recommended reading

When NASA Moves Its Websites to the Cloud, Everyone Watches


A project to move NASA websites and applications to the cloud has successfully migrated over 1 million pieces of content, completing its first phase, managers announced. was among more than 100 sites and apps that made it to the Amazon Web Services-powered cloud in the project’s first 22 weeks, according to InfoZen, the company managing the migration. The environment uses the open-source cloud-based Drupal content management system.

“We like to think it was done in a record time,” InfoZen CEO Raj Ananthanpillai told Nextgov. “It’s saying that once you have your act together, you can do this in a short amount of time. It doesn’t require years of implementation.”

InfoZen is managing the migration under the $40 million WESTPrime contract it initially won in 2012. The company was unable to get started on the job until earlier this year, however, due to an unsuccessful protest of the award.

About 20 percent of the first-year costs went toward the migration and transformation, and the agency is saving more than 25 percent a month to operate the migrated resources, the company said.

NASA Demurs on WESTPrime Mandate

WESTPrime was unscathed by an otherwise critical inspector general report last year that cited management and other problems in the agency’s cloud computing environment. The IG report said the Federal Risk and Authorization Management Program-compliant WESTPrime contract was good and only suggested its use be mandatory across NASA components -- a move the agency ultimately decided against.

“It was great to have that particular IG report saying this is a good contract that got all of the requirements correct,” said Roopangi Kadakia, NASA's Web services executive. But, she added, WESTPrime is “not a one size fits all.”

NASA’s former and current chief information officers “made a conscious decision -- and I definitely think it’s the correct one -- not to mandate the use of it, even though the IG report said that,” she told Nextgov’s Jack Moore on Thursday during a viewcast.

“Each application has to be looked at from where it is in its lifecycle,” she said. “That’s the only way you can find out if it’s the right time for that application to be considered for the cloud.”

Kadakia said NASA CIO Larry Sweet’s solution was to “strongly encourage” NASA divisions to use the contract. “If you can come up with a reason why this isn’t going to work for you, then that’s a different story, but we really want you to consider this first," she said.

' Could Not Go Dark'

InfoZen’s Ananthanpillai said figuring out how to migrate numerous, dispersed sites running on proprietary systems was like changing a tire on a moving car. “ could not go dark,” he said. “None of this could go dark for us.”

The initial migration involved a redesign of the portal -- which itself includes multiple sites. The remaining sites were migrated “as-is” so the agency could still save on infrastructure, Ananthanpillai said.

The space agency has more than 1,500 public-facing websites and 2,000 intranets, extranets and applications, and the agency’s data offerings and holdings are huge.

“These guys have probably the most expansive list of Web assets,” Ananthanpillai said. “That’s one of the reasons why everyone’s looking at them for lessons learned.”

(Image via brainpencil/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.