AWS Public Sector Blog
Modernizing tax systems with AWS
Tax administrators at all levels of government face challenges due to legacy systems that lack functionality, scalability, and flexibility. Amazon Web Services (AWS) is helping leading tax authorities around the world to migrate and modernize their mission critical tax systems in the cloud, allowing them to achieve better service reliability, scalability, and security, while paving the way for new and innovative business functionality. Running tax systems on AWS supports these authorities in strengthening operations, improving constituent interactions, improving business intelligence capability, reducing costs, and innovating.
Globally, tax agencies are increasingly looking to the cloud to address pressing needs, from aging and costly infrastructure, technology debt, poor disaster recovery (DR), and siloed data to challenges integrating with third party systems. In this blog post, learn how these tax agencies and their tax solution providers can adopt a progressive approach to modernizing tax systems to enable more efficient and effective tax administration.
Migration to the cloud
The first step in modernizing tax systems is to migrate tax systems to the cloud. Migrating to the cloud allows tax agencies to move from legacy monolithic technology running in data centers or colocations to modern cloud architectures that improve security, reliability, uptime, scalability, and DR.
Tax agencies that operate their tax workloads on top of server-based operating systems such as Windows can decouple migration from modernization, allowing them to move fast, manage risk, and realize certain benefits of the cloud more quickly.
Tax agencies that run on-premises mainframe-based tax workloads are less able to decouple migration from modernization when moving to the cloud. Instead, such organizations can use managed tools like AWS Mainframe Modernization to migrate and modernize at the same time. AWS Mainframe Modernization provides both infrastructure and software for migrating, modernizing, and running mainframe applications on an AWS-managed runtime (x86) environment. AWS Mainframe Modernization supports two transformation patterns reflecting common business objectives:
- Strategic modernization is a transformation pattern that works to reduce cost, increase agility, and reduce technical debt and risks by migrating workloads to the cloud. Replatforming with mainframe compatibility and leveraging automated refactoring with code and data conversion can support strategic modernization.
- Tactical augmentation is a transformation pattern focused on unleashing value from mainframe data by providing agility and innovation with cloud-enabled services. This includes creating new channels and functions; developing and testing with DevOps; integrating data analytics; and adopting backup and archival mechanisms.
Figure 1 illustrates how these and other tactics support strategic modernization and tactical augmentation on a spectrum of cost and risk, as well as speed to implement and automation.
Figure 1. AWS Mainframe application modernization patterns.
Learn more about AWS Mainframe Modernization in AWS documentation.
Tax authorities that operate traditional tax systems as Windows workloads, typically in on-premises virtualized environments, can rehost (i.e., lift and shift) those workloads to the cloud as a first step in an incremental roadmap to modernization.
The following are some benefits of such an approach:
1. Business continuity and application availability
One of the immediate benefits of rehosting is improved availability and disaster recovery. Migrating to the cloud enables tax agencies to leverage AWS Global Infrastructure, which currently spans 99 Availability Zones (AZs) within 31 geographic regions around the world. Tax agencies can rehost their tax applications within multiple AZs to achieve greater fault-tolerance and higher availability. Moreover, a multi-Region DR cloud architecture pattern can help tax agencies achieve their required recovery time objectives (RTOs) and recovery point objectives (RPOs) (Figure 2).
Figure 2. Disaster recovery options in the cloud that support an RPO/RTO of hours to an RPO/RTO of real-time.
Many of the tax agencies that migrated applications to AWS improved their RTO and RPO from days to hours by adopting a pilot light DR strategy without making any changes to the application itself. This approach also allows customers to adjust their DR strategy over time to achieve lower RTOs and RPOs with incremental changes to DR architecture. Read more about disaster recovery options in the cloud.
AWS also offers AWS Elastic Disaster Recovery, a DR orchestration service that helps minimize downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. Another approach is to build for DR in the cloud first while keeping the primary on-premises infrastructure, and then upgrade the cloud-based DR to primary later—aligning this transition to hardware and software refresh cycles or data center exits.
2. Security and compliance
Moving to the cloud can support regulatory compliance requirements for tax workloads, such as IRS Publication 1075, FedRAMP, FIPS 140-2, PCI- DSS, and GLBA. IRS Pub 1075 requires FedRAMP authorization of cloud providers in order to provide consistency across security, transparency, monitoring, and use of assessments and authorizations. AWS is audited by third parties that attest to controls published in NIST 800-53. The AWS Cloud is also FedRAMP authorized; a tax system hosted or built on AWS inherits these FedRAMP controls. Moreover, AWS provides additional logical security controls and prescriptive guidance that can help secure tax data like federal tax information (FTI) within the application to further reduce business risk. For example, with AWS Key Management Service (AWS KMS), you can create encryption keys under your control and use them to encrypt and restrict access to tax data based on tags. You can also control access to AWS KMS keys using a key policy, along with an audit trail. The key policy determines who has permission to use the encryption key and how they can use it.
Additionally, the AWS Nitro System provides additional security features through a lock down security model and by offloading virtualization resources to dedicated hardware to minimize attack surface. The Nitro System encrypts data in transit at the physical layer, monitors and protects instance hardware and firmware, and prohibits administrative access, mitigating the possibility of human error and tampering.
