The long-awaited promise of cloud computing for the Department of Defense is approaching at a rapid pace. In less than a year since the DoD Chief Information Officer Teri Takai designated the Defense Information Systems Agency as the cloud broker for the department, DISA has achieved a seminal milestone by obtaining initial operational capability (IOC).
According to a DISA press release dated April 16, the DoD CIO is committed to accelerating the adoption of cloud computing within the department, and reaching IOC means the agency has the framework in place for executing this mission. Additionally, DISA has established a process for gathering and assessing mission partner requirements, evaluation criteria for service offerings to include recommended contract requirements, criteria for matching mission partner requirements to the appropriate offerings, an enterprise cloud service catalog, and a cloud security model.
In the commercial world, the widely touted benefits of cloud computing include reduced spending, streamlined processes, improved accessibility and greater flexibility, among other things.
The benefits to the Defense Department are much the same as the commercial world, but discussed in terms of mission. According to DISA, cloud computing will not only meet Joint Information Environment objectives, but also deliver enhanced mission effectiveness and improved operational efficiencies which will enable the DoD to consolidate and share commodity IT functions, resulting in a more efficient use of resources. The DoD Cloud Computing Strategy will move the department from the current state of a duplicative, cumbersome, and costly set of application silos to an end state which is an agile, secure and cost-effective service environment that can rapidly respond to changing mission needs. The DoD CIO is committed to accelerating the adoption of cloud computing within the department and to providing a secure, resilient enterprise cloud environment through an alignment with departmentwide IT efficiency initiatives, federal data center consolidation and cloud computing efforts.
DISA has performed cybersecurity assessments of two commercial cloud services that have been granted Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board Provisional Authorizations, but has not yet named the providers. DISA said that announcement of the approval of these commercial cloud services for information approved for public release is imminent, pending community approval of the associated assessment processes.
In the meantime, the agency continues to conduct security assessments to expand alternatives for future cloud service offerings.
As cloud broker, it is DISA’s responsibility to facilitate contracting and acquisition by developing model contract language that supports implementation of the cloud security model and appropriate use of commercial cloud services. DISA is currently developing the model contract language to make it easier for mission partners to ensure they have considered all the appropriate areas when they contract for cloud services.
In the coming months, DISA plans to further automate the cloud service request process, incorporate new offerings into the service catalog, and enhance the security model to further accommodate mission partner requirements.
DoD Cloud Computing and Google
In February, DISA and Google signed a Cooperative Research and Development Agreement (CRADA) to explore ways for DoD users to securely authenticate to commercial cloud service providers.
"The results of the CRADA are going to play a major role in our cloud strategy going forward," said Deputy CTO for Enterprise Services Jack Wilmer. "The resulting Authentication Gateway Service will be critical to connecting DoD users to commercial cloud services while maintaining security through CAC logon. While the current Google pilot is scheduled to end on 30 September, this is laying the groundwork for many future cloud services."
DISA is also using the Google pilot to explore and validate next generation approaches to cloud-based email that can work with DISA's existing Defense Enterprise Computing Center (DECC) hosted Defense Enterprise Emails (DEE) service.
"The DISA-Google CRADA work is a necessary precursor activity that if successful would allow DISA to bring competitive commercial ‘cloud-based’ e-mail providers into the DEE Service Offering," said DISA Vice Director Rear Adm. David Simpson. "The goal would be to provide for a portion of the DEE user communities' e-mail requirements with lowest cost, technically acceptable service providers whose security is commensurate with organizational and individual assigned missions for the designated DEE users. The target implementation would integrate lower cost offerings into the Single E-mail Enterprise in a manner that continues to utilize one directory service for the entire DoD and seamless collaboration between commercial and DoD hosted DEE environments," Simpson said.
The Department of the Navy Issues Cloud Computing Strategy
In April, the DON CIO Terry Halvorsen announced that the DON Secretariat took the innovative first steps of moving unclassified data to a commercial hosting environment. The Secretary of the Navy’s public-facing information portal is now hosted in the Amazon Web Services cloud. The decision to host the data on a public Web server resulted from an analysis of several factors, including the type of data stored in the portal, the ease of access due to significantly faster response times, security and cost.
The DON first considered a government site to host the portal, but found that commercial sites are less expensive. Further, congressional guidance requires the department to evaluate and select commercially provided services that meet security standards and are less expensive than what it costs to perform those services internally. As a result, the DON has achieved a 50 percent reduction in cost to operate the portal.
The Amazon option is the first case of the DON placing low-risk, public-facing data on a commercial server to save money. The department will continue to explore similar savings opportunities.
DON’s Cloud Computing Policy
If a more cost-effective DoD solution becomes available, the DON’s use of a commercial server for cloud computing is subject to change.
As of right now, the DON CIO plans to use the DON’s initial implementations of commercial and governmental cloud hosting services to define the DON security documentation, certification standards and processes unique to cloud systems while searching for cost-savings. More specifically, in the Update to the DON Approach to Cloud Computing strategy, issued in June, the policy states that, pending further guidance from the DoD CIO, the DON Deputy CIO (Navy) and DON Deputy CIO (Marine Corps) will proceed as follows:
- Ensure all systems are properly certified and formally approved by the appropriate Designated Approval Authority, and required entries are made in the DON IT Portfolio Repository (DITPR-DON) and DON Applications and Database Management System (DADMS);
- Utilize the Broker to identify and vet commercial cloud service providers to host low impact systems and mission functions at lower costs than in government-owned and operated facilities;
- Analyze alternatives to identify the most cost-effective hosting environment for medium impact systems. The analysis will evaluate commercial, federal and DoD solutions; and
- To assist the broker with accurately capturing requirements, categorize data as impact levels 1-6 using the Cloud Security Model.
FOR MORE INFORMATION
DON Approach to Cloud Computing