Driving cybersecurity and digital transformation with cloud technologies

Enterprises – especially in regulated industries – need to demonstrate compliance with NIST, HIPAA and GDPR to address an increasing set of privacy and cybersecurity threats. Cloud computing platforms provided a ready-made solution, but most organizations struggle with how to begin the transition. Here are some relevant lessons from large cloud modernization and migration programs.

cloud security ts
Thinkstock

Commercial cloud computing platforms provide a complete set of computing, security, governance and compliance services that are supported by standardized and externally certified processes and procedures. AWS has invested in obtaining several widely used accreditations such as FedRAMP, SOC-2, ISO 27001 and many more.

Further, cloud service providers like Amazon Web Services (AWS) have strong management and operations processes to help protect digital assets and allow organizations to innovate. All these investments make it easier for public sector and regulated markets to leverage these existing services to improve the security posture rapidly.

Large US government agencies – including US Treasury, Food and Drug Administration (FDA), GSA and NASA, among others – have successfully implemented transformation programs based on accredited cloud services. State agencies like the District of Columbia’s Health Benefits Exchanges (DC-HBX) have also adopted cloud-based digital transformation services to not only deliver health benefits insurance services to citizens of their state, but also pioneered a shared services delivery model with other states such as the State of Massachusetts to deliver efficiencies.

All these programs have some common patterns and approaches that are essential for public agencies looking to transform and modernize through cloud technologies. Any cloud initiative must have clearly defined goals and objectives. Public sector organizations have an urgent need to fill their security backlog and continue to deliver citizen facing services with scarce resources and limited budgets. These factors make cloud-based solutions an ideal transformation platform.

Establish a digital transformation tiger team

Given the complexity and paradigm change, it is critical to establish a digital transformation office staffed with motivated and qualified experts with hands-on delivery experience. Some of the more successful examples of such organizations include GSA’s 18F, Treasury’s Treasury Digital Service, and Defense Digital Service (DDS) amongst others.

Smaller organizations like the DC-HBX designated an empowered technical team to pursue cloud-based modernization strategies. The Digital Transformation team establishes the infrastructure to help jumpstart the modernization journey. The composition of the digital team is important – it must include technologists, business subject matter experts and security professionals to ensure that compliance and security requirements can be met.

Governance, strategy and shared services

A critical part to ensuring the economic benefits of adopting cloud platforms is the adoption of a Shared Services-based Consumption Model. The design of a Shared Services based governance and cloud adoption framework allows for greater security and lowering of the overall cost of operations. There is a great deal of flexibility and models to choose from (e.g., the District of Columbia’s Health Benefits Exchange and the State of Massachusetts partnered up to deliver health benefits insurance by using a common AWS-based cloud platform). This helped fund the development and operations of the overall platform. Other organizations like the US Treasury developed their own cloud-based platform called Workplace.gov Community Cloud (WC2) to deliver FedRAMP approved cloud services to other offices and bureau’s. The ability to offer cloud-solutions based on a shared services delivery model allows for cost sharing, reduces duplication and accelerates the delivery of solutions.

Digital innovation lab and accelerator

Most successful cloud modernization initiatives are high on code, actionable examples, and rapid problem solving. Creating a digital innovation lab and accelerator with well-established templates, design guard-rails and documented best practices is critical for success. Oganizations that embark on a cloud modernization journey must make it easy, actionable and provide access to self-service tools that deliver rapid outcomes.

I have had the opportunity to support a number of US federal and public-sector organizations design, develop and deploy such solutions. The Digital Innovation Lab is equipped to help the organization answer the most common questions including – is my application ready to move to the cloud? Should we use IaaS, PaaS or SaaS? What is the estimated cost to operate in the cloud? How can we quickly test or evaluate cloud-solutions? How do we secure our applications and data in the cloud?

Many organizations create helpful digital tools like a Cloud Readiness Assessment or Cloud Decision Tree that captures best practices and delivers rapid answers using automation thereby speeding up the process. Developing such tools also creates digital assets that can be leveraged across the organization. Once a truly functional and usable Digital Innovation Lab/Showcase has been developed, we then are ready to embark on the final step.

Deliver the solution as a ‘product’

Successful cloud modernization and transformation efforts need strong and effective communications strategies to drive change. One of the most effective tools I have seen is the ability to brand the cloud program or project into a “product.” This includes giving it a name and establishing a logo as well as defining product features, benefits and a product website.

Organizations like US Treasury have successfully done that with their cloud modernization effort calling it Workplace.gov Community Cloud (WC2). Similarly, GSA has successfully established organizations like 18F for delivering digital consulting services and created the catchy Cloud.gov service. Using a proven playbook that has successfully worked for other public-sector organizations can help reduce the learning curve and provides blueprints that can be leveraged and refined to improve cybersecurity posture and deliver new services using cloud services.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.