Insight by Maximus

Taking to the cloud by ‘STORM’ — stabilize, transform, optimize, refactor and mature

Whether your agency has just begun to evaluate its cloud options or it’s moving full steam into the cloud. The STORM framework — stabilize, transform, optim...

STORM. It’s an acronym for migrating to the cloud that plays off the weather concept. But really, it’s more than a clever acronym. It’s a framework meant to help ensure federal agencies succeed in moving to the cloud, Maximus’ Frank Reyes likes to say.

It might be easy to think: Hasn’t the federal government already moved to the cloud? But in reality, the adoption across the vastness of the government is “jagged,” said Reyes, cloud solutions leader at Maximus.

“Certain organizations, even subagencies within departments, are accelerating their journey and building out their cloud operating models while other agencies are still considering if moving to the cloud is right for them,” Reyes said. “As technologists, we have to be mindful of that.”

And that’s where the Maximus STORM framework comes in. It stands for stabilize, transform, optimize, refactor and mature. Reyes shared how Maximus, a systems integrator with a focus on customer experience, uses the five-step framework to help agencies plan and carry out cloud adoption.

Even before embarking on a cloud journey, he encouraged agency business and technology teams to do two things:

  • Identify and enlist a champion (or two) within the organization’s senior leadership: “An IT modernization is not an easy process,” Reyes pointed out. “You’re going to have to have individuals that can make decisions at the right level, whether it’s personnel, budget or direction and shaping.”
  • Set a vision based on desired outcomes: Even when there are mandates, vision matters, he said. “Deconstruct what that means to your users,” Reyes advised. “In the end, how is your cloud migration going to help veterans access healthcare better? How’s this going to make it easier for legal migration through our ports of entry? Does it extend the protections in place for critical infrastructure?”

Working backwards lets an organization identify and prioritize its applications — those with the greatest value relative to the desired outcomes, Reyes said. From there, cloud “brainstorming” can begin in earnest.

Cloud Migration Phase 1: Stabilize

The stabilize phase helps determine readiness and lets an organization bring together all the different groups and players that need to be involved in a cloud migration. That includes the C suite leaders — the information, finance, security, CX chiefs and the like — but also the operational teams and mission owners who will be running the programs making use of applications, compute and services in the cloud.

“That’s where we overlay customer experience because it’s ultimately the federal employee who may be using this application to do their work or a citizen applying for disaster aid,” Reyes said.

During this phase, the team identifies projects that will lead the migration. Initially, agencies will want both a project tied to the outcome goals but also that can deliver an early win, help showcase the value of cloud and begin the cultural mindset changes that will be necessary, he said.

Additionally, it’s during this assessment period that an agency will want to evaluate cost factors. Ultimately, like all IT programs, the goal should be to establish a total cost of ownership model, Reyes said.

“We expand the definition from beyond just the cloud operations. Have you factored in your training costs? Are you considering the amount of upskilling you may want to do? Are you looking at process reengineering?” he said. “Because if you look at just getting your data and your applications into the cloud, you’re not looking at the entire migration.”

Cloud Migration Phase 2: Transform

During the second phase, the focus becomes planning how the agency might need to modify — or transform — processes and applications that it intends to move to the cloud.

“We call it abstraction,” Reyes said. It’s basically the idea that with the help of a team of third-party experts, an agency can remove some of the complexity and simplify the process of defining what can and should move to cloud, along with how and when. “We have lessons learned that we can bring to you from throughout the Homeland Security Department and other agencies,” he said.

In the government, moving to cloud is rarely an all-or-nothing proposition “where you take an existing workload and just move it all to the cloud,” Reyes said. “That’s everybody’s dream. But as we know, with legacy federal IT systems or monolithic applications, that’s not the case. Understanding these intricacies is a big part of what we focus on.”

During the transform phase, the agency defines its roadmap to the cloud and breaks down each application so that the migration team understands the applications and their underlying processes end to end.

Cloud Migration Phase 3: Optimize

Next comes optimization. “Now that you understand your whole application — from developing it to the user experience — let’s consider how to optimize it,” Reyes said.

It starts with the developer experience, which organizations often don’t take into account, he said, but added is critical because removing friction when building capabilities fosters innovation and accelerates implementation of new technologies. Then, the agency must analyze where process changes might be needed across all the people and organizations that interact with or use the app in some way: IT teams, security analysts, compliance teams and end users, both internally and externally, he said.

The goal is to look across the complete chain and identify both where processes can improve and also how the cloud can aid in that, Reyes said.

“At the end of the day, optimization ensures that there’s consistency across your operating model,” he said. “You have a consistent view and access across data regardless of where it resides. You have a consistent experience regardless of where, how and who uses the application. The Cybersecurity and Infrastructure Security Agency, for example, needs normalized data so it can properly assess cyberthreats. CISA professionals need a consistent experience regardless of where and how they access an application. Having this consistency demonstrates reliability and resiliency of the workload, all of which are really important.”

Cloud Migration Phase 4: Refactor

Refactoring is “where you start to get your hands dirty,” Reyes said.

It’s time to take the plans laid out during the earlier phases and begin the work of making code, infrastructure and process changes as the agency in earnest begins moving services to the cloud.

The key piece here is gaining momentum and embracing an agile development, security and operations (DevSecOps) model where an entire team is involved throughout the process and the agency is continuously and consistently improving, he said.

“What I ask of my teams is, ‘Regardless of when your engagement ends, leave the customer with an evolutionary mindset’ — that IT modernizations are iterative, not one-time events. They’re going to constantly be revisiting the environment as new technologies and threats emerge.”

Cloud Migration Phase 5: Mature

Being able to continuously revisit the agency’s apps and processes depends on metrics. Telemetry and visibility play critical roles in monitoring and continuous improvement, which are key to the last phase of the STORM cloud migration framework — the mature phase, Reyes said.

As with the earlier parts of the framework, it’s important to continue to track apps and services across their full chain of users. “You’re monitoring to make sure your code is secure,” he said. “But also from the operation side, is it working as it’s intended to and is it compliant? Is the user delighted with the application? How are we managing costs? Can leaders share information and make decisions across government in partnership with other agencies?”

That final mature phase is essentially ongoing and allows the agency to continue to improve and then to scale use of the framework to other apps and services, Reyes said.

It’s exciting work for Reyes, who early in his career spent 10 years in the government, much of that working in the Department of the Navy.

“One of the superpowers that government has is its resiliency, its ability to resist change good or bad. Because of that, change can be slow but we’re seeing great progress,” Reyes said. “By partnering with systems integrators, like Maximus, federal agencies can accelerate their digital transformation and adapt to new threats, emerging technologies and developing citizen services.”

Discover more about how to improve, secure and expand customer service in the Forward-Thinking Government series.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    (Getty Images/Wavebreak Media/Wavebreakmedia Ltd)

    Tips for agencies to improve cloud security posture

    Read more