Modernization

TSA releases updated cloud strategy

A hybrid cloud architecture should help the agency better manage data as it adopts new passenger screening technology.

October 4, 2019

(Getty Images)

The Transportation Security Administration wants to better manage data using cloud solutions in order to ultimately improve passenger screenings.

TSA released its Cloud Strategy 2.0 on FedBizOpps this week, adopting a “Cloud First” approach for all new information technology services and a “Cloud Smart” approach for existing applications.

The updated strategy outlines a hybrid cloud architecture that will see sensitive data stored in a data center and transaction data in applications in private and public clouds.

“TSA’s plans to implement Advanced Passenger Screening capabilities are dependent on the ability to collect and analyze large amounts of data,” reads the strategy. “Therefore, elasticity of storage and computing capability available through cloud solutions is essential to success.”

Having formed a Digital Services Team in 2018, TSA will next create a permanent Cloud Team to guide cloud migration and operations as a “center of excellence,” according to the strategy. The team will analyze apps and data to determine which ones should be retired, or refactored or re-hosted in the cloud.

The agency will first consider software-as-a-service (SaaS) solutions and then infrastructure- and platform-as-a-service alternatives. SaaS will be used for support services like email with Salesforce being the first to be implemented.

IaaS will be deployed for mission-unique apps used for vetting and intelligence and hosted in private clouds. Microsoft Azure solutions will be the first cloud solutions used with IaaS apps.

A combination of IaaS and Paas will be employed for custom apps hosted in data centers and refactored or re-hosted in the government cloud.

TSA estimates migrating apps to the public cloud will “take considerable time and effort.”

The agency wants to “rapidly prototype” capabilities using its data, per the strategy. And only Federal Risk and Authorization Management Program-certified solutions that comply with the TSA Cloud Security Handbook and Enterprise Architecture Service and Cost models will be considered.