Customers can leverage the Landing Zone Accelerator on AWS for tax agencies, an automated solution to deploy an account structure commonly used with tax workloads, along with security controls and network configurations that secure FTI data. This solution is designed to automate, accelerate, and simplify tax system deployments in the cloud. Find the solution on GitHub.
3. Software as a service (SaaS) like experience
With the cloud, agencies can take advantage of a Software as a Service (SaaS) operational model for tax workloads. Cloud provides multiple options to choose from based on an agency’s operational requirements. Agencies can offload the infrastructure management, operations and governance of tax systems to either AWS, or a managed service provider (MSP). Many of our tax customers use AWS Managed Services (AMS) to manage and operate their tax applications securely and efficiently. AMS helps customers extend their team with operational capabilities, including monitoring, incident detection and management, security, patching, backups, and cost optimization. Find more information about features and capabilities in AWS Managed Services documentation.
4. Modern data architectures
Cloud enables tax systems to leverage purpose-built storage to remove data silos, adopt modern data architectures, improve the data access and governance model, optimize storage costs, and gain insights. Traditional tax systems use databases as a one-size-fits-all approach to store all types of tax data. With the cloud, tax agencies can keep relational or structured data in purpose-built databases while moving unstructured data, such as flat files and documents, to cost effective, scalable, and durable object storage like Amazon Simple Storage Service (Amazon S3) or a managed file system such as Amazon FSx. Instead of storing various tax data types into a single database, tax agencies can select the right storage based on data type. This enables granular data access, data retention, and data governance policies based on the type and classification of data. This approach also enables agencies to make use of cloud-based data analytics tools for driving insights from data. Learn more about Modern Data Architecture on AWS.
5. Infrastructure cost optimization
Hosting a tax system in the cloud also provides greater visibility into infrastructure costs and utilization. This helps find opportunities to right-size the infrastructure to optimize costs. One strategy is to right-size less critical non-production and testing environments first, before optimizing production systems. Cloud elasticity can help further optimize costs. Agencies can scale up the environment before the peak tax season and scale down during low activity season. Additionally, the cloud provides options to optimize licensing costs, such as SQL server licensing (which is typically based on vCPU counts) either through vertical scaling or by switching off unused vCPUs. Read the “Top 10 recommendations to optimize costs with your SQL Server workloads on AWS” for more detailed recommendations.
Figure 3. A graph representing total cost of ownership (TCO) optimization between on-premises, lift and shift, and AWS-optimized infrastructures.
6. Support sustainability goals
AWS is on path to power 100% of its operation by renewable energy by 2025—five years ahead of its original target of 2030. Moving workloads to the cloud can assist tax agencies in meeting their sustainability goals. Read more about Amazon’s renewable energy initiatives.
Additionally, AWS provides agencies prescriptive guidance and architectural patterns for designing sustainable workloads on the cloud. Read the “Let’s Architect! Architecting for sustainability” blog post for more details.
Infrastructure and application modernization
Once agencies are in the cloud, they can start to use cloud native services to incrementally modernize different aspects of their tax applications, such as the application, webserver, and database. Agencies can use containers and serverless technologies to build modern tax applications. These technologies help uncouple applications and run them as independent components called microservices. Microservices and serverless architectures can foster innovation, reduce or remove the need for server management, reduce operational complexity, improve maintainability, support pay-per-use billing, and enable continuous scaling and built-in fault tolerance. Refer to the Implementing Microservices on AWS and Optimizing Enterprise Economics with Serverless Architectures whitepapers for more details.
For database modernization, agencies can move from a self-managed database running on Amazon Elastic Compute Cloud (Amazon EC2) to a fully managed Amazon Relational Database Service (Amazon RDS). Amazon RDS is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud. Amazon RDS supports common engines such as SQL Server, MySQL, MariaDB, PostgreSQL, Oracle and more. Many customers strive to modernize with an open source database engine such as PostgreSQL to avoid commercial databases licensing costs. One such option is migrating to Amazon Aurora. Amazon Aurora provides built-in security, continuous backups, serverless compute, up to 15 read replicas, automated multi-Region replication, and integrations with other AWS services. When customers migrate to Aurora, they get the scalability, performance, and availability of commercial databases and cost-effectiveness of open-source databases. AWS also provides various tools to re-host and re-factor applications.
Figure 4 features an example modernization path for a Windows-based tax application. Learn more about how to modernize Windows workloads with AWS.
Figure 4. Legacy Windows workload modernization considerations across rehosting, replatforming, and refactoring.
AWS is also helping tax agencies in modernizing tax applications and workflows using cloud native services such as artificial intelligence (AI) and machine learning (ML). AI and ML can help with tax system modernization by automating tax return processing, identifying fraud and errors, improving customer service, streamlining compliance, using predictive analytics, and assist with audits.
Modernizing tax systems in the cloud can help evolve and improve tax administration. Modernization can support tax agencies in improving security and compliance, achieving business continuity and operational efficiency, optimizing costs, and delivering a better citizen experience.
To learn more about how you can use AWS to support your agency’s unique use case, contact the AWS Public Sector team to get started.
Read more about AWS for tax agencies:
- 3 ways tax agencies can use AI on AWS
- How the US DOJ Tax Division built a remote telework application in six weeks with AWS
- Fighting fraud and improper payments in real-time at the scale of federal expenditures
- Taxes, governments, and great experiences using the cloud
- How public sector agencies can identify improper payments with machine learning
Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.
Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.