DHS Wants Input on Its Massive Move to Cloud

In an effort to replace costly and aging technology and rightsize its data center footprint, the Homeland Security Department (DHS) is looking to shift significant portions of its $6.8 billion IT portfolio to the cloud, according to a request for information to industry.

In the RFI, the department makes clear that its sights are set on a hybrid IT, multi-cloud approach that is federated and vendor-neutral. “As of December 2018, via stretch goals set by and committed to by Components, a total of 171 of 628 (26%) systems are currently either planning, in development, actively migrating, or operational in the Cloud, and expectations of further growth in this number in FYs 19 and 20, the RFI noted. “The take away is a broad-based, Component-led, DHS-wide adoption and move to the Cloud that is multi-year, robust, and well underway.”

The department’s contract for its computing facility known as Data Center 2 expires in June 2020. More than 50 percent of systems in that facility will migrate to cloud service providers. But DHS components have expressed challenges and high risks associated with the plan to be out of that facility by the 2020 deadline. The department is still deciding the fate of nearly 30 percent of the systems in that data center.

Simultaneously, DHS is rightsizing its footprint in its Data Center 1 facility to ensure that it is optimized.

The purpose of the RFI is to:

1. Inform potential industry partners of the intent to modernize legacy IT compute and storage, migrate to the cloud and optimize the remaining DHS data center environments.
2. Incorporate feedback on cost-optimizing, innovative and substantial ways to fulfill those goals.
3. Obtain information on vendor offerings in experience, expertise, and technology for modernizing and migrating infrastructure and mission-critical applications and services to the cloud, and optimizing remaining data centers while ensuring a seamless and improved end-user experience.

DHS acknowledged the need to update its enterprise security model, internal policies, and architecture to promote modernization and migration to the cloud.

The Cloud Steering Group (CSG) established by DHS focused on furthering this migration by “encouraging collaboration and accountability: identifying and addressing barriers, ensuring the sharing of lessons learned and best practices, improving repeatable and agile processes, reuse and sharing of capabilities, and supporting increased unity of effort.”

This “unity of effort” is necessary for the cloud strategy because various components are moving to the cloud in different stages and need to be organized efficiently:

The most requested feedback DHS receives is to create an optimal approach to establish and maintain an Authority to Operate (ATO) in the cloud. This includes updating network security, such as Trusted Internet Connections (TIC) and Policy Enforcement Points (PEP) and automating workflow and documentation, among others. When an ATO is issued, it means that a senior-level official at the agency, known as the authorizing official, has granted a cloud provider permission to operate its services or products on government systems. When an ATO is issued, it also means that the official has assumed any risks that come with that cloud service.

Interested parties should read the RFI  and send responses to questions to [email protected] no later than 5 p.m. on March 20. Here are two examples of required questions that respondents will have to answer:

• DHS is considering an overall 10-year period of performance for associated procurement(s). What is your perspective regarding the contract base period and option periods? How would new and innovate services be added to the procurement structure based on evolving requirements?
• Describe innovative methods DHS can ensure Continuity of Operations (COOP), Disaster Recovery (DR), and related data portability while operating in a devolved state, with some systems migrating to the Cloud and others residing within data centers. What are some industry best practices for managing COOP across various platforms, environments, and business operational missions?

Here are two examples of optional questions:

• Describe any services you offer to help assess and establish infrastructure and application readiness to modernize and migrate to the Cloud and develop appropriate options and plans to modernize and/or migrate. Describe workforce, programmatic, enterprise and solution architecture, technical and business case aspects of such assessment and planning services.
• DHS recognized the centrality of developing our workforce to support realizing targeted outcomes and is looking for best practices, lessons learned, and innovative approaches. What strategies and approaches should DHS consider in this regard?