Department of Defense Lays Out Cloud Strategy
The Department of Defense (DOD) has announced a cloud computing strategy that aligns the agency with federal efficiency standards. Specifically, all agencies are required to consider cloud computing options before making new IT investments. The strategy details a shift to cloud services, including methods to promote adoption, establish an enterprise cloud infrastructure and consolidate datacenter resources. Beyond technical details, the program also aims to overcome any cultural challenges associated with migration to cloud technology.
The DOD believes these services have the potential to speed IT delivery while fostering innovation and providing efficiency. A memorandum from the agency’s office of the CIO places a heavy focus on protecting sensitive data as well as saving taxpayer dollars.
On June 26, Teri Takai, chief information officer for the Department of Defense, designated the Defense Information Systems Agency (DISA) to become the DOD’s cloud broker. The agency is tasked with managing the use, performance and delivery of cloud services. DISA will also negotiate relationships between cloud providers and the DOD. Their goal is to simplify the process of cloud adoption while reducing costs and increasing the security of shared data.
The department plans to transform its current IT infrