Tips From USCIS for Smooth Cloud Migration
The agency’s multi-cloud environment is presenting lessons around security and application migration.
U.S. Citizenship and Immigration Services offered agencies to take a piecemeal approach in determining which applications to migrate to the cloud and also keeping in mind proper security controls. The agency, which is currently in a multi-cloud environment, is re-architecting applications for platform-as-a-service (Paas).
“We do have some hybrid cloud projects going on at some of our service centers that support some local operations,” said USCIS Branch Chief for Enterprise Cloud Services Steven Grunch at a FedInsider event. “A large portion of our applications came to have a very good fit in the cloud, whether a commercial region or on a PaaS. However we do have some legacy applications and some very specialized applications that are used by different stakeholders in our organization, and we’ve had a really hard time moving them just because of the way they operate, how they’re used. We have a small pocket of apps that seems to be served better and can serve customers better by having them run locally rather than trying to migrate them to a public cloud region.”
Agencies moving to the cloud should keep mission priorities top of mind, he said, in order to sift through which applications to migrate to the cloud. Grunch also advised agencies to set up security controls immediately rather than waiting until after applications and data fully transition to the cloud.
“We spent a lot of time on multi-cloud strategy and implemented our cloud strategy and integrating security at the get-go,” he said. “Whenever we deploy a workload to the cloud, or we’re selecting a workload for one cloud the other, the security requirements, the behaviors and what we expect in the cloud from that subscriber or stakeholder, is monitored right away. We’ve taken a lot of effort to set up our security monitoring and cloud monitoring to be able to detect events and record and analyze different security events.”
Grunch warned against relying solely on cloud service providers’ security controls and emphasized mission-critical priorities as the deciding factor for additional cloud services to avoid ballooning cloud costs.
“Each cloud does security implementation a little bit differently,” he said. “The logging, some of the monitoring aspects are a little bit different, as well as if you were to run conversion infrastructure on-prem. The other thing I would caution against or warn other agencies about is cost containment. The more cloud and infrastructure you have, it becomes expensive in a number of different ways. Not only do you have to keep track of all the infrastructure and assets you’re deploying, but you also have to come up with cost models to be able to pay for it or recoup costs from stakeholders as they’re provisioning infrastructure components or services within the cloud.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Officials Consider Zero Trust Challenges for Satellite Cybersecurity
Infrastructure experts call for better public-private cooperation to tackle cybersecurity in the planet's orbit.
4m read -
Agencies Want to 'Demystify' Generative AI to See Greater Adoption
Managing concerns over generative AI capabilities requires sharing best practices and use cases for workflows.
2m read -
VA Kicks Off EHR Program at Joint Facility with DOD
The agency's Dr. Neil Evans briefed how the Oracle-Cerner program rollout in North Chicago is informing next steps in EHR modernization.
4m read -
USDA to Release AI Strategy in Upcoming Months
Deputy CDO Freddy Diaz said a plan for AI following its new data strategy is in the works and will focus more on workforce.
2m read