MeriTalk has announced the results of its new report, “To Cloud or Not to Cloud? That Isn’t the Question...” The study, underwritten by Fortinet, reveals Federal agencies’ plans to maintain some on-premises data centers, while continuing to move infrastructure to the cloud — Federal IT decision makers state their ideal platform mix today is 39% physical servers and 61% cloud. In fact, 70% of Feds believe that in 10 years, the majority of Federal agencies will rely on hybrid cloud environments to power core applications.

According to the study, the number one challenge Feds face in the cloud journey is expanding security measures and policies to cover cloud environments. And, the percentage of Feds who consider their security to be “excellent” in these environments is very low – only 35% for private cloud; 21% for public cloud; and 27% for moving between physical and virtual environments.

Complicating matters, 85% of Federal IT managers describe their current infrastructure environment as “complex,” and just 34% report having a high level of visibility into that environment. Feds say this level of complexity (54%) and lack of visibility (53%) puts them at significant risk for a security breach.

In the long run, Feds say successful hybrid cloud adoption will reduce their agency’s security spending (70%) and strengthen their agency’s overall security posture (69%). But, not all are experiencing these benefits today. Agencies report split experiences on whether hybrid cloud environments have positively or negatively impacted:

  • Visibility (40% vs. 38%)
  • Complexity (35% vs. 47%)
  • Security (42% vs. 42%)

“With a mandate from the White House to migrate to the cloud, Federal agencies are feeling the pressure for a timely, secure shift, with minimal disruption,” said Phil Quade, chief information security officer, Fortinet. “The good news is that some modern commercial security solutions enable cloud migration (hybrid cloud and non-cloud), rather than force organizations to take an all-at-once or all-or-nothing approach. In fact, there are options that can not only enable agencies to ensure their choices keep government and citizen data safe, but actually increase visibility and control, enable agile segmentation, and otherwise protect their systems at speed and scale in distributed and multi-cloud environments.”

 As a step in the right direction, the majority of Feds (87%) employ formal governance policies while collaborating with other departments, agencies, and external cloud providers. The study finds agencies are almost twice as likely to say hybrid cloud adoption has made a positive impact on their agency’s infrastructure complexity if they employ two or more of the following governance strategies: Known systems of record, defined/identified data owners, quality, documented metadata, or well-understood data integration process.

“The keys to successful migration to the cloud can be found in FITARA,” said Congressman Gerry Connolly (D-VA) in response to the study’s findings. “If agencies empower their Chief Information Officers and establish a strategy to consolidate and optimize their data centers, they will be prepared to implement cloud solutions that will result in both savings and increased security. Agencies that fail to take those steps will find themselves in a difficult position to take advantage of the MGT Act and falling behind the curve of Federal IT management.”

 Additionally, agencies with “excellent” security integration between their agency’s physical and virtual environments are significantly more likely than those without to:

  • Apply a third-party security fabric (46% vs.  15%)
  • Integrate security into a SIEM or other analytic tool (46% vs.  17%)
  • Centralize management to enable automation (46% vs. 33%)

“Alas, poor Yorick — he didn’t think all the way through his cloud migration strategy,” says Steve O’Keeffe, founder, MeriTalk. “Agencies need to consider the lessons of this study as they build their MGT investment funding case — as every CIO and CISO knows, practical is better than theatrical.”

 Moving forward, the report implores Feds to consider the words of William Shakespeare: “Every cloud engenders not a storm.”

“To Cloud or Not to Cloud? That Isn’t the Question...” is based on an online survey of 150 Federal IT managers familiar with their agency’s security efforts, both inside and outside of cloud, in September 2017. The report has a margin of error of ±7.97% at a 95% confidence level. To download the full report, please visit: https://www.meritalk.com/study/to-cloud-or-not-to-cloud/.