The Transportation Security Administration’s updated cloud strategy stresses that adaptations at the agency will range from ensuring cybersecurity infrastructure is up to par to making sure acquisition staff have the training to procure the right technology.
The agency said it’s adopting a “Cloud First” strategy for all new IT services, while a “Cloud Smart” strategy would cover “existing applications with mission critical systems utilizing a private cloud” as “other applications will be migrated to the public cloud over time.”
“Cloud computing will impact not only every aspect of IT but also the operations of TSA. The TSA Cloud Strategy outlines the change from an asset-based to a service based IT delivery approach and how this transformation will make TSA more efficient in achieving its mission,” the agency said. “To make the most of this new era of IT, TSA requires access to seamless, flexible and secure solutions that simplify the integration, configuration and deployment of cloud services.”
TSA said its cloud vision is hinged on the principles of building a culture of innovation, adopting only TSA-approved cloud services, utilizing Software as a Service (SaaS) as the primary approach to cloud implementation, retiring or replacing legacy applications, enabling a mobile workforce, and fostering ways to more efficiently manage TSA data.
“For example, TSA’s plans to implement Advanced Passenger Screening capabilities are dependent on the ability to collect and analyze large amounts of data. Therefore, elasticity of storage and computing capability available through cloud solutions is essential to success,” said the strategy. “In addition, TSA will continue to develop data classification and security standards that ensure compliance with relevant security and user requirements.”
TSA will require compliance with FedRAMP certification, an open, flexible architecture, and integration to ensure the agency is “optimizing existing and future investments, reducing complexity and transcending boundaries.”
The agency plans to operate in “a cloud computing environment that uses a mix of on-premises, private cloud and third-party, public cloud services.”
“Deploying new ‘cloud native’ services and migrating existing services to cloud-based solutions will take considerable time and effort. TSA is establishing a set of base services and will deploy cloud solutions to a heterogeneous mix of environments. TSA will focus on delivering timely solutions with enhanced security and performance at a lower cost to the Agency,” the strategy continues.
The implementation plan includes last year’s establishment of the agency’s Digital Services Team, establishment of a Cloud Team to serve as the hub for transformation activities and vendor management, and application analysis and discovery to make sure “that IT understands TSA operations in order to effectively build or refactor applications for cloud migration.”
“In some cases, cloud solutions will not be appropriate, and it will be necessary to build and/or maintain applications in the OHS Data Center. For this reason, the cloud team will implement a hybrid cloud network in which the public cloud provider is connected to a private Multiprotocol Label Switching (MPLS) circuit,” the strategy states. “Using this model, cloud-based applications can access legacy on-premises services while still gaining the benefits of a cost-efficient, modern and agile infrastructure.”
The plan of action stresses the importance of bringing in other stakeholders to ensure a comprehensive process, building a core cloud infrastructure with Salesforce as the first production instance for Saas and Microsoft Azure Cloud Services for the first production applications, putting security measures in place, ensuring a governance process is followed, and taking steps to prepare for migration to the cloud — namely, “rearchitect, refactor, rehost, retire, retain.”
“TSA intends to implement a security solution to safeguard systems and reduce the effect of attacks,” says the strategy, citing deterrent and detection controls.
During the cloud migration process, TSA will be studying potential skills gaps in their workforce and other impacts of the move to cloud platforms.
“For example, migration to cloud technologies may reduce needs for IT hardware management but increase the need for programming skills in the use of Infrastructure as Code,” the document notes. “TSA will also need to equip the Agency’s acquisition staff with additional skills and knowledge to keep up with the ever-expanding list of technology options available to procure.”
While the TSA is encouraging industry partners to review the strategy “and consider the philosophies that are discussed herein when responding to future requirements that support the Agency’s Cloud Strategy,” the agency isn’t currently asking for feedback.