The Cloud Smart strategic framework for cloud migration has given federal agencies some reassurance that their transition to the cloud doesn’t have to be focused solely on a timeline that could disrupt current processes. If carefully planned, the transition will leave their technology stack more streamlined and effective than ever before. The key is in the planning. To make the move successfully, agencies will need to start at the very beginning by creating a roadmap for migration that prioritizes their current applications. Here are some things to consider before beginning the process.
Many agencies provide essential citizen services that cannot afford reduced performance, let alone a complete shutdown. This is why the first type of applications an agency should consider are those that are critical to its mission, but maybe not for the reason you think.
While cloud services aren’t inherently less secure, there are risks associated with transitions to any new environment. Until the cloud has been properly vetted and structured, those core apps that form the basis of an agency’s services are better left on-prem.
By starting with less-critical applications, agencies give themselves some time to gain an understanding of the new process and adapt to low risk before moving to those larger, mission-critical applications.
The secret to prioritizing apps while considering security posture is much the same as prioritizing by the app’s role in an agency’s mission—go for the low-hanging fruit first.
In the federal space, there is a huge range of application purchase dates, from brand new to decades old. Newer applications with relatively straightforward security protocols are good candidates for early prioritization. There are likely a handful of applications where the only change needed is a change of database. These “lift and shift” applications are low-risk, and a good starting point.
If security specialists are intimately familiar with the application’s build, there will be far less confusion during the transition than with an older, clunkier legacy application. In fact, a wide range of older applications have been left in place so long precisely because they are critical to the continued success of the agency’s mission, with very little tolerance for risk. These unwieldy systems demand time: time to be re-architected, componentized, and reoriented for functionality in the cloud, making them far from the ideal place to begin the applications migration journey.
Starting with the easy applications first is one approach, and it’s a great way to acclimate to the cloud environment with very little hassle. However, some agencies may decide to begin putting time against more complex applications, getting a head start on the work that promises to be the most time-intensive and, potentially, most rewarding. Both systems are viable, depending on the goals and mission of the agency. Once the mission and security factors have been dealt with, the architectural component will follow.
With applications consisting of all different types of architectures, identifying and prioritizing them gives agencies an actionable strategy, while identifying where there is wiggle room for easy updates and where there is not. It may even be possible, and advisable, to rewrite some applications to make them better suited for the cloud, either private or public. That’ll depend on your application stack, respective mission, and overall cloud migration timeline.
You may have newer applications that are less monolithic and depend on microservices. Those are perfect candidates for early cloud migration. Not only are they ideal for containerization, making it far easier to optimize for the cloud, but they’ll also take less legwork before migration, allowing agencies to begin showcasing ROI for their cloud environment investments earlier in the process. Deciding where to ultimately start will depend on the priorities and goals each agency sets at the beginning.
As always, a good journey starts with a good map. Agencies should take time to consider the factors involved, including their risk allowance, current security posture, the type of information they’ll be transferring, and their timeline for migration. Once these high-level decisions have been made, the rest will follow.
Inevitably, there will be unforeseeable roadblocks, because while a roadmap is important, you can’t account for everything. That’s why it’s important to analyze as best you can, prioritize accordingly, and continue to check in as you make the transition.
Charles Fullwood is senior director of software practice at Force 3