This article originally appeared on Government Technology Insider.
The Department of Defense (DoD) has spent years advancing cloud modernization— from upgrading its personnel and pay management system to supporting the Army’s logistics operations, where cloud migration improved materiel readiness by consolidating more than 40 databases and dozens of applications, enhancing data access and cybersecurity across a globally distributed supply chain. While these efforts strengthen connectivity and operational reach, migration alone does not equal modernization. Simply relocating legacy applications can carry technical debt and operational constraints into new environments. True cloud transformation requires a foundational shift in architecture, security, and mindset that prioritizes adaptability and resiliency, as well as mission outcomes, over speed alone.
The limits of lift-and-shift
“The heart of the problem is legacy systems,” said Ray Hall, Managing Director of Technology Services for Maxmius. “Many mission-critical systems still run on decades-old hardware, or they have been lifted and shifted into the cloud as giant monoliths.”
A lift-and-shift approach may accelerate initial timelines, but it preserves architectural limitations that hinder scalability and automation. “Because those applications were never refactored to be cloud agnostic, they can’t scale horizontally, and blue-green deployments or Kubernetes-style orchestration become impossible,” Hall explained. To unlock the cloud’s full potential, Hall stresses re-architecting, before migration: breaking applications into microservices, standardizing data models, and aligning funding decisions around mission outcomes.
Security, compliance, and trust at mission speed
Security and compliance, particularly at IL5/IL6 and FedRAMP levels, are often seen as barriers to rapid cloud development. Hall disputes this, noting, “Speed and compliance are not mutually exclusive if we embrace continuous authority to operate (ATO).” Rather than certifying each application independently, modular, reusable security pipelines allow microservices to move across multiple classification levels with minimal rework.
This approach also allows for more effective data sharing across services and coalition partners. Historically, separate mission partner environments slowed collaboration. Zero Trust architecture helps address this by moving from perimeter defense to protecting data itself, enabling more secure, real-time access across networks while enforcing consistent identity, access, and policy controls. “Moving to a defense-wide Zero Trust architecture will let us authenticate once and share data confidently across networks,” Hall said.
Cloud-native foundations for joint operations
As missions increasingly span services and partners, systems must scale rapidly and reliably. “Cloud-native technologies are the only way to scale to meet joint force requirements,” Hall said. Containers, microservices, and serverless computing allow systems to respond dynamically to demand, isolate faults, and reduce unnecessary infrastructure costs. “Together, they allow for rapid deployment and scaling of mission applications across all domains without sacrificing performance or security,” Hall added.
Modernization in practice
Not every system can or should be modernized at the same pace. “First, resist the urge to forklift everything,” Hall advised. “Some legacy systems will stay on premises for years, and that’s acceptable. For the rest, we need structured, repeatable transition plans that rearchitect code before migration, document every dependency, and stage cutovers to avoid operational gaps.” Equally crucial is engaging users early in the process. “We need to know how they’re using an application, not just what it does,” Hall said. Warfighters often adapt tools they’re in unanticipated ways, and understanding those realities is critical to successful re-architecture and migration.
Automation and machine learning (ML) further strengthen cyber resilience by reducing human error and accelerating response. “Any task performed the same way multiple times should be automated,” Hall said. “The result is fewer errors and more time for humans to focus on higher-order problems.”
Looking forward, Hall sees Zero Trust expansion, AI-driven analytics, and cloud-mesh architectures as transformative. But perhaps the most important shift is cultural: “I’d like to see requirements and industry days shift from prescribing solutions to posing problems and inviting industry to innovate rather than comply. That mindset will unlock capabilities the DOD hasn’t yet imagined.”
Modernization measured in mission outcome
Cloud migration is a necessary first step, but it is not the destination. Through scalable architecture, integration security, and a warfighter-centric approach, modernization is a strategic imperative across the defense landscape. “By transforming processes, empowering teams, and fostering innovation, we aim to deliver resilient software capabilities at the speed of relevance,” the DoD lays out in its FY25-26 modernization plan. As the DoD embraces cloud native principles, Zero Trust frameworks, and a culture that prizes innovation and mission outcomes, the department can deliver resilient, adaptable capabilities that keep pace with evolving threats and joint operational demands.
For more information about DoD cloud modernization, read the full interview with Hall.