Why Periodic Cloud Assessments Are Key in Government
Once an agency has moved applications to the cloud, there can be a tendency to “set and forget” — to assume the cloud provider will manage usage and keep things locked down. However, the fluid nature of cloud requires IT leaders to take a more active role.
“We need to periodically take a step back and see how much we are consuming,” says National Association of Counties CTO Rita Reynolds. “Depending on what licensing you have, depending on how things are set up, the volume may not matter — but in some cases, it might. It can affect your security. It can impact your retention policies for things like email. If you aren’t monitoring that usage, you are exposing yourself.”
State IT teams need to know which cloud services are being used, how often and by whom. They especially need to revisit data usage in an off-premises compute environment. “Data sprawl is the big issue now,” Reynolds says. “Data sprawl puts you at risk for increased cyberattacks, it puts you at risk for increased liability in e-discovery and it also puts you at risk in terms of your ability to protect data assets from misuse by county employees.”
Assessments help IT teams to tame that sprawl, enabling them to make the best use of the latest offerings from their cloud providers while also adjusting to fast-changing business needs.
“Public cloud providers are always coming out with new services, new releases,” says IEEE Impact Creator Carmen Fontana. “Or your business may have changed. In the government sector, we’ve seen things change dramatically due to COVID, things like a tremendous rise in the number of people accessing the websites for unemployment. Needs evolve, and so you periodically need to look at your cloud deployment.”
Cloud Assessments Illuminate Usage and Security
Officials in Nassau County engaged CDW•G to perform just such an assessment of the county’s current operational infrastructure, including its Microsoft Azure cloud assets. The effort encompassed an analysis of the county’s use and implementation of Azure and Microsoft Office, analysis of password policies, evaluation of Microsoft group policies, and a look at other key metrics around cloud security and cloud utilization.