FEMA INFORMATION SECURITY AND CLOUD SERVICE INTEGRATION

FEMA Information Security and Cloud Service Integration

May 18, 2020

PHOTO BY SAULT LOEB AFP VIA GETTY IMAGES via KPBS.org — *PHOTO BY SAULT LOEB AFP VIA GETTY IMAGES via* *KPBS.org*

FEMA is a critical part of protecting the U.S. from disasters. The agency was founded to help people before, during, and after disaster strikes. The agency is responsible for developing comprehensive disaster relief plans to coordinate government-wide relief efforts and bring an orderly and systematic means of federal natural disaster assistance for state and local governments in aiding their citizens. FEMA has an inventory of approximately 94 authorized major and General Support Systems that were built to address a variety of mission needs. Therefore, the security of FEMA’s assets and information is absolutely critical to preventing crushing disasters from devastating cities and populations all over the U.S.

In order to enhance and fortify FEMA’s readiness and support its mission, FEMA needed to address management weaknesses and improve its system’s challenges in managing IT. So, they began adopting cloud technologies. In 2008, FEMA contracted to migrate and Web-enabled the legacy systems in order to enhance the customer experience and reduce complexity, the majority of FEMA systems were integrated into a single system. However, this resulted in an increased interdependency between systems and increased the overall complexity of the environment. FEMA needed to develop an approach to build the framework to start planning long-term development of Cloud services.

In 2019, AITHERAS provided comprehensive development and support for FEMA Cloud services that included infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) Cloud environment configuration, migration planning and support, user training, Cloud environment deployment, and Cloud brokerage. This process consisted of analysis, long-term strategic planning, and development:

ANALYSIS:

An assessment of systems and applications to advise FEMA on the optimal strategy to migrate these systems to, from, and within FEMA Cloud Operations.

Assessment and analysis were conducted of the business process and requirements for CLOUD projects, network impact for each application-specific migration, TDL Hardware and infrastructure footprint for End of Life hardware, alternatives for improving end-user services, and data storage, and Alternate Processing site(s).

A comprehensive inventory of FEMA TDL assets to be migrated was conducted. An analysis of alternatives that explore strategies for continuously improving end-user services and data storage was conducted.

A network impact analysis for each application-specific migration that addresses requirements for network connectivity, bandwidth, and latency, as a component to the Systems and Applications Assessments resulting in recommended network Service Level Agreements (SLAs) and Operational Level Agreements (OLAs) for end-to-end connectivity, to include routers, gateways, switches, firewalls, load balancers as well to ensure network performance between users, applications, and Cloud services.

LONG-TERM PLANNING

FEMA received a detailed cloud migration plan for each application or system to be migrated. Identified cutover procedures and contingency planning for fallback to the legacy environment should the initial cutover be unsuccessful. Reviewed, analyzed, and elaborated the business process and requirements for Cloud projects and assessed that the technical requirements are satisfied and aligned with FEMA management standards and guidelines and provide recommendations to inform business requirements development and support the development and update of use cases and process flows.

AITHERAS provided decomposition of identified systems and applications to identify common functions and services (e.g., microservices, application programming interfaces [APIs]) that can potentially be migrated to the Cloud, and identification of potential shared services.

DEVELOPMENT

A migration approach and plan was developed that was both technical and strategic for each system to be migrated. This also addressed FEMA’s application integration, security, and privacy. AITHERAS executed the migration, managing, tracking, and validating as well as appropriate decommissioning of applications and systems. AITHERAS also provided support for the development of FEMA Directives, Instructions, and standard operating procedures (SOPs).

An Integrated Master Schedule was developed that defines the timeline, tasks, dependencies, and resources. This process included project-planning workshops with FEMA to design and validate the system’s migration process.

A detailed move package for the application system was developed for the migrating application system. This identified interdependencies between FEMA application systems. We defined post-migration test activities that tested the new hosting environment, all partners, application support contractors, and locations for each application system.

Overall, with the combination of analysis, long-term planning, and development, FEMA’s new cloud migration services allow them to move forward with mission-critical initiatives. Through the implementation of these services, FEMA’s readiness has been enhanced, IT management weaknesses and system challenges have improved, and FEMA now has a strategy and process for successful, long-term cloud service usage.