A data-centric approach to IT modernization requires agencies to consider three aspects of data optimization:
- Data proximity (Where is your data located today, and where should it be located?)
- Data security (What measures are you taking to prevent unauthorized access to data?)
- Data access (Who is using your data, and how is it being used?)
Placing data in ideal locations
Like we’ve seen in the private sector, federal agencies are showing increasing demand for hybrid multicloud architectures that let them position each data set in the environment that best supports it. Working with top cloud service providers offers a number of benefits around performance, agility and scalability, but on-premises systems are also sometimes required for mission-sensitive data with specific security needs.
For federal agencies, getting out of the data center business makes sense for a number of reasons, including taking advantage of the cost savings, network resilience, and more sustainable and energy-efficient operations that commercial providers offer. It’s also a key aspect of any effective data proximity strategy to enable a cloud-adjacent approach. This involves placing key government data sets in the same colocation facilities as on-ramps to top public cloud service providers. Positioning data in cloud-adjacent locations allows agencies to maintain control over their owned systems, while also taking advantage of cloud services on demand.
Enabling data protection and encryption—worldwide
Perhaps the defining story of IT over the last 10 years is the proliferation of services at the digital edge. These new edge services bring value to data sets in ways never before thought possible. However, digital proliferation at the edge has also given rise to a host of new cybersecurity challenges.
Federal agencies can help secure their data at the digital edge by adopting a zero-trust framework. This involves applying API-enabled, data-driven digital capabilities such as artificial intelligence and machine learning (AI/ML) to conduct behavioral surveillance, and thus better understand what constitutes typical user behavior—and what doesn’t. Any time the security methodologies detect user behavior that deviates from the norm, they can challenge that user, denying unauthorized access to key data sets.
Another aspect of an optimized data security architecture is WAN MACsec, which allows for secure, private transport of data on a global scale. It should go without saying that federal agencies can’t rely on the public internet for data transport, as it’s inherently vulnerable to cyberattack—not to mention less reliable and more expensive. MACsec provides a secure alternative, but it has traditionally been limited to local last mile/first mile connections. Now, with WAN MACsec, agencies can deploy MACsec on a global scale, helping them encrypt data in transport no matter where in the world their mission takes them.
Private peering is another option to support encrypted data sharing. Setting a physical point-to-point cross connect between the agency and their supply chain partner can provide maximum security, in addition to greater reliability and minimized latency. Private peering requires the two partners to be physically colocated in the same facility, potentially making it costly and time-consuming to set up. This is why private peering is best used for your select few partnerships that require you to consistently exchange very large volumes of data.
Making data available to the right people