State and Local Agencies Optimize With Cloud Assessments

Why Periodic Cloud Assessments Are Key in Government

Once an agency has moved applications to the cloud, there can be a tendency to “set and forget” — to assume the cloud provider will manage usage and keep things locked down. However, the fluid nature of cloud requires IT leaders to take a more active role.

“We need to periodically take a step back and see how much we are consuming,” says National Association of Counties CTO Rita Reynolds. “Depending on what licensing you have, depending on how things are set up, the volume may not matter — but in some cases, it might. It can affect your ­security. It can impact your retention policies for things like email. If you aren’t monitoring that usage, you are exposing yourself.”

State IT teams need to know which cloud services are being used, how often and by whom. They especially need to revisit data usage in an off-premises compute environment. “Data sprawl is the big issue now,” Reynolds says. “Data sprawl puts you at risk for increased cyberattacks, it puts you at risk for increased liability in e-discovery and it also puts you at risk in terms of your ability to protect data assets from ­misuse by county employees.”

Assessments help IT teams to tame that sprawl, enabling them to make the best use of the latest offerings from their cloud providers while also adjusting to fast-changing business needs.

“Public cloud providers are always coming out with new services, new releases,” says IEEE Impact Creator Carmen Fontana. “Or your business may have changed. In the government sector, we’ve seen things change dramatically due to COVID, things like a tremendous rise in the number of people accessing the websites for unemployment. Needs evolve, and so you periodically need to look at your cloud deployment.”

EXPLORE: What does it mean for a state government to be cloud smart? 

Cloud Assessments Illuminate Usage and Security

Officials in Nassau County engaged CDW•G to perform just such an ­assessment of the county’s current operational infrastructure, including its Microsoft Azure cloud assets. The effort encompassed an analysis of the county’s use and implementation of Azure and Microsoft Office, analysis of password policies, evaluation of Microsoft group policies, and a look at other key metrics around cloud security and cloud utilization.

The review helped to ensure that security is on target, and it also gave the county greater insight into its ongoing cloud expenditures. 

With cloud’s pay-as-you-go pricing structure, county officials wanted to have a better understanding of how the money was flowing. “When it comes to compute, government generally is just not accustomed to these random, ­changing costs,” Perez says.

The IT team needs to understand not only how much is being spent but what specific cloud services are being ­supported. In order for Perez to ­purchase a cloud service, that service has to exist somewhere on the state’s Office of General Services contract — but new cloud services are emerging all the time, and they can potentially slip through the cracks.

“It changes so quickly. You’ll get an invoice, and the part number for that service doesn’t match the New York state contract,” Perez says. Assessments can help to reconcile those differences.

In Arizona, periodic assessments help state IT leaders to right-size their cloud deployments. Agencies tend to buy cloud based on anticipated ­maximum usage, when the scalable nature of cloud actually makes it possible to effectively undersubscribe and then ramp up as needed. There’s a potential ­savings there if IT ­officials have sufficient insight across the cloud landscape.

“When the agencies first moved to the cloud, they overprovisioned and underconsumed,” says Arizona COO Gary Hensley. “Now we are looking for ways to optimize. They bought more than they will ever ­consume, and we want to right-size them into the right compute space and the right storage space so they are not paying for things they are not using.”

MORE FROM STATETECH: How has the pandemic opened doors for cloud-based data collection and analysis?

What Cloud Assessments Reveal for Your Agency

Nassau County granted CDW•G read-only access to its cloud tenants, enabling the assessment team to peer deeply into the consumption of services.

“You have CPU consumption, you have storage consumption, you have ­network consumption,” Perez says. “The assessment broke that all down and it gave us guidance for going forward, pointing to places where we could attain cost savings.”

The team also recommended more cost-effective methods for the county to purchase cloud services — for example, by purchasing “reserved instances,” which commit an agency to specified levels of usage. 

Meanwhile, Arizona officials ­conduct their assessments using tools provided by third-party vendors and public cloud partners. These include CloudHealth by VMware, Azure Advisor and Stackdriver for the Google Cloud Platform.

Assessment can drive cloud optimization, delivering metrics to align cloud resources with actual agency needs.

In Arizona, a recent ­assessment helped to rehome some website content. “We found two opportunities to reduce our Platform as a Service usage and put it onto a serverless ­environment. It saves us on the monthly cost of running a server, as well as on patching and all the overhead,” says Randy Wheaton, Arizona’s director of cloud and data center infrastructure.

In Nassau County, the assessment confirmed that the security protocols were functioning ­correctly and it helped to fine-tune some cloud deployments. Equally important: Assessments ­supported IT officials in their efforts to be transparent and accountable.

“An assessment gives us a way to validate that we know what we are doing,” Perez says. “If a legislator asks, if anyone asks, we can say, ‘Here is what we have, here is what we are using.’”

DIVE DEEPER: Find out how CDW Cloud Check can help you protect your cloud environment.