How a hybrid multicloud platform delivers outcomes for government
|Hybrid multicloud enables agility||Through modernization of mission-critical heritage applications and with new cloud-native development. The open stack based on the Kubernetes container platform and a set of common services such as monitoring, metering, logging and identity and access management, provide a high degree of multicloud manageability. Common services are essential for consistent management of applications and data that are distributed across environments, automation of compliance, and maintenance of an appropriate security posture.|
|Hybrid multicloud provides infrastructure independence||Allowing agencies to develop applications with high-value technologies from any vendor, providing freedom from the single-vendor approach that has been predominant. It also mitigates the risks associated with using one vendor, such as lock-in or a single point of failure.|
Advantages of open hybrid multicloud
Advantages of open hybrid multicloud
Seamless management across any infrastructure
As the government modernizes applications from on-premises to hybrid and multicloud IT models, it must implement a management solution that delivers services across the entire ecosystem. A system of this caliber should enable application teams to use services from different vendors with the required availability and performance levels and enable operations teams to maintain the right level of governance and control.
Where is everything running?
How is it running?
What do I need to fix?
Are applications running in the right environment?
On the right infrastructure?
At the right security levels of compliance?
Are applications available?
Are the applications performing?
Are the applications being monitored?
Multicloud management tools that cross traditional virtual machines (VMs) and cloud-native clusters simplify governance and compliance requirements. To maintain compliance, role-based policy enforcement must be applied so that certain user privileges apply only to specific users. Moreover, specific controls, for example, the Health Insurance Portability and Accountability Act (HIPAA) or National Institute of Standards and Technology (NIST), can be applied to clusters and workloads across any infrastructure. When incidents occur, users and administrators can either be informed that they’re out of compliance or policies can automatically be enforced, providing continuous compliance.
Strengthen security for data and application
As agencies move to a cloud-native approach and deploy workloads across infrastructures, the security focus moves away from a traditional hardened perimeter to a workload-centric, data-centric approach. Security teams must understand how applications work and where their sensitive data is located, then map the flow of data through on-premises environments, cloud networks and beyond.
Once security teams understand how their data flows, they can create micro-perimeters or secure zones across data centers and cloud environments that harden the perimeter of the data flows in any given transaction. Applying micro-segmentation then equips the appropriate users with access to data either along or at specific points of that transaction path. Agencies can use end-to-end encryption to avoid any data theft during transit.
Containers and container platforms offer unique new opportunities to achieve faster remediation and integrate protection across environments. Containers allow multiple levels of security at the container level and within applications. IBM® Secure Service Containers, for example, isolate workloads and provide full data encryption in multicloud environments. They also help protect encryption keys in a tamper-responsive, hardware security module, to help protect agencies from insider threats. When combined with DevSecOps methodologies, security aspects can be infused during testing and compliance phases, all the way to production and operations.
Create enterprise-grade open source
Open source is at the heart of hybrid multicloud environments. Today, Linux® is the #1 development platform6 and is available on all public cloud platforms, which makes it easy to use consistent methods to build and deploy on any public cloud and on-premises infrastructure. The dominance of Linux opens a broad ecosystem of open source tools platforms that are fueling the hybrid and multicloud market.
Understanding the difference between open source and enterprise open source is critical. Open-source software is software with source code that anyone can inspect, modify and enhance7 . In contrast, enterprise open source combines the advantages of the open-source ecosystem development model with the stability, performance and support that’s offered by traditional enterprise software.
|Open source||Enterprise open source|
|Source code anyone can inspect, modify or enhance||Source code anyone can inspect, modify or enhance|
|Tuned for performance|
|Proactively examined for security flaws|
|Includes Service Level Agreements that detail what’s supported, response and remediation times|
|Documented lifecycle (necessary for mission-critical applications)|
While anybody can download and install an open-source project, enterprise open source products require testing and performance tuning, and proactive examination for security flaws. Moreover, as Joe Brockmeier of Red Hat writes, “it needs to have a security team that stands behind it, and processes for responding to new security vulnerabilities and notifying users about security issues and how to remediate them.”8
Enterprise open source products have service level agreements (SLAs) that articulate what’s supported and how quickly you should receive response and remediation. They have a predictable lifecycle, stated upfront, to detail information about components that may move at different speeds and a lifespan that’s suitable for governments to use when deploying mission-critical applications. An enterprise software vendor, such as Red Hat, may also take on the heavy lifting of supporting components well after the upstream project has moved on to newer versions. This support is necessary for software to be used within a timeframe that makes sense to government organizations.
Open source also provides a strategic opportunity for government agencies to address challenging skills gaps. In addition to open-source tools and applications that mitigate vendor lock-in, a community of skilled and dedicated developers and architects are available to build, patch and add to the code, and develop standards and definitions.
Implement hybrid multicloud
Implement hybrid multicloud
Government agencies that embark on a hybrid multicloud journey have the opportunity to unlock the benefit of cloud for mission-critical applications. New levels of data portability and interoperability offered by hybrid multicloud can help agencies realize the virtue of “write once, run anywhere.” Here are four recommended steps:
|Design the destination.||Think open, multicloud, hybrid cloud. Your organization will live with the decisions you make today for years. Evaluate which of your workloads fit best in the public cloud, private cloud and traditional IT environments. Avoid environment lock-in and vendor lock-in and reassess approaches that might not survive as standards and technologies evolve.|
|Sequence the journey.||Avoid “ready, fire, aim” approaches. Lay out a careful, clear roadmap of what you want to do and in what order. You may experience pressure to skip ahead without building a solid, open foundation. Resist it.|
|Mobilize the right skills and assets.||Draw upon talent within and outside your enterprise. While it’s important to develop and maintain in-house skills, engaging with trusted third-party services providers helps bridge short-term gaps while reducing fixed costs.|
|Manage to clear outcomes.||Establish meaningful qualitative and quantitative measurements and commit to holding to them. Remain flexible and incorporate new technologies as they emerge. Always stay true to your mission, architectural, and technical principles.|
Each government agency’s journey to cloud is unique and tailored to specific applications, workloads, security and compliance requirements. To facilitate each unique cloud journey, IBM uses agile methods, such as the IBM Garage™ methodology to tailor roadmaps to individual journeys. IBM Garages are collaborative delivery models through which IBM co-creates with its clients to design, deliver and refine solutions continuously to accelerate the delivery of value to end users.