The US Government faces ongoing challenges migrating applications to the Cloud. CIO’s in the federal government are trying to get answers to some challenging questions such as:
- Which systems can migrate off-premises?
- When may a hybrid solution be required?
- How will the migration be funded?
- Will it be more or less expensive than my current systems?
- During the migration – what level of risk will I be accepting?
These are basic questions – but not always straightforward to get accurate answers.
The Federal Risk & Authorization Management Program (FedRAMP) offers certification that has been designed as an efficient way to speed up the process for a project team to demonstrate compliance to the 2002 information security requirements legal requirements called Federal Information Security Management Act (FISMA). FedRAMP is a universe of nearly 365 information security controls that apply to the whole system. The required controls are distributed across the application layer, or software package and the platform such as the computer or network and the infrastructure including the data center. Because FedRAMP is an annual ongoing assessment process, the dynamic changes to information security are assured to be compliant. A great example is the introduction of NIST 800-171 which is a new information security requirement for controls to Protect Unclassified Information in Nonfederal Information Systems and Organizations. Implementation and registration to ISO 27001 can help firms look more broadly than the US Public sector information security requirements and absorb any and all new information security requirements with the adoption of a management system.
US Government market participants, large and small, bring their own biases to any given system or solution.
At a recent DICE conference n Tysons, VA Mr. Henry Tran the General Manager of Managed Hosting & CoLocation at Rackspace explained the paradigm shift this way. “The old way of thinking was that whoever has more data will win the war. The new paradigm is that the only when one can unlock the data, gain the insight the data offers will inform the decision making process.”
Nowhere is this more true than in the US Government. We are now collecting large swaths of data and to an increasing level of success we are applying information security to the enterprise systems to keep it secure. To truly take that next step, the data must now reside in a secure cloud.
When I was reading an excellent article on Data Center Knowledge about the top cloud migration service providers I felt it necessary to layer in feedback to public sector cloud migrations.
Cloud Service Providers, and others, to a large extent come to the table with existing strengths and weaknesses and natural biases. Whether your point of view is the CIO of a government agency or a software provider, enterprise partners that come to the table with ~80% of the FedRAMP credentials in compliance are a huge accelerator for the move to the cloud. Also essential is past performance migrating large systems from on-premises to off-premises and have solved the myriad of challenges that pop-up.
In summary, when seeking a partner to help you with public sector cloud migration the analysis and insight offered by Ms. Henderson’s article holds true. There are however, when migrating applications from a Public Sector customer a few more considerations such as is the provider independent and technology agnostic and are the FedRAMP controls in place across the Software, Platform and Infrastructure? Partners with past performance bridging this gap, helping new SaaS providers achieve FedRAMP certification can be very valuable.
Reference: http://www.datacenterknowledge.com/cloud/10-leading-public-cloud-migration-services-providers written by Nicole Henderson on 14 June 2018.