When it comes to moving to the cloud, the Department of Homeland Security can fully admit it’s still in the business of learning and taking notes from those who have been early adopters.
DHS components, such as Customs and Border Protection, Citizenship and Immigration Services and the Transportation Security Agency, are all leading the way, said Kshemendra Paul, cloud action officer and deputy director for strategy and mission at the department’s Office of the Chief Information Officer.
“They’re way out in front of headquarters. Headquarters is playing catch-up, but there’s an opportunity when you’re playing catch-up, when you’re not the first mover,” he said Wednesday at FCW’s cloud smart summit in Washington. “We get to learn from the early adopters. We get to leverage their investment, and that’s key to what we’re doing.”
It’s why the department developed its own cloud policy and stood up its own cloud steering group a little more than a year ago. Both component and headquarters leadership sit on the committee, and together they identify agency best practices, while also setting the departmentwide agenda.
“We are issuing security guidance, workforce guidance [and] planning guidance, things like that,” Paul said. “Those become guardrails that help drive coherence over time.”
It’s also why John Zangardi, the department’s chief information officer, is leading a DHS Cloud Center of Excellence (CCoE), which the department stood up last summer. DHS leadership charged the department to use the cloud center of excellence to its advantage.
“That CCoE is coalescing our capabilities, Cloud Factory, [and] other activities, to build a couple of landing zones within the cloud and figure out how to better operate and migrate as a group that portfolio in headquarters to the cloud,” Paul said.
Of DHS’ 661 Federal Information Security Management Act (FISMA)-based systems, 281 of them are planning, in development, migrating or already in the cloud, Paul said. Put another way, about 10% of DHS applications are already in the cloud and another 30% are en route.
The Trump administration’s newly released “cloud smart” strategy is leading the way DHS approaches its continued journey to the cloud. The strategy’s three tenets — security, procurement and workforce — are also driving the department’s journey.
For example, Paul, along with DHS Chief Information Security Officer Paul Beckman, the CISO Council and members of the cloud action officer forum, have developed a future-state architecture for cloud-based cybersecurity.
“It gives a framework to organize the early adopters across the department,” Paul said. “We identified about 24 early adopters that we want to put a spotlight on and also identified some gaps, which then in turn allowed us to partner with S&T and the [Cybersecurity and Infrastructure Security Agency].”
When it comes to procurement, DHS, again, will look to its components for guidance.
CBP, for example, has developed a “lightweight authority to operate,” which DHS will build on, Paul said.
“At headquarters, [we’re] building on that with an authority to proceed [or authority] to operate kind of concept, where there’s a focus on [creating] a common controls catalog and be able to drive that forward,” he added.
In addition, DHS is continuing to prepare new acquisitions for the continued consolidation of its data centers, whose contracts expire next year.
The department plans to publish a draft statement of objectives for data center 1 (DC1), which Paul said should hit the streets in late fall or early winter.
“We’re committed to a multi-cloud future,” Paul said. “We’re not going to pick one cloud. There will be multiple clouds, but that doesn’t mean an unlimited number of clouds. Part of the conversation that we’re having internally and we’ll have with industry through an RFP process is what is the optimal configuration that balances scale, manageability, innovation [and] capability?”
When it comes to the DHS workforce, the department also realized most of the DHS OCIO staff didn’t know much about what it actually meant to move to the cloud.
“A lot of folks have some knowledge, but they don’t use the same terminology,” Paul said. “They have challenges sometimes talking to each other [or] talking as a group. We saw a huge value in baselining knowledge across OCIO.”
Donna Roy, executive director of the DHS Information Sharing and Services Office, recently led a cloud training day for OCIO employees. The department offered beginning, intermediate and advanced options for participants.
Paul said most employees, about 80-to-85% of them, enrolled themselves in the beginning level. The department plans to hold another cloud training stand-down day in September.
“Part of what we’re doing here now is tracking progress across the workforce. There’s huge excitement among the workforce, because people want to be part of the solution. They want to learn. They want to help shape the future,” he said. “The cloud stand-down days are critical to building that shared knowledge, shared vocabulary and shared enthusiasm across the workforce as we move to the cloud, which is a big transformation. People’s jobs will be changing over the next decade. Thinking about service-delivery with cloud-based models, we want our workforce to be a part of that [and] to help shape it, not to have it done to them.”