5 Online Tools Uncle Sam Wants You To Use

Dawn Leaf, deputy CIO at the Labor Department, likens the department's migration of email and human resources applications to the cloud to Charles Dickens's famous opening line in A Tale of Two Cities: "It was the best of times, it was the worst of times."

"It's a little melodramatic to compare moving to a cloud services model or a federal shared services model to the French Revolution," she conceded, "but I do think there is a certain analogy, in the sense that there is definitely an upheaval, if not a revolution.

"Intuitively we would all think that moving to commercially provided services or federal shared services would be easier," Leaf continued, speaking at the FOSE government technology conference last week. "I would argue that, based on our experience over the last 18 months or so at DOL, this is not necessarily the case. There are some things that are easier; there are some things that are harder."

[Are your cloud providers sharing vulnerability information on a timely basis? Read Cloud Providers Must Share Discovered Vulnerabilities .]

DOL recently moved two legacy systems to different clouds: Email for 17,000 workers at offices around the nation was migrated to Microsoft 365 for Government's federal community cloud; and a time-and-attendance human resources application was relocated to a federal shared-services model hosted by the Treasury Department.

Leaf said both migrations have been successful, but not without some hurdles along the way.

Figure 1: (Image: Wikimedia commons)

Leaf and Robert Owens, CIO in the Office of the Inspector General at the Health and Human Services Department, both strongly contend that enterprise readiness is a major factor in reducing complications on the road to a successful cloud migration. Owens, who also spoke at FOSE, and his team in the OIG office of IT are also leading an OIG cloud email move to Microsoft 365 for Government. Their move is about 60% complete.

"One of the things that we found with cloud email is that the real work was in getting the environment ready to connect," Leaf said. "We found we had over 150 inconsistencies in office infrastructures that we had to clean up before we could even move to the platform to access Microsoft 365."

Another infrastructure hurdle for DOL was bandwidth. "You need bandwidth to get to anything outside," Leaf pointed out. "We needed to quadruple our bandwidth, and that's not something that happens overnight. We had 530 circuits that we had to upgrade."

Owens added, "People talk about cloud solutions, and you might think they are easy. They are not easy. That was a lesson we learned. You have to be enterprise-ready. You're taking an enterprise-ready solution and plugging into your environment, and where there are deficiencies, you're going to find out quickly."

Being enterprise-ready, he explained, means having strong policies and procedures, a stout configuration and change management program, and a robust network. "You need these in place before you can be successful in any of the solutions you pick for the cloud."

To ensure enterprise readiness, the HHS OIG team performed

a "discovery" exercise on all the OIG networks and circuits at sites across the nation. This investigation included a physical inventory of all the hardware at OIG offices. "That helped out in determining any equipment that had reached end of life," said Brock Stevenson, the OIG's liaison to Microsoft.

As a result of the infrastructure cleanup, Stevenson said, the OIG was able to retire some legacy environments, such as an email security appliance and an email archiving system, and reap operational cost savings.

At DOL, the benefit of enterprise readiness was similar. "A good thing is that when you're moving to external services, that can help drive your internal standardization," Leaf said. "We had nine different email infrastructures that were all developed with different visions. It's like we had this house over decades where the individual occupants and owners all built out what they wanted. We actually had [sites] where people were buying parts for servers on eBay. Having an effort where you're going to get outside services is like having [a house] inspection -- it forces you to look at yourself and really start to standardize."

Leaf reminded IT managers that in moving to the cloud, they must retain clear oversight. "Delegation -- and that's what you're doing; you're delegating your authority of your IT services -- is not the same as abdication," she said. "The bottom line is when stuff is not working, it doesn't matter how many contracts you have out there, and it doesn't matter who wrote them. You are the IT services organization; you are the CIO or the office of the CIO. You are the one that [users] are going to come to."

Due diligence is key to oversight, she added. "Make sure you're managing the program like you would anything else."

Sharing experiences with other agencies that have migrated to the cloud or are planning a cloud move can make the experience less painful. The HHS OIG, in fact, is establishing a Microsoft Office 365 for Government federal users group.

"Our goal this summer is to set up a meeting to get as many in the federal community as possible and talk about our goals," Owens said. "We think if we speak with one voice to Microsoft, it will provide incredible value... we can share best-practices across the federal community to get the best value out of this investment. When we work with a vendor with one common voice, it's going to help them and it's going to help us."

NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.