Jan 25 2021

State and Local Agencies Optimize With Cloud Assessments

Cloud checks may identify the best mix of computing resources for the public sector.

Technology leaders in Nassau County, N.Y., recently teamed with CDW•G to conduct an assessment of the county’s cloud usage and cloud security posture. The county sought to ensure the most value from its investment in the cloud while confirming that all security protocols are in place.

That assessment gave IT leaders added confidence when the pandemic broke out and they needed to support a big push toward remote working. “It’s much better to have an assessment that shows you any security holes you might have, as opposed to having a breach,” says Al Perez, Nassau County Deputy Commissioner of IT. “We were able to confirm that we had all the right security best practices in place.”

Getting to the cloud is an important first step in IT modernization, and many state governments are well into that journey. However, the cloud is a moving target. Agencies may spin up new services, subscribe to new platforms, shift resources and assets. Security is likewise an ever-changing aspect of cloud utilization, one that requires continual tending.

Assessments and optimizations offer methodical and measurable ways to ensure states are making the best use of the cloud while making sure that security remains solid even as cloud usage expands and evolves.

Why Periodic Cloud Assessments Are Key in Government

Once an agency has moved applications to the cloud, there can be a tendency to “set and forget” — to assume the cloud provider will manage usage and keep things locked down. However, the fluid nature of cloud requires IT leaders to take a more active role.

“We need to periodically take a step back and see how much we are consuming,” says National Association of Counties CTO Rita Reynolds. “Depending on what licensing you have, depending on how things are set up, the volume may not matter — but in some cases, it might. It can affect your ­security. It can impact your retention policies for things like email. If you aren’t monitoring that usage, you are exposing yourself.”

State IT teams need to know which cloud services are being used, how often and by whom. They especially need to revisit data usage in an off-premises compute environment. “Data sprawl is the big issue now,” Reynolds says. “Data sprawl puts you at risk for increased cyberattacks, it puts you at risk for increased liability in e-discovery and it also puts you at risk in terms of your ability to protect data assets from ­misuse by county employees.”

Assessments help IT teams to tame that sprawl, enabling them to make the best use of the latest offerings from their cloud providers while also adjusting to fast-changing business needs.

“Public cloud providers are always coming out with new services, new releases,” says IEEE Impact Creator Carmen Fontana. “Or your business may have changed. In the government sector, we’ve seen things change dramatically due to COVID, things like a tremendous rise in the number of people accessing the websites for unemployment. Needs evolve, and so you periodically need to look at your cloud deployment.”

EXPLORE: What does it mean for a state government to be cloud smart? 

Cloud Assessments Illuminate Usage and Security

Officials in Nassau County engaged CDW•G to perform just such an ­assessment of the county’s current operational infrastructure, including its Microsoft Azure cloud assets. The effort encompassed an analysis of the county’s use and implementation of Azure and Microsoft Office, analysis of password policies, evaluation of Microsoft group policies, and a look at other key metrics around cloud security and cloud utilization.

Al Perez, Deputy Commissioner of IT, Nassau County, N.Y
When it comes to compute, government generally is just not accustomed to these random, changing costs.”

Al Perez Deputy Commissioner of IT, Nassau County, N.Y

The review helped to ensure that security is on target, and it also gave the county greater insight into its ongoing cloud expenditures. 

With cloud’s pay-as-you-go pricing structure, county officials wanted to have a better understanding of how the money was flowing. “When it comes to compute, government generally is just not accustomed to these random, ­changing costs,” Perez says.

The IT team needs to understand not only how much is being spent but what specific cloud services are being ­supported. In order for Perez to ­purchase a cloud service, that service has to exist somewhere on the state’s Office of General Services contract — but new cloud services are emerging all the time, and they can potentially slip through the cracks.

“It changes so quickly. You’ll get an invoice, and the part number for that service doesn’t match the New York state contract,” Perez says. Assessments can help to reconcile those differences.

In Arizona, periodic assessments help state IT leaders to right-size their cloud deployments. Agencies tend to buy cloud based on anticipated ­maximum usage, when the scalable nature of cloud actually makes it possible to effectively undersubscribe and then ramp up as needed. There’s a potential ­savings there if IT ­officials have sufficient insight across the cloud landscape.

“When the agencies first moved to the cloud, they overprovisioned and underconsumed,” says Arizona COO Gary Hensley. “Now we are looking for ways to optimize. They bought more than they will ever ­consume, and we want to right-size them into the right compute space and the right storage space so they are not paying for things they are not using.”

MORE FROM STATETECH: How has the pandemic opened doors for cloud-based data collection and analysis?

What Cloud Assessments Reveal for Your Agency

Nassau County granted CDW•G read-only access to its cloud tenants, enabling the assessment team to peer deeply into the consumption of services.

“You have CPU consumption, you have storage consumption, you have ­network consumption,” Perez says. “The assessment broke that all down and it gave us guidance for going forward, pointing to places where we could attain cost savings.”

The team also recommended more cost-effective methods for the county to purchase cloud services — for example, by purchasing “reserved instances,” which commit an agency to specified levels of usage. 

Meanwhile, Arizona officials ­conduct their assessments using tools provided by third-party vendors and public cloud partners. These include CloudHealth by VMware, Azure Advisor and Stackdriver for the Google Cloud Platform.


The percentage of states with a cloud-first strategy for all new apps (when feasible)

Source: National Association of State Chief Information Officers, The Agile State CIO: Leading in a Time of Uncertainty, 2020 State CIO Survey, October 2020

Assessment can drive cloud optimization, delivering metrics to align cloud resources with actual agency needs.

In Arizona, a recent ­assessment helped to rehome some website content. “We found two opportunities to reduce our Platform as a Service usage and put it onto a serverless ­environment. It saves us on the monthly cost of running a server, as well as on patching and all the overhead,” says Randy Wheaton, Arizona’s director of cloud and data center infrastructure.

In Nassau County, the assessment confirmed that the security protocols were functioning ­correctly and it helped to fine-tune some cloud deployments. Equally important: Assessments ­supported IT officials in their efforts to be transparent and accountable.

“An assessment gives us a way to validate that we know what we are doing,” Perez says. “If a legislator asks, if anyone asks, we can say, ‘Here is what we have, here is what we are using.’”

DIVE DEEPER: Find out how CDW Cloud Check can help you protect your cloud environment.

Illustration by Ryan Olbrysh

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.