When U.S. Citizenship and Immigration Services (USCIS) began moving to the cloud in 2014, much of the agency’s cloud movement was “lift and shift” – simply moving workloads as-is to the cloud. Over time, IT staff trained themselves on cloud operations and began to take greater advantage of the flexibility and scalability that cloud computing offers.
After several years, agency leadership tasked the Office of Information Technology (OIT) to digitize all of the agency’s immigration benefits processes. Around that time, IT leaders realized that they needed stronger governance and standards around cloud. They moved to domain-driven design, which allowed IT to work across the agency’s directorates.
“Domain-driven design enabled us to work across the IT architecture, teams, and communications channels,” said Rob Brown, USCIS chief technology officer. “We began to understand what development teams were doing across the agency. As a result, we began to consolidate teams, platforms, and toolsets – taking advantage of opportunities to reuse capabilities instead of buying more.”
Then, last year, immigration services were curtailed because of the COVID-19 pandemic. Unlike most other Federal agencies, USCIS is self-funded through fees collected for the provision of immigration and citizenship benefits – not through congressional appropriations. With USCIS offices closed, fee collection dropped precipitously, and agency units were tasked to employ cost-saving measures.
At OIT, leaders developed a cost-management strategy, as well as a 90-day Operation Cloud Control (OCC) project to realize immediate savings and establish processes to lock in those savings moving forward. Moving to reserved instances alone saved more than $2.5 million during 2020-2021. In total, the OCC project saved nearly $4 million during the same time frame.
Through the OCC project, OIT educated staff about the need to rightsize cloud instances, and it created dashboards to measure progress, which were visible to IT teams as well as executive management.
OIT also re-architected applications to operate more effectively in the cloud, and it rolled out design-cost principles and policies. Those policies are enforced by Robotic Cloud Automation (RCA), a library of serverless cloud automation solutions developed by Simple Technology Solutions (STS) that leverages Amazon Web Services’ (AWS) native tagging capabilities and Lambda scripts. The library is a one-time cost to USCIS, rather than a recurring expense.
RCA automatically identifies cloud sprawl using those tags and governance-as-code, and, in contrast to other solutions, then remediates cloud instances, environments, and resources that are over-provisioned, over-scheduled, or not compliant with the agency’s usage standards. Remediation actions include moving to reserved instances, autoscaling to accommodate spikes in demand, and more.
“USCIS’s design-cost principles and policies are manifested in the Lambda scripts,” noted Aaron Kilinski, principal and chief technologist at STS. “Not only do the scripts ensure good cloud hygiene across the enterprise, but they also enable USCIS to take advantage of the operational agility and economic advantages of AWS’s consumption-based model.”