cloud migration (MJgraphics/

Taking on cloud migration risks

Transferring the Homeland Security Information Network to the cloud only took seven hours, but the team behind the move made extensive preparations for potential complications. Damon Bragg, HSIN service operations manager, explained the biggest risks posed by the move during a June 20 panel at the AWS Public Sector Summit.

The first risk involved the timeline of moving from the data from a Department of Homeland Security data center to the Amazon Web Services GovCloud.   

“We were able to slide the [deadline] by five weeks," Bragg said. "We hadn’t secured the right security operations center, so we had to go back and we rework it. We needed to go back and make sure that we had the right eyes on the system at all times."

But, Bragg said, “once we identified the proper [migration] solution and a backup solution, we became rock solid at that point, but that risk rode us the duration of the project.”

Operational responsibility was new risk HSIN faced because it was leaving the “warm and fuzzy nest” of the data center.  To make the move quickly, Bragg said his team worked with contractors to create a DevOps team “to help us decide … how we could make the move,” Bragg said. “We had a confident federal staff and fully engaged contractors who were willing to work across some of the grayness to help us get where we needed to be.” 

The HSIN team also realized that its plans for using infrastructure as code to manage configurations and automate provisioning of infrastructure didn’t work as expected. After a year spent trying to “automate everything,” the team decided to focus on applications that were mission critical.

Lastly, the move to the cloud meant that HSIN was making a major change in its security posture by getting Federal Risk and Authorization Management authority to operate through the AWS GovCloud.  Bragg encouraged other agencies thinking of moving to the cloud to test the security capabilities of the environment “repeatedly and often.”

“We stuck to good IT practices and project management,” Bragg said. “Once we started to do that, we got into a good rhythm where we were able to achieve our objectives.”

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected