Tips for a secure data migration for agencies
The Department of Defense faces a huge challenge this year when the agency plans to move the data of more than one million users from its own virtual workplace to a Microsoft 365 US Government Community Cloud (GCC) environment. . With the high volume of sensitive data that must be protected and preserved during the migration process, the stakes are high. While this project and others like it are certainly complex, steps can be taken to ensure successful cloud migrations for government agencies.
Unique considerations and common challenges
Basically, the process of migrating to the cloud is the same for a government agency as it is for a private company. However, there are a few important considerations for government migrations. Managed Service Providers (MSPs) and internal migration owners engaging in government migration will need to be aware of the approval processes, permissions, and strict requirements. These may vary depending on whether the project is for a local or federal government agency.
For example, anyone involved in a GCC migration or providing assistance must be a U.S. citizen, and data cannot pass through data centers outside of the United States during the migration. Team members go through intensive work background checks, education checks, criminal records, Social Security research and more. Tools used on the project, including all software and connectors, must be licensed and certified as compliant with the Federal Risk Management and Licensing Program (FedRAMP), which provides a standardized approach to the security assessment, authorization and ongoing monitoring of cloud products and services.
It is important to ensure that everyone working on the project is fully aware of the finer details, as contracts are based on a detailed Request for Proposal (RFP) process. When migrating sensitive data in a government setting, individuals can become personally responsible for errors and missteps, and at the federal level this could result in federal fees. For example, sensitive site data cannot be stored on any type of removable media or transferred off site. If this data were lost or made public, the person responsible could be subject to criminal prosecution.
Good migration practices
Two of the most important factors for a successful government migration are preparation and communication. Many government IT officials often feel pressured to access the cloud as quickly as possible, and they may come up with workaround scenarios to expedite project completion. But this approach often leads to downstream problems. Any kind of change in a government setting will be a long process and IT teams often need help adapting to the changes brought about by a cloud migration. Engaging an MSP partner to help them adjust their mindset and practices can be essential for a successful implementation.
It is especially important to ensure that proper security is included from the start and that all contract requirements are taken into account. You have to know if the data is encrypted and more precisely how the data is transported.
Another imperative for success is to plan and execute an effective change management campaign. This can vary by organization, but should include frequent communication with staff and other relevant parties about what is changing, why, and how it will impact their work. An important part of this is good communication about new security protocols and ensuring that there is a process in place to confirm that everyone knows and understands the changes.
In addition, a pre-migration assessment provides the information needed to put in place an effective migration plan. It offers a better idea of the number of users that will be migrated, systems in place, potential points of failure and provides an estimate of the cost and schedule of the project. Evaluating the migration project can help identify the different versions of software in use and the upgrades needed to ensure seamless integration of new applications and technologies. For example, the single sign-on process being implemented can work on Outlook 2016 and later versions, but a particular service can still use Windows 7 and run Outlook 2013. Without upgrades, the migration will fail.
Finally, proper documentation of the entire process – tools used, actions taken, security protocols implemented, communication with users – will help ensure success. Any decision regarding the project should be fully documented and recorded. For example, a project may initially request the implementation of “Solution A” for its two-factor authentication configuration. However, the IT manager may later decide that they want to use “Solution B” because it aligns better with their preferred applications. Therefore, the entire process change should be recorded, documented and signed off by all parts of management. With the complex requirements in a government setting, it is essential to have this record to fall back on should problems or questions arise.
Common mistakes to avoid
As with any complex process, migrating massive amounts of data comes with pitfalls. These are some of the most common mistakes to avoid.
- Lack of communication with end users. A comprehensive communications plan is needed to manage the expectations of moving data into the new environment. Let end users know when this will happen, what the effects will be and what training is available. An often overlooked aspect of the communications plan is selling the migration to users. Let them know what they get in it and why this change will make their life easier. The more users are invested in the migration, the more successful it will be.
- Underestimate the time. Every migration has its own challenges to solve, and not all are easily predictable. Ideally, migration tasks will run overnight or on weekends, when the potential for user disruption is lowest. But migration does not always take place in a straight line. This is why it is important to allow extra time to take into account the unforeseen. The negative effects of underestimating the weather can be disastrous. Rushing to complete a job on an unrealistic schedule increases the risk of missing data. In the rush to stick to a compressed schedule, you might not have enough time to find and fix issues, then validate the process. Speeding up a migration can also hurt end users. Without the necessary communication and training, they could enter a new environment without preparation, leading to confusion and loss of productivity.
Useful Tools and Capabilities
Using software as a service (SaaS) based automation tools to support migration can help ensure a smooth process and a successful outcome. These IT tools can automate a pre-migration assessment to ensure compliance, and then automate the process of moving datasets to the cloud. Automation not only reduces the long and expensive manual labor that would be required to achieve similar results, but also reduces the risk of human errors. Assessment tools can also be used on an ongoing basis to ensure compliance is maintained over time, an important requirement in a government setting.
Having the right mindset can influence a positive outcome. It is important that members of the migration team think about the project in human terms and not just in bits and bytes of anonymous data. Understanding that they are migrating people – their professional identity, the products of their work, and their entire working life – helps instill a greater sense of responsibility for doing things right.
While the stakes are high in a government migration to the cloud, following best practices, understanding unique requirements, and leveraging automation tools can help ensure that the project is as smooth as possible and highly successful.
Mark Rochester is the Principal Product Architect at BitTitan, where he works closely with the product management, sales and marketing teams to create cutting-edge products and features that address real-world issues. Mark specializes in cloud and infrastructure systems and environments, SaaS and Microsoft Azure, Exchange and Office 365.