Building a strategic GCP cloud foundation

Challenge

The State Agency was burdened by a 40+ year-old mainframe system supporting its Labor program. This legacy infrastructure was rigid, expensive to maintain, and couldn’t support the speed, scale, or security standards required for modern services. In the wake of the pandemic, the stakes were higher; any delay in claim processing affected people’s livelihoods.

The critical challenge was transitioning the State Agency to a modern, cloud-enabled system through its first major enterprise cloud implementation. This meant not only setting up the necessary cloud environment but also ensuring compliance with strict state network security policies and standards, while enabling long-term scalability and ease of management. This State Agency needed a trusted partner to lead this foundational shift, one that would support ongoing digital transformation and rapid policy responsiveness for their UI system.

This is where Flexion stepped in.

Approach

We began by designing and deploying an initial architecture using Google Cloud Run, enabling a fully managed, containerized environment to support rapid development and deployment. As state network security requirements evolved, we transitioned workloads to Google Kubernetes Engine (GKE) to achieve greater control, policy compliance, and workload portability. This transition was critical in enabling the system to scale securely and reliably in line with state IT governance standards.

A core part of our infrastructure approach focused on embedding security and operational best practices from the start. We implemented:

• Automated vulnerability scanning and patching, integrated with compliance reporting and rapid remediation workflows.
• CI/CD pipelines powered by GitHub Actions, reducing manual steps, improving deployment speed, and ensuring traceable, repeatable releases.
• IAM policies are aligned with least-privilege principles and the State of Wisconsin’s data protection requirements.
• Cloud-native logging and monitoring using GCP’s operations suite, enabling real-time observability, proactive issue detection, and enhanced reliability across environments.

To ensure a successful and sustainable transformation, Flexion also focused on organizational and cultural readiness. We assessed the State Agency’s infrastructure maturity, cloud proficiency, and stakeholder alignment to guide the deployment strategy. We emphasized early engagement with centralized IT teams to foster cross-functional collaboration, ensure knowledge transfer, and align on security and architectural standards. Our team also navigated complex government processes and decision hierarchies, working closely with stakeholders to align technical delivery with policy and operational objectives.

As part of our modernization strategy, Flexion integrated Google Cloud Pub/Sub to enable event-driven communication across microservices deployed on Google Kubernetes Engine (GKE). This decoupled architecture improved system resilience, scalability, and operational flexibility.

To support event-driven communication between services, Flexion implemented Google Cloud Pub/Sub as a foundational messaging layer within the cloud infrastructure. Key domain events were published and consumed asynchronously by various microservices running on Google Kubernetes Engine (GKE), enabling loosely coupled workflows across the system.

In select flows, Cloud Functions were triggered by Pub/Sub events to execute lightweight logic, route data, or integrate with external systems without burdening core microservices. This design significantly reduced tight API coupling, improved fault isolation, and provided flexibility for downstream integrations such as monitoring, analytics, or notifications, without requiring changes to upstream services.

By introducing Pub/Sub topics as intermediaries in critical claim and payment flows, we created a future-ready, scalable messaging backbone that supports flexible orchestration, simplified retries, and enhanced monitoring of business-critical processes.

Throughout the engagement, we embraced a decentralized, feedback-driven approach, trusting domain experts across teams and promoting resilience through collaborative, transparent decision-making. Flexion’s Option-Enabling Architecture (OEA) allowed for future adaptability without full system overhauls, reducing total cost of ownership and long-term technical debt.

Outcomes

Flexion successfully designed, built, and deployed a modernized cloud infrastructure for the State Agency’s labor system using Google Cloud Platform. The system was fully deployed to both UAT and production environments, providing a solid technical foundation for the agency’s modernization journey.

Technical Accomplishments

• Automated infrastructure provisioning using Terraform and CI/CD pipelines, reducing manual deployment overhead and enabling consistent environment promotion.
• Implemented a high-availability architecture using GKE, designed to provide enhanced system resilience during peak demand periods
• Delivered a streamlined operational framework that would require less management overhead compared to the legacy mainframe environment
• Created automated deployment pipelines with full CI/CD automation and containerization
• Built comprehensive security controls with automated vulnerability scanning and remediation processes that align with state government requirements

Platform Capabilities Delivered

• Scalable processing architecture designed to handle increased claim volumes during peak periods
• Modern workflow design capable of accelerating claim processing cycles
• API-driven service layer to support future self-service capabilities and digital channels
• Enhanced logging and monitoring framework to support audit compliance and comprehensive documentation of transactions

Knowledge Transfer and Organizational Readiness

• Successfully delivered a production-ready cloud environment that provides a blueprint for transitioning from the 40+ year-old mainframe system
• Empowered the State Agency’s IT team with cloud skills through knowledge transfer sessions and collaborative development
• Introduced DevSecOps practices and tools, establishing a foundation for security-embedded development workflows
• Developed analytics capabilities that can enable data-driven decision making in future iterations

Strategic Assets Delivered

• Event-driven architecture blueprint using Pub/Sub, designed to allow rapid adaptation to policy changes
• Future-ready GKE infrastructure that can easily integrate with emerging technologies
• Cloud cost optimization framework to establish predictable, manageable operational expenses
• Modernization roadmap to guide the Agency’s continued digital transformation efforts

Broader Impact

While the system has not yet been adopted for operational use, the GCP architecture patterns, security controls, and operational models developed by Flexion provide a valuable blueprint for the State Agency and potentially other agencies beginning their cloud journeys. The project has created a technically sound, compliant, and scalable foundation that remains ready for adoption when the Agency is prepared to transition from its legacy systems.

The work completed represents a significant milestone in the agency’s modernization journey, demonstrating the technical feasibility of moving from decades-old mainframe technology to a modern, cloud-native architecture while meeting the stringent security and compliance requirements of the state government.