom 90% of teams aren’t managed the same way as the top 10%. This results in applications and architectures that are more anti-pattern and random than best practice. These silos make it almost impossible to achieve consistent, predictable, repeatable, outcomes, at scale, across multiple platforms and application teams.
Governance Becomes Difficult to Manage: As individual teams adopt isolated and varied infrastructure as code (IaC), DevSecOps, and automation approaches, the organization can become blind to poor-quality, inefficient, potentially vulnerable, automation patterns. For government organizations with federated structures, automation governance can quickly become unmanageable and the introduction of new initiatives like Zero Trust, nearly impossible. Fragmented automation oversight is effectively no oversight allowing poorly done automation to quickly inflame a problem. These issues may then spread to other teams that lack the skills or experience to recognize they are perpetuating a vulnerability or anti-pattern. Compounding this challenging situation, the skills needed for oversight are in just as short of supply as the skills needed to perform cloud automation.
Cost Is not Optimized: Development and test environments are often underutilized, run idle, and are rarely de-provisioned, even after the fact. Some infrastructure is “over-provisioned” (i.e. an XL instance is provisioned when a small will do). Over time and at scale millions of dollars are wasted in bloated cloud budgets.
Achieving Multi-Cloud Success
Given the challenges of multi-cloud, it is logical for an IT leader to say, “I need to improve the status quo and avoid repeating past mistakes as we bring new CSP’s online.”
Large organizations are focusing on four key practices to re-position themselves for rapid and effective multi-cloud success:
- Platform Agnostic. Move the architectural control points up and out of any one CSP and adopt an agnostic platform approach. Each layer of the stack (infrastructure, security, networking, and applications) is built around a new pattern (or service) establishing standardized control points for all platforms. Focus on workflows that elevate these control points outside of a specific CSP service.
- Shift to platform teams and a platform mindset. Empower a focused group with the right tools to set up and enable the organization for multi-cloud success using the platform agnostic approach resulting in increased agility, flexibility, consistency and effectiveness.
- Equip enterprise teams with best-in-class multi-cloud tools. Partner with ISVs and vendors that excel at enabling multi-cloud deployments. In addition to optimized tools and solutions ISVs bring a wealth of engineering talent and experience to rapidly enable multi-cloud adoption. Best-in-class ISVs with self-managed and appropriate cloud-managed offerings are key to achieving better outcomes across multiple clouds.
- Be pragmatic about vendor lock-in. Ensure the business case for portability is appropriate and understand the costs of moving a workload from one CSP to another. Establish and implement a platform agnostic, best fit, approach to workload allocation and platform use and adoption.
The Way Ahead
The IC has an opportunity to establish effective and impactful use of multi-cloud environments. There is a proven collection of best practices to help the IC plan, account for, and address, the challenges ahead in effective multi-cloud adoption. HashiCorp and its cloud infrastructure automation tooling were created to help complex organizations successfully deliver mission outcomes at scale across any cloud. We are committed to being a close partner of the IC, bringing lessons from our most sophisticated customers and working together on product features and enhancements.
HashiCorp Public Sector is close partners with many of the CSPs and system integrators (SIs) in the Defense and IC sectors. The HashiCorp open source versions of our tools are already the foundation of many of the cloud automation efforts going on across the community.
We are working hard to support and accelerate the successful adoption of multi-cloud and digital transformation. We collaborate closely with enterprise platform teams, sharing best practices and helping these teams to scale. We are fierce advocates for platform teams as we engage with SIs and help educate the enterprise about pragmatic approaches to portability across CSPs. We enable the rapid successful adoption of the Cloud Operating Model for the IC (Leadership Guide to Multi-Cloud Success for the Intelligence Community white paper).
For additional information on HashiCorp solutions and offerings, including Zero Trust enablement, please see these IC Insider News articles:
- Getting Started with Zero Trust Security
- Enabling Zero Trust at the Application Layer
- Enabling Zero Trust at the Device/Machine and Human/User Layers
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint Ventures, True Ventures, IVP, and Bessemer Venture Partners. For more information, visit www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.
About IC Insiders
IC Insiders is a special sponsored feature that provides deep-dive analysis, interviews with IC leaders, perspective from industry experts, and more. Learn how your company can become an IC Insider.