Virtualization Technology News and Information
How to Approach Data Migration for Government Entities
By Mark Rochester, Principal Product Architect, BitTitan

In June 2021, the U.S. Department of Defense faces a tall migration task. The mammoth agency plans to move data for more than 1 million users from its own virtual work environment to a Microsoft 365 U.S. Government DoD cloud environment. The large amount of confidential data that needs to be protected during the migration process poses significant complexity for those overseeing the move.

While the project is sure to be challenging, the right approach can help ensure success. A few proven steps can be applied for a more seamless transition.  

The Migration Process

In contrast to "normal" cloud migrations for private companies, government-agency migrations have a bevy of stringent compliance regulations to meet, as well as their own designated cloud destination. For organizations ranging from the Department of Defense to a small-town fire department or police station, these projects are migrated to a Government Community Cloud (GCC) environment. This government-focused destination is separate from the commercial environment where other tenants such as small businesses, enterprises and academic institutions reside. There are two operating GCC levels: the standard GCC environment and GCC High for high-security agencies like the Department of Defense and other federal contractors.

In addition, the Federal Risk and Authorization Management Program (FedRAMP) is a resource that provides a standardized approach to security assessment, authorization and ongoing monitoring for cloud products and services.

A rigorous approval process must be completed prior to beginning these projects for staff vetting and to outline the compliance regulations to meet. For GCC High projects, for example, people working on the migration must be U.S. citizens who are located in-country and not contract resources. Projects for local government agencies do not have these same restrictions for vendors that access those systems. It's important to note that no agency can simply buy a GCC license. There is an approval process and only certain partners are allowed to sell these licenses.

At the beginning of a government migration project, companies generally work through a detailed RFP that's driven by the FedRAMP guidelines and outlines the service provider's responsibilities. As government agencies are responsible for their own compliance, the level of compliance inside the agency means that if a staffer does something wrong, they become personally liable for errors that are made, and are subject to consequences at a federal level.

Migration Challenges

While there is some commonality to the migration process - in terms of knowing what data you're working with, prioritizing applications, baking in rather than bolting on security measures - migrating GCC clients comes with a much higher burden of responsibility. It's important that processes are closely followed to avoid liability for any issues that arise.

A particular challenge working within government agencies is staffing. Given the requirement for strict background checks, it's incumbent for everyone involved to be properly vetted prior to beginning the project and to have an understanding of the complexities of the migration. It's virtually impossible to bring in staff during critical times unless they've been fully authorized and informed, especially when you're under the gun to meet project deadlines. Neglecting to do proper vetting and prep work can lead to project delays.

Additionally, it's critical to make sure the tools provided to the team meet compliance requirements, as this will help avoid later pitfalls.

Best Practices

With government migrations, there is a significant element of cultivating a change management process, and clients must be prepared accordingly. Chances are government IT managers want their migration project completed as quickly as possible. However, changing anything in any kind of government or agency is a long process. Attempting to expedite the timeline and circumvent any established processes or protocols is the wrong approach.

Discipline is essential to get things done properly. Fully architect the migration. Refer often to the RFP and refer back to compliance guidelines on security models that require you to operate in a particular way. Doing so only protects you in case something goes wrong. Refuse to take shortcuts for any reason.

Communication is also critical and staff awareness is key. There's a responsibility that comes into play to assure that the end users are brought up to speed on the various security protocols that must be followed. Make sure this training is provided to them and document it accordingly. If you can't prove this training was provided, it opens you to liability if these security processes aren't followed.

Similarly, any decisions around the project must be fully documented and recorded to protect all parties concerned. This will help ensure that every decision was made in accordance with the responsibilities outlined in the RFP, and that end users will adhere to the agreed-upon processes for maintaining security.

The Human Factor

The bottom line is that successful migrations come back to the human factor - empathy and understanding - that is applied while managing the project. It's not just data that's being migrated - it's someone's professional identity. And in the case of government organizations, it's highly sensitive information used by governing bodies. If you approach any migration with the appropriate level of empathy, understanding and respect, you will achieve success in the execution of your cloud migration, regardless of the stakes.


About the Author

Mark Rochester 

Mark Rochester is the principal product architect at BitTitan, where he works closely with the product management, sales and marketing teams to build market-leading products and features that address real-world problems. A seasoned service delivery professional with experience at some of the world's largest enterprise service providers, Mark specializes in cloud and infrastructure, SaaS, and Microsoft Azure, Exchange and Office 365 systems and environments. 

Published Friday, January 15, 2021 7:48 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>