In-House vs. the Cloud: How Should Federal Agencies Manage Their IT Security?

In-House vs. the Cloud: How Should Federal Agencies Manage Their IT Security?

Full-stack cloud is a better choice for federal agencies.

Your agency has replaced some of your legacy IT with a cloud solution. Are your reasons for not going full stack penny-wise but pound-foolish?  

Even a few years ago, too many questions persisted about the security of public cloud-based platforms for federal agencies to take the risk of switching away from in-house, hardware-based IT.  

The gap between the two options is now nearly eliminated, thanks to cloud vendors like Amazon Web Services (AWS).

How the cloud landscape has changed

  • The baseline for acceptable security has been largely reset, and most federal agencies have found an enterprise-level cloud solution that replaces legacy IT, at least for the hardware layer.
  • Even better: Now that the best cloud vendors have set their sights on full-stack services for their most high-security customers, solutions like their GovCloud (US) even meet the standards set by FedRAMP, the Department of Defense's SRG and DFARS, and the Justice Department's CJIS.
  • As the industry leader in secure technology solutions such as the Acadis® Readiness Suite for federal agencies, Envisage entrusts our customers' data to AWS as well.

The benefits of using a full-stack cloud solution

Essentially, agencies taking advantage of these infrastructure as a service (IaaS) and platform as a service (PaaS) options get all of the benefits of cloud infrastructure without having to manage it.

  • No configurations or patching are needed.
  • Security authorizations like FedRAMP's require that cloud vendors uphold strict data handling and protection standards.
  • Your agency still has access to security reporting, as in-depth or high-level as you want.

So, why are agencies not embracing full-stack cloud?

As good as this news is, administrators at many agencies may have mixed feelings.  

It's true, they acknowledge, that agencies with the deepest pockets and the highest-profile security needs should rejoice at the set-it-and-forget-it security solutions delivered by premium services.  

But for agencies where priorities—and budgets—are not so easily shifted, moving to a full-stack solution can be a big ask.  

Here's where a common (though deceptive) temptation may arise.  

If full-stack solutions aren't feasible, agencies may reason that investing in a lower-cost private cloud option instead, administered by their in-house IT team, is a viable possibility.  

Their teams are made up of competent professionals, after all; can't they design, deploy, and maintain a functional, secure, standards-compliant solution modeled after the premium services?

What federal agencies need to consider with cloud IT

  • Unlike your in-house staff, vendors like AWS employ a staff of thousands who stay on top of the latest advances in hardware, configuration, development, security, threat assessment, and data protection.
  • As standards like FedRAMP evolve, full-service vendors adjust their compliance accordingly, taking the burden off of your team.
  • Under a full-stack solution, your team spends zero time on tasks like repairs and troubleshooting that suck up valuable hours they could put to more productive use.
  • Readiness-focused in-house teams can monitor the directions your agency needs to build out; when it's time to take the next step, there's no patching or sunk costs in legacy systems. You consult with your vendor, and they make the transition for you, seamlessly and quickly.  
Remember that adopting an external premium solution isn't failing to capitalize on your team's potential to deliver. It's capitalizing on their potential beyond the traditional IT responsibilities that full-stack service makes unnecessary.  

Freed from the undifferentiated and repetitive tasks that would be handled in the cloud, your in-house team can focus its efforts on a bigger-picture readiness strategy, more closely aligned with your agency's mission and purpose.  

Even that familiar factor that can stop best practices in their tracks—cost—has become less of a hurdle recently, given the emergence of the economies of scale enjoyed by the biggest cloud vendors.  

"It seems counterintuitive, but our goal is to offer the most secure, responsive, scalable product to our customers, at the lowest cost," Gerard Gallant, a senior program manager at AWS, said at Readiness Summit 2021.

Conclusion

Although it may seem daunting to lead the way in shifting your agency from a hybrid system to a full-stack solution, the need for the comprehensive services offered by premium public cloud vendors grows more urgent as technology—and threats—become more complicated and sophisticated.  

Delaying the switch is not just penny-wise and pound-foolish: It poses real security risks and inefficiencies that 21st century federal agencies can't afford to ignore.  


Read more about how AWS enhances Acadis with cloud security and efficiency.

