Australian government agencies are rapidly moving to cloud in a big way. Migrations are typically well underway, with initiatives like the Digital Transformation Agency’s Secure Cloud strategy, and the NSW’s government’s ‘public cloud first’ policy providing the tools and guidance to trigger widespread adoption.
Through existing lift and shift strategies, agencies have an opportunity to select a cloud landing zone – the ‘base’ level from which to build their architecture – that’s fit for purpose. That involves identifying the risk posture of each workload and picking a suitable landing zone based its requirements for security and availability.
Agencies are doing a good job of executing these strategies, consulting with their partners to build multi-cloud profiles that work for them, although they typically don’t account for newer technologies, such as cloud-native computing and containers.
These technologies are set to have a transformative impact on cloud and application architecture. Agencies that account for container infrastructure as part of their cloud strategies will realise a myriad of benefits and become more agile and effective IT organisations.
Achieving this requires a shift in mindset. Containers can’t be shoehorned into existing strategies, as agencies must carefully plan implementation in a holistic and meaningful way to realise maximum benefit.
A new paradigm that presents new challenges
Containers are effectively ‘packages’ of software that contain all of the necessary elements for an application to run quickly and reliably from one environment to the next. They’re more versatile, require less resources, offer increased portability, and pave the way for more ‘agile’ ways of working, compared to using virtual machines on Infrastructure-as-a-Service (IaaS).
To realise these benefits, agencies must incorporate containers into the heart of their technology strategies. That’s because containers and Kubernetes – the major platform used to manage containers – deliver a much more consistent deployment environment that’s used for more efficient delivery practices, such as DevOps.
Many experts argue containers will become the default mechanisms for deployment for applications within the next few years. To ensure they’re adopted properly, agencies must consider the cost and risk associated with implementing an entirely new platform, on top of the infrastructure clouds and develop a plan to address core challenges.
Some challenges that arise from container investment include;
- Difficulties arising from major shifts in how IT teams operate their infrastructure and cloud environments
- Managing and developing new architectural paradigms, particularly the concept of applications being broken up into microservices and run as containers.
- Developing and instilling new engineering processes, including supporting a shift to agile and DevOps
- New security challenges, including a widened new attack surface, new access control models, and hidden software supply chain dependencies.
Addressing risk effectively
A Red Hat report recently found human error is the leading cause of Kubernetes security mishaps, with 94% of DevOps, engineering and security professionals saying they’ve experienced a Kubernetes or container-related security incident over a 12-month period.
These risks are expensive and complex to address, given agencies are already strained for resources and the right talent is in high global demand. Many will already have multiple clouds and now must now reconcile with each of those having containers layered on top, complicating their compliance obligations.
Kubernetes clusters tend to sprawl across entire cloud environments. They’re not a siloed, separate set of applications that live in one cloud. They will exist throughout the entire cloud environment, wherever the data lives.
Agencies can’t simply ignore container technology, as their benefits are game-changing. Nor can agencies reduce or scale down the number of clouds they use, as each provides key advantages for their organisation.
Turning risk into an opportunity with the right partner
Despite its challenges, using Kubernetes provides a unique opportunity to help manage your risks. Like with IaaS, agencies can produce a decision framework to evaluate their application portfolio and container tech and select the right cloud location for specific workloads.
Agencies must lean on their partners to help them conduct risk assessments and define, deploy and enforce policies across their environments. This will enable them to create a consistent operational and security posture for container assets.
Standard public cloud container platforms require a lot of expertise and effort to secure and organisations are struggling to meet this challenge with their internal resources. Whilst there are a very large number of security products that can be layered onto container platforms, the baseline of secure configuration and operation remains largely unaddressed.
Best practice recommendations from industry leaders are also not easy to retrofit to existing deployments. Enterprises that are adding containerised applications to their technology estate must seek external assistance to bake a ‘secure by default’ posture into the platforms that underpin their containerised applications. Otherwise, they risk exposure through an insufficient initial security posture, or through configuration drift over time.
By adopting and managing containers in a secure way, government agencies can leverage the full gamut of public cloud services and containers as part of one consistent, multi-cloud environment. That provides a wealth of opportunities for the future, resulting in more efficient teams and better government services.
