Federal mandates, including Cloud Smart and the Biden administration’s cybersecurity executive order, are pushing agencies to modernize and migrate to the cloud. But with modernization comes complexity. Agencies are increasingly living in a hybrid world, with some workloads remaining on-premises while others move to the cloud. Add multi-cloud vendors to the mix, and it becomes harder for agencies to have a holistic view across their environments.
MeriTalk recently talked with Rich Rose, senior architect at Veritas, and Sean Phuphanich, senior solutions architect at Amazon Web Services (AWS), about the importance of gaining visibility to uncover waste, reduce costs, and fill gaps in policy compliance and security, as well as how to achieve that single pane of glass view.
MeriTalk: Most agencies are operating a mix of legacy, on-premises, and cloud-based IT systems as they continue their modernization journeys and work to achieve Federal cloud mandates. In regards to visibility, what should agencies keep top of mind when they have both cloud and on-premises workloads to ensure mission success?
Phuphanich: For Federal customers, cost and security are high priorities. Technology teams ideally should know what resources they are spending money on (like compute and storage) as well as who is using those resources (Bob’s crypto mining rig in mail room). Without that you have a recipe for a huge amount of unseen and unquestioned waste. Gaining visibility across their environments will help teams get a handle on where their costs as well as their utilization lie. Once they know that, they can have productive discussions with other teams on what their real needs are and what can be reallocated. While on-premises resource decisions can be static for years due to the nature of procurement and provisioning, cloud’s on-demand model rewards right-sizing and reallocation of resources on a more frequent basis. As workloads move into the cloud, operations teams spend less time fixing things that break and racking more servers and more time on mission centric work and improving security and efficiency. In my past experience managing IT, there were several years where I was able to fund modernization projects by optimizing and reducing my cloud infrastructure expense. Those modernization projects would in turn allow further resource optimization and cost savings the following year.
Security should always be top of mind, especially with the continuing rise in cyber and ransomware attacks. Automation and recovery are really critical pieces of security because things can move so fast. Preventing or mitigating an attack is ideal, but agencies must be prepared to fully recover from a successful attack. This has become the modern reality and a core part of the NIST Cybersecurity framework. Security used to mean the guys near the metal detectors at the front door, but now security is an integral part of IT. Cloud can make security easier by providing immediate access to tools and features that take much longer in a traditional procurement and provisioning cycle.
Rose: Agencies should also be thinking about data protection. It’s hard to protect what you don’t know is there. With the recent surge in ransomware attacks, agencies really need to know what they have across all of their environments and if everything is protected and in a recoverable state.
MeriTalk: How often are agencies managing cloud and on-premises workloads independently of one another, and what are the implications of doing so?
Phuphanich: I have seen this come up many times as agencies start to adopt cloud. People don’t usually start out as cloud experts, so a smaller team learns and focuses on cloud best practices as the agency deploys workloads to the cloud. While that team is focused on the cloud workloads, other teams remain focused on the on-prem workloads. So, you can see them naturally bifurcate and silo. Leadership providing a clear vision and incentivizing learning and collaboration between these groups makes a big difference in driving change and keeping everyone happy.
Rose: This is where issues begin with building and maintaining a holistic view across all agency environments. In my experience, when agencies migrate workloads to the cloud, it starts with cloud and on-prem workloads being managed independently 100 percent of the time. Connecting the dots between the two environments becomes increasingly challenging as more workloads are migrated and agencies add the complexity of a multi-cloud environment. Not having a holistic view across all environments leads to poor utilization of resources and increased security risks.
MeriTalk: How widespread is the issue of unknown or underused IT resources across the Federal landscape? How does this issue affect cybersecurity? Cloud migration? Federal budgets?
Rose: It’s widespread – I think more than anyone really knows. Federal agencies are historically siloed. You could have a situation where an agency doesn’t know how many VMs they have and what storage they are attached to. The storage guys don’t know everything that’s on their storage arrays. Backups are made for what the team knows about, but there could be dozens of things they don’t know about – creating a security gap.
Without a single pane of glass that pulls everything in the environments together, it’s difficult in large, historically siloed environments to get a handle on everything they have, making it hard to make informed decisions about their technology. And not knowing what’s out there makes cloud migration difficult. It affects security because they don’t know everything that needs to be protected. It affects budget because they are paying for resources – software, storage, etc. – that they aren’t using or they thought was decommissioned, but it’s still out there costing them money. Agencies can’t manage what they don’t see.
