The Department of Homeland Security has learned a few things about cloud migration, and it’s applying those lessons as it considers which of its 650 systems to move next.
As DHS began migrating to the cloud, the Information Sharing & Services Office quickly found security staff had reservations, and network staff was arranging the infrastructure physically rather than virtually, said Donna Roy, executive director of ISSO.
“I realized that my group had gone too far ahead,” Roy said at a FedInsider event Tuesday.
So DHS provided three rounds of cloud awareness training: first to all employees, then to those performing the migration and finally to any who needed to be certified in their procurement roles.
“If your workforce doesn’t understand [cloud] across the board, buying-as-a-service is not easy, and computing-as-a-service is not easy,” said Zain Ahmed, a general manager at tech company CenturyLink.
Of the operating components for DHS’s hybrid, multi-cloud environment, three are getting the most attention, Roy said. Security, network monitoring and application management all must be consistent, she said.
“Because when a [Transportation Security Administration] system connects to a [Customs & Border Protection] system — and they meet each other and one goes down — we don’t want to know which cloud it’s in; we want to know how to get it back up, what’s the mean time to recover and how do we keep people moving at the airport,” Roy said.
Network monitoring is critical because DHS does business in about 200 countries with 60,000 first responders and 800,000 police officers. If even a small connection is severed, traffic flow in and out of the cloud could stop, Roy said.
Similarly application management is important because, if done right, it leads to “self-healing infrastructure” that fixes security issues on devices before users even detect them, she added.
DHS’s chief information officer, who oversees ISSO, doesn’t embark on any new cloud endeavor without consulting the department’s chief data officer, Roy said.
“If I were to start a greenfield, I would take the approach of understanding where the data should be first and creating a cloud strategy on that,” she said.
Once that’s done, the department or agency can turn its attention to identity management — how it authenticates uses and whether they will operate inside or outside the cloud. DHS’s identity management approach drives all cloud migration capabilities, Roy said.
The department is able to track the cost of operating in the cloud over time, the time it takes to migrate apps to the cloud and the effectiveness of network and storage computing.
“We’re consistently following a cohort of professionals, who are architects and security engineers, who we are hoping to make much more productive,” Roy said. “We’re setting a baseline for how much it costs to move a capability into cloud, how much it costs to operate that and what the optimized cost is.”
DHS issued a request for information on data center consolidation and cloud migration at its headquarters, and so far there have been 105 responses, Roy said.