Full-stack cloud is a better choice for federal agencies.

Your agency has replaced some of your legacy IT with a cloud solution. Are your reasons for not going full stack penny-wise but pound-foolish?  

Even a few years ago, too many questions persisted about the security of public cloud-based platforms for federal agencies to take the risk of switching away from in-house, hardware-based IT.  

The gap between the two options is now nearly eliminated, thanks to cloud vendors like Amazon Web Services (AWS).

How the cloud landscape has changed

  • The baseline for acceptable security has been largely reset, and most federal agencies have found an enterprise-level cloud solution that replaces legacy IT, at least for the hardware layer.
  • Even better: Now that the best cloud vendors have set their sights on full-stack services for their most high-security customers, solutions like their GovCloud (US) even meet the standards set by FedRAMP, the Department of Defense's SRG and DFARS, and the Justice Department's CJIS.
  • As the industry leader in secure technology solutions such as the Acadis® Readiness Suite for federal agencies, Envisage entrusts our customers' data to AWS as well.

The benefits of using a full-stack cloud solution

Essentially, agencies taking advantage of these infrastructure as a service (IaaS) and platform as a service (PaaS) options get all of the benefits of cloud infrastructure without having to manage it.

  • No configurations or patching are needed.
  • Security authorizations like FedRAMP's require that cloud vendors uphold strict data handling and protection standards.
  • Your agency still has access to security reporting, as in-depth or high-level as you want.

So, why are agencies not embracing full-stack cloud?

As good as this news is, administrators at many agencies may have mixed feelings.  

It's true, they acknowledge, that agencies with the deepest pockets and the highest-profile security needs should rejoice at the set-it-and-forget-it security solutions delivered by premium services.  

But for agencies where priorities—and budgets—are not so easily shifted, moving to a full-stack solution can be a big ask.  

Here's where a common (though deceptive) temptation may arise.  

If full-stack solutions aren't feasible, agencies may reason that investing in a lower-cost private cloud option instead, administered by their in-house IT team, is a viable possibility.  

Their teams are made up of competent professionals, after all; can't they design, deploy, and maintain a functional, secure, standards-compliant solution modeled after the premium services?

What federal agencies need to consider with cloud IT

  • Unlike your in-house staff, vendors like AWS employ a staff of thousands who stay on top of the latest advances in hardware, configuration, development, security, threat assessment, and data protection.
  • As standards like FedRAMP evolve, full-service vendors adjust their compliance accordingly, taking the burden off of your team.
  • Under a full-stack solution, your team spends zero time on tasks like repairs and troubleshooting that suck up valuable hours they could put to more productive use.
  • Readiness-focused in-house teams can monitor the directions your agency needs to build out; when it's time to take the next step, there's no patching or sunk costs in legacy systems. You consult with your vendor, and they make the transition for you, seamlessly and quickly.  
Remember that adopting an external premium solution isn't failing to capitalize on your team's potential to deliver. It's capitalizing on their potential beyond the traditional IT responsibilities that full-stack service makes unnecessary.  

Freed from the undifferentiated and repetitive tasks that would be handled in the cloud, your in-house team can focus its efforts on a bigger-picture readiness strategy, more closely aligned with your agency's mission and purpose.  

Even that familiar factor that can stop best practices in their tracks—cost—has become less of a hurdle recently, given the emergence of the economies of scale enjoyed by the biggest cloud vendors.  

"It seems counterintuitive, but our goal is to offer the most secure, responsive, scalable product to our customers, at the lowest cost," Gerard Gallant, a senior program manager at AWS, said at Readiness Summit 2021.

Conclusion

Although it may seem daunting to lead the way in shifting your agency from a hybrid system to a full-stack solution, the need for the comprehensive services offered by premium public cloud vendors grows more urgent as technology—and threats—become more complicated and sophisticated.  

Delaying the switch is not just penny-wise and pound-foolish: It poses real security risks and inefficiencies that 21st century federal agencies can't afford to ignore.  


Read more about how AWS enhances Acadis with cloud security and efficiency.

The National Decertification Index (NDI) is a national registry of police officers whose law enforcement credentials have been revoked due to misconduct.

For more than 10 years, the NDI has provided police departments, state agencies, and other organizations with decertification data about potential hires.