Phuphanich: In large agencies, you have many different sub-agencies with different missions that aren’t starting their IT efforts simultaneously. It’s common for AWS to start working with a Federal customer on a migration to cloud, and they’ll tell us what they have. Inevitably during the discovery process, a lot more comes out that they weren’t aware of, which affects migration schedules and budgets.
MeriTalk: Do agencies typically know how much storage capacity they have in the cloud? When they don’t, what challenges arise?
Phuphanich: They do because metered usage is a core part of the cloud business model, just like your water or electric bill at home. With cloud you get access to many different kinds of storage meant for different use cases. Picking the right storage for your use case is key to getting the most value from cloud. For example, customers migrating tape archives should look at using low cost, cold storage options like S3 Glacier Deep Archive and not high-performance SSDs meant for active applications. This will save them a lot of money.
If customers don’t use the tools available to them and manage usage, they can consume more than they may need. When you go to the buffet, you decide when to stop eating, not the buffet.
Rose: The challenge comes with understanding the cloud storage environment and the agency’s other storage environments, such as on-prem data centers or other cloud vendors. To understand storage utilization and make informed decisions about capacity, agencies must view all data together to give technology teams the full picture of their enterprise storage capacity – and storage spend.
MeriTalk: How can predictive analytics help agencies reduce or avoid increased costs in a hybrid environment?
Rose: Predictive analytics takes the guesswork out of technology decisions by delivering actionable insights using data from on-premises, hybrid, and multi-cloud environments. That holistic view tied to analytics tools supports technology teams to make better decisions that will save costs. Analytics can be used to optimize storage and virtual infrastructures, find reclaimable storage, and streamline backup compliance. Analytics can also locate where unprotected data lies that not only drain resources but also leave agencies at risk of a cyberattack. But the benefits of analytics can only be realized when they are used across environments.
Analytics can also support cloud migration by informing how workloads will perform six months, one year, or even three years down the road. CIOs can use this information to build their migration roadmap.
MeriTalk: How does the Veritas APTARE solution work, and how does it support Federal agencies as they modernize and move to the cloud?
Rose: To put it simply, APTARE gives agencies visibility into their current environment, pulling information from all on-premises environments, including storage array vendors and backup vendors, and cloud environments, including multi-cloud vendors, into one user-friendly dashboard.
APTARE looks for things like unallocated storage on storage arrays, VMs that are powered off and still consuming storage, or VMs that have no disks on them. In the cloud, it’s looking for orphaned VMs or orphaned snapshots in AWS. These are the things that contribute to waste.
APTARE then offers analytics on data pulled from the unified sightline across the environments, showing where agencies can save money. By having all of that information in a single pane of glass, agencies can make better decisions that will improve their security, ensure they are meeting compliance regulations, optimize resources, and reduce costs. Organizations implementing APTARE have seen a 90 percent reduction in IT management software costs, a 24 percent reduction in consumed storage resources, and a 5 percent reduction in consumed compute resources.
With APTARE, agencies can also create and export reports to share with leadership to support budget discussions. It’s easy to implement and grows as the agency infrastructure grows.
Phuphanich: Here’s a great example of what APTARE can do. Let’s say you’ve got your storage spread across 30 different devices located around the country. On average, they’re underutilized by 50 percent. If you don’t have that visibility, that waste remains unseen. Once you gain that visibility with APTARE, you can make more informed decisions. For example, you could choose to consolidate what is being utilized into cloud storage, where it will be metered at exactly what you need – not 50 percent over what you need. That visibility helps teams make a clear use case that shows agency leadership that not only is there storage waste, but also that consolidating and migrating will save money and require less work.
MeriTalk: How does Veritas APTARE connect with vendors in multi-cloud environments?
Rose: For all cloud vendors, you simply input your account ID and APTARE collects the data from each vendor. You’ll see all the billing records, the zones, literally everything you need about each cloud environment in one place.
Everybody has their own tools. AWS has good tools for AWS. Azure has tools, Google has tools. There are also good tools for on-prem stuff. It takes time to look at different tools in different places. APTARE gives technology teams one place that pulls all of their environments together, saving agencies time and money.
For more information, visit https://www.veritas.com/insights/aptare-it-analytics.