NC IT Roadmap - Cloud Technologies NC IT Roadmap: Cloud Technologies NC IT Roadmap Technology Foundations Broadband Security Cloud Technologies Identity & Access Management Data & Analytics Applications Digital Transformation In the last decade, cloud technologies have dramatically changed the IT landscape. Ten years ago, we were still exploring the basics of what cloud could do, focusing on cloud offerings as a way to cut costs. Today, we understand that cloud services are much more than a way to save money on hosting infrastructure. Instead, cloud has become a driver of business transformation. To provide effective government services, our information technology strategies must include investments that capitalize on the power of cloud strategies and solutions. This includes a reevaluation of the state’s existing data centers. As we move towards business transformation, rather than asking, “why cloud?” we are instead asking “why not cloud?” Going forward we will be using a “Cloud First” approach. This doesn’t mean we will do everything in the cloud, but rather if a cloud solution is a good fit, we should use it. We will continue to use private cloud and on-premise solutions where necessary, resulting in a hybrid cloud environment. With a well thought-out framework we can maximize our cloud investment and accomplish business objectives, help avoid unnecessary costs, drive efficiencies, reduce costs overall, and make better business decisions. We are taking this approach for many reasons: Reducing the cost of foundational IT components and infrastructure helps improve the efficiency and effectiveness of government services. Public cloud computing costs continue to drop, and it is now more cost-effective than continuing to manage and support on-premise and private cloud infrastructure. Cloud computing and “as a Service” technologies eliminate the need for up-front capital expenditures and provide more predictable year-over-year costs, often through pay-for-what-you-use pricing options. Cloud models are faster and easier to provision and, when used correctly, have less security risk. Over the next few years we will be implementing the components of a Cloud Center of Excellence (CCOE). A CCOE allows us to oversee cloud computing policy, cloud provider selection and relationships, cloud solution architecture, and workload placement and governance. We are already well down this path as more and more of our applications are software as a service or their infrastructure is hosted in a public cloud, but there is still more to do. New Cloud Services Integration Platform as a Service (iPaaS): With the adoption of cloud, agencies are either migrating their applications to cloud or developing new applications in the cloud. These cloud applications still need to communicate with other on-premises and cloud-hosted applications. To facilitate our migration to the cloud, we are modernizing our application integration capabilities using integration-platform-as-a-service (iPaaS). With iPaaS we will gain capabilities required for digital business transformation, and bring a shared focus and approach to application integration. Agencies will no longer have to rely on centralized IT team to develop integrations. Leveraging an easy-to-learn graphic user interface, iPaaS enables both the IT team and lines of business users to develop application integrations, rather than writing code. This empowers agencies to leverage the iPaaS platform, develop, and deploy application integrations on their own. Disaster Recovery as a Service (DRaaS): This service will allow agencies to ensure that their applications, particularly their critical applications, have affordable disaster recovery capabilities in place. DRaaS provides an easier, more cost-efficient way to replicate an application either in the cloud or on premise for agencies at any time. This new capability will not only reduce security risks but improve business continuity efforts for critical applications. Cloud Access Security Broker (CASB): The CASB will help govern the use of cloud services and protect data. CASBs enable management of security features between data centers and cloud providers as well as between cloud providers through a single console. The CASB does this by enforcing enterprise security policies related to authentication, authorization, single sign-on and encryption among others. The enforcement of enterprise security policies will work in conjunction with the state’s Identity and Access Management (IAM) service. Cloud Services in Progress Implementing a Cloud Management Platform (CMP): The CMP will provide for the management of private, public, and hybrid cloud environments. The technologies implemented to create this platform will provide Infrastructure as a Service (IaaS) capabilities to be an extension of DIT’s data center. This platform will allow customers to self-provision cloud services as well as infrastructure services within the data center. The first phase of implementation will focus on the provisioning of servers, databases, and storage. Implementing a Cloud Service Broker (CSB): The CSB will allow the State to more seamlessly leverage various cloud options. DIT has contracted with a vendor who will serve as a cloud service broker while we mature internal processes and the use of cloud services continue to grow throughout state agencies. The vendor will work with agencies requiring assistance in selecting cloud resources. The vendor will use the state’s criteria as well as customer requirements to help select from various cloud service providers including DIT’s data center. In addition, the vendor will monitor the fluctuating cost of the cloud vendors and contact customers when that cost falls outside of their requested range. Having the vendor manage the processes initially will help our teams understand the different cloud service capabilities, how to monitor them, develop more in-depth criteria for work load management, and ultimately assume the service ourselves.