Tips From USCIS for Smooth Cloud Migration
The agency’s multi-cloud environment is presenting lessons around security and application migration.
U.S. Citizenship and Immigration Services offered agencies to take a piecemeal approach in determining which applications to migrate to the cloud and also keeping in mind proper security controls. The agency, which is currently in a multi-cloud environment, is re-architecting applications for platform-as-a-service (Paas).
“We do have some hybrid cloud projects going on at some of our service centers that support some local operations,” said USCIS Branch Chief for Enterprise Cloud Services Steven Grunch at a FedInsider event. “A large portion of our applications came to have a very good fit in the cloud, whether a commercial region or on a PaaS. However we do have some legacy applications and some very specialized applications that are used by different stakeholders in our organization, and we’ve had a really hard time moving them just because of the way they operate, how they’re used. We have a small pocket of apps that seems to be served better and can serve customers better by having them run locally rather than trying to migrate them to a public cloud region.”
Agencies moving to the cloud should keep mission priorities top of mind, he said, in order to sift through which applications to migrate to the cloud. Grunch also advised agencies to set up security controls immediately rather than waiting until after applications and data fully transition to the cloud.
“We spent a lot of time on multi-cloud strategy and implemented our cloud strategy and integrating security at the get-go,” he said. “Whenever we deploy a workload to the cloud, or we’re selecting a workload for one cloud the other, the security requirements, the behaviors and what we expect in the cloud from that subscriber or stakeholder, is monitored right away. We’ve taken a lot of effort to set up our security monitoring and cloud monitoring to be able to detect events and record and analyze different security events.”
Grunch warned against relying solely on cloud service providers’ security controls and emphasized mission-critical priorities as the deciding factor for additional cloud services to avoid ballooning cloud costs.
“Each cloud does security implementation a little bit differently,” he said. “The logging, some of the monitoring aspects are a little bit different, as well as if you were to run conversion infrastructure on-prem. The other thing I would caution against or warn other agencies about is cost containment. The more cloud and infrastructure you have, it becomes expensive in a number of different ways. Not only do you have to keep track of all the infrastructure and assets you’re deploying, but you also have to come up with cost models to be able to pay for it or recoup costs from stakeholders as they’re provisioning infrastructure components or services within the cloud.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
The Year Ahead: FBI’s 2025 Cybersecurity Priorities
The FBI is increasing awareness of vulnerabilities and employing AI-enabled tools to secure networks from sophisticated cyber threats.
19m listen -
Building the Future AI Infrastructure
Tech leaders are developing new investment, energy capacity and R&D strategies to build an infrastructure to sustain the rapid growth of artificial intelligence.
3m read -
Biden Signs New Tech Executive Orders Before Departing Office
Joe Biden signed two new executive orders this week promoting future cyber and AI priorities before Donald Trump takes office Monday.
5m read -
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read