For the past few years, cloud computing has increasingly become the focus of IT decision makers and CFOs. Many Defense Contractors and other security-conscious businesses have been resistant to move their critical data and workloads into the cloud. Many businesses are concerned with the migration process, cost, security of data and the ability of their personnel to access that data readily and safely.
As cloud services technology evolves its services for deployment for organizations, a new model of cloud computing has gained a strong foothold in businesses’ IT decision making: the hybrid cloud.
Businesses that migrate to the cloud immediately realize the numerous benefits of cloud-provided resources, including:
Modernization of current IT asset base
Planning and flexibility for future growth
Lowered infrastructure costs
Increased business agility and responsiveness
Disaster Recovery (DR) and restoration
Business Continuity of Operations
Physical and data security
Remote access to resources for the new mobile workforce
Integrate and secure with a BYOD workforce
More and more businesses are shifting their infrastructure to the cloud and away from on-premises environments. There are many reasons for this sudden shift, all of which are mentioned above, but most important are extremely high resource availability (especially when pertaining to continuity of operations), immediate disaster recovery ability, and connectivity of end users to enable the ability of employees to access critical company resources from any office location or customer workspace – very important to DoD contractor employees who are working 100% from customer site locations!
You don’t just “jump into” a Cloud-based model (unless you are a new business and just opened your doors – in which case this is the best way to start!). Odds are, you have invested thousands or even hundreds of thousands of dollars in server hardware – and your CFO will give you an evil glare if you say “Let’s scrap all of our hardware and move to the Cloud!”
The best approach is a phased-adoption approach. First, starting with your oldest hardware or your most critical servers. Why spend $10k on a new server? Move that aging server directly to a Cloud platform like AWS or Microsoft Azure and take your first step into a hybrid cloud model.
For mid and small businesses, a cost-effective option is to migrate their existing infrastructure to a secure cloud-hosting provider while still maintaining parts of their infrastructure on-prem. This allows organizations to store protected, CUI, or privileged data on-premise, while retaining the ability to leverage computational resources in the public cloud for running those critical applications that rely on this data. By reducing the long-term storage of potentially sensitive data on the public cloud, you are minimizing data exposure.
In the hybrid cloud environment, IT decision makers have more granular control over both private and public components over using a “prepackaged” public cloud platform. Much like a buffet, the IT decision maker can select the features, mix of operation, and security you need allowing the ability to tightly customize the environment to fit the dynamic resource needs of the company – all while answering to Federal regulations on data security whether at rest or in transit.
The hybrid cloud also provides an added benefit of only paying for extra computing time when resources are needed. This feature, known as dynamic cloud resource provisioning, allocates resources based on demand and is responsive to dynamic workloads. Again, think of our “Just in Time” inventory analogy – you don’t have to pay for a server with more storage capacity than you currently need, just allocate space on someone else’s hard drive and a portion of processing resources, only as you need it! A cloud provider has the ability to provision these resources between thousands or even millions of requests at much more reasonable cost to the end consumer! Utilizing the dynamic resources of the public cloud is a cheaper proposition than building out a private infrastructure that sits idle for most of the year and puts an end to the artificial limitations of an archaic hardware infrastructure.
Techni-Core highly recommends the purchase of Microsoft’s Office 365 GCC (Government Compliance Cloud) for businesses that would like to use Office 365 and still be in the Government-compliant cloud space. While the commercial version of Office 365 E3 is FedRAMP moderate approved, it does not meet the DFARS (c)-(g) requirements, specifically (d)-(f):
(d) Malicious software
(e) Media preservation and protection
(f) Access to additional information or equipment necessary for forensic analysis
The core issue is that Microsoft utilizes shared data centers (and disk) in the commercial version of E3, and they do not have a way to separate just your data in the event of a breach. DFARS 252.204-7012(e) requires full disk images be available in the event of a breach, which poses problems for multi-tenant environments with co-existing customer data (i.e., commercial E3). Microsoft has not provided clear guidance that they will comply with the DFARS requirements in the commercial instance of E3. If you want to be 100% DFARS compliant you will have to purchase the GCC High version of E3, which provide the level of separation required by DFARS. If for budgetary reasons you wish to utilize the commercial E3 without the GCC High, it can be a note for future remediation on your PoA&M until such time you are ready to migrate to the compliant cloud.
Note: Office 365 GCC High has licensing minimums, currently set at a minimum purchase of 500 licenses. Techni-Core has partnerships in place with one of three Microsoft AOS-G program participants to be able to provide our customers with low-level licensing (as small as one user!)
Contact us by filling out the form below: