DoD Cloud Exchange 2024: Akamai’s Robert Gordon on streamlining cloud operations at scale
Managed service providers can tackle the coordination necessary across cloud providers, DoD agencies and multitude of apps, the Akamai systems engineer says.
For the Defense Department, the benefits of hosting applications in the cloud bring some challenges. Chief among them? Avoiding the cost and time of repeatedly developing computing services common across all applications.
The simple answer is that DoD agencies should instead develop once and use many times, said Robert Gordon, director of engineering for Akamai Defense. The development and deployment of such services offers an ideal way to use managed service providers, he said. MSPs operate in a value-added manner between DoD agencies and primary commercial cloud service providers.
“On one side, there are the mission application teams that are trying to move their workloads to the cloud. On the other side, MSPs sit on top of the commercial clouds, and they try to figure out ways to be able to support these applications at massive scale,” Gordon said during Federal News Network’s DoD Cloud Exchange 2024.
DoD components sometimes have hundreds or thousands of cloud-hosted apps in what he called critical mass. Each, though, needn’t have its own unique services.
For example, every cloud application requires a user access mechanism that’s not related to the operation or logic of the app itself. Access solutions, Gordon said, can be difficult to engineer because of the many DoD rules around security and other characteristics.
Akamai “focuses on those common hard problems because the benefit of solving that problem is multiplied by hundreds or thousands of instances,” he said.
After access comes authentication “and how it fits in with the zero trust initiative that’s sweeping through DoD and is totally tied in with the cloud is another aspect of this,” he said. “The mission application teams are on their own to try to figure out how to do it, unless there’s a common services layer” providing the service.
Such common services “are the things the MSPs should look for, the things that everyone’s going to have to do,” he added. “Everyone’s going to have to solve this problem.”
Taking advantage of common services at scale
Some common services occur on the back end of applications, such as database calls or network connections among apps, Gordon said. He named single sign-on systems that require connections from, say, an application in the Army to an application in the Defense Information Systems Agency.
“They may not have a plug into the Army, or Air Force or whatever DoD backend that has all the enterprise information,” Gordon said.
Plus, application owners typically face a complicated process to obtain access.
An agency’s tech or development staff might know how to write identity cloud service or security assertion markup language, Gordon said. “But that’s only part of the puzzle. The back end is equally important,” he said. “You have no way of figuring out what the attributes are that you need to make your decisions. You have no way of enforcing authorization in a common way, using those attributes.”
Migrating data to the cloud and operating data exchanges also provide opportunities for use of common services, he said.
“Whether database access, or even system-to-system communication, most of these are big, complex systems with a lot of trading partners that are used to being able to FTP files to each other,” Gordon said.
That’s because everyone was on the same DoD information network. The cloud complicates those exchanges and communications connections because now systems use the internet and commercial clouds.
“This is another area where the MSPs provide common services to try to streamline that,” Gordon said. “And when they can’t provide common services, MSPs at least provide playbooks so that the application teams that need to do these things know what they need to do it in a compliant, secure and data-aligned way.”