cloud strategy

How the SEC is crafting its cloud modernization strategy

Creating a common language and architecture for cloud operations helped the Securities and Exchange Commission in its efforts to move systems and applications into the cloud.  At a Jan. 30 FCW cloud event, Michael Fairless, branch chief of servers and storage at the SEC, said he thinks integrating technology, processes and people are the three keys to developing a successful cloud strategy.

“We are going to need more programmers if we automate our systems,” Fairless said.  “You need to take the technology pieces and make them all work together.  As you start to think about your cloud environment, you become in essence a broker.”

The SEC developed a formal cloud strategy late last year after working with software-as-a-service providers to move some tools into the cloud.  The agency is building the core infrastructure in the cloud by getting “operational and security services” up first before tackling some more complicated migrations.

“We have been pseudo-indoctrinated into the cloud, but we finally started to finalize a strategy and started to focus on what we can and what we should focus on next,” Fairless told GCN after his presentation.  “Our first implementation is going be probably going to be storage because we are looking at using cloud for archive and backup purposes.”

Fairless said he believes moving SEC’s data centers into the cloud will create cost efficiencies that will help the agency shift other applications and systems to the cloud.  The agency is considering more SaaS applications and exploring disaster recovery as a service.

Legacy systems that are near the end of their government contracts are also cloud migration candidates. Fairless said his agency is looking into whether some of the legacy systems need a cloud environment and how they would need to be modernized if they do migrate.

The SEC is using Amazon Web Services as its primary cloud provider, but it considering Microsoft Azure as well.

“From an infrastructure and support perspective, we felt it was necessary to figure out AWS first since our principal server for is in AWS,” Fairless said.  “We are talking with Microsoft about we can do in the coming years as we start looking at the Office services, and they have a whole host of services focused on analytics as well.”

While the SEC plans to move a multitude of services to the cloud, governance structures remain a challenge.

“We have everything from Salesforce to other vendors who are providing niche and focused services,” Fairless said.  “We need to figure out how we’re going to ensure proper governance in the SaaS implementation because we don’t necessarily get access to the inner workings of the services that vendors provide.”

For now, the SEC is operating a hybrid cloud environment, but Fairless said he doesn’t think that there’s any system that SEC can’t move to the cloud. The agency has virtualized 95 percent of its systems so far.

“The leap from virtualization to cloud services isn’t insignificant, but it is linked,” Fairless said. “The challenge for some of the systems that are older is that you have to first figure out how to break the linkage from the physical hardware before you can think about what is next," whether that's moving to the cloud or "redesigning it from the ground up.”

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.