Cloud Readiness Assessments for the Government
Background
Federal mandates like the Cloud Smart Strategy (OMB, 2019) require agencies to modernize IT systems, moving to cloud “when it makes sense” — not blindly. Cloud Readiness Assessments help objectively determine whether an application, system, or organization meets modernization criteria or requires remediation. Without a CRA agencies risk encountering cost overruns and operational failures.
Our Approach
Samtek offers a structured and scalable Cloud Readiness Assessment (CRA) designed to evaluate an agency’s technical, operational, and security posture before migrating or expanding to public cloud services. This assessment provides a data-driven foundation to inform cloud adoption and transformation strategies, identify modernization priorities, and reduce migration risk aligned with the Federal CIOs Cloud Smart strategy and principles. Due to privacy and confidentiality considerations, we are only able to provide (at the end of this section) a partial sample Cloud Migration Assessment Report from a smaller environment as an example of our usage of industry-standard frameworks like the AWS Cloud Adoption Framework (CAF) and tools like the AWS Migration Evaluator.
Our CRA is typically segmented into the following core domains:
| Domain | Assessment Focus |
| Application Portfolio | Inventory, Cloud Suitability, Dependencies and Modernization Opportunities |
| Infrastructure & Network | Connectivity, bandwidth, latency, segmentation, topology readiness |
| Security & Compliance | FedRAMP Alignment, Identity & Access Management, Audit Logging, Encryption etc. |
| Operations & Tooling | Monitoring, provisioning, patching, backups and DR |
| Organizational Readiness | Workforce skills, governance model, change management, training needs |
| Financial Planning | Cost Modeling, chargeback/showback, procurement strategy |
We use a “Cloud Readiness Maturity Model” to score each domain on a scale of 1-3 (Not Ready, Partially Ready, Fully Ready) enabling prioritization and estimation across workstreams. We deploy automated tools to perform infrastructure and application inventory, dependency mapping, and data flow diagramming. We rely on existing CMDB data for mapping application infrastructure to stakeholders. Our typical CRA lasts between 8-12 weeks assuming deployment of automated discovery tools is feasible, and all required application and customer data is available, along with stakeholder availability.
Tools Used
Application Discovery: AWS Application Discovery Service, Azure Migrate, and Flexera Cloud Migration Platform.
Network Assessment: iPerf, NetFlow/SFlow Collectors, Traceroute Analysis, Packet Captures (Wireshark/Tshark).
Security Review: Cloud Native Tools like AWS Security Hub and Open-Source frameworks like InSpec, OpenSCAP.
Customer Involvement:
We anticipate requiring access to key stakeholders and SMEs (application owners, security officers, infrastructure leads) regularly through the assessment process. At the very least we anticipate participation in workshops and data collections. Typically, this is 2-4 hrs. per stakeholder over a 2–3-week period.
Network Connectivity & Cloud Peripherals
As part of the CRA our team performs a thorough assessment of existing network configuration and cloud peripherals including:
- WAN and LAN capacity: We measure throughput, latency and packet loss to determine cloud access visibility.
- Firewall and Proxy configurations: Ensure appropriate ingress and egress traffic to needed cloud endpoints.
- Routing and segmentation policies: Ensure secure VPC/VNet integration and segmentation of production/non-production traffic for all network tiers.
- Availability of DNS, NTP, Identity Providers and other core services across the hybrid and multi cloud environment in a latency and cost optimized configuration.
- Cloud Interconnect options and colocation routes to ensure connectivity to workloads and data across the hybrid / multi cloud environment is seamless.
Our deliverables in the network connectivity phase of the CRA include:
- Cloud connectivity options matrix.
- Recommendations on bandwidth upgrades or changes to SD-WAN overlay design.
- Hybrid DNS and Identity Integration Plan.
Security of Assessment Data
As a trusted partner to Federal agencies that store and process petabytes of sensitive information including Protected Health Information (PHI) and Personally Identifiable Information (PII), Samtek takes a security-first approach to protect all customer and corporate data, including any data collected or generated during a Cloud Readiness Assessment (CRA). We take the following measures to ensure our customer’s data is always protected:
- Data Encryption: All collected data is stored in AES-256 encrypted repositories at rest. All data transfer is performed using encrypted protocols like HTTPS over TLS 1.2+
- Limited Data Retention: Assessment artifacts and data are retained only for the duration of the engagement, unless otherwise agreed (explicitly).
- Access Controls: Role-based access control is enforced for the project team and stakeholders. Our internal document repository is secured by default, and all access requests are reviewed and approved by an internal security officer.
- Customer Owned Systems: Where possible, all scans and data collected tools are executed within the customer’s network, with no external transmission, significantly limiting the risk of data exposure outside the customer’s environment, and subject to all security / zero trust controls enforced in the customer’s ecosystem.
- Compliance: All our CRA efforts comply with agency risk safeguards, federal policies, and any customer-defined data handling policies.
- Identifiable Information: No PII is collected during the CRA, some basic infrastructure metadata like IP addresses, subnets, and Fully Qualified Domain Names (FQDNs) are typically captured during the network and application discovery phase, but these are never shared externally and only used to perform CRA activities.
Sample Assessment Report
A redacted assessment report is attached here for your review, if you are interested in having Samtek perform a Cloud Readiness Assessment for your organization, please reach out to us at: cloud@samtek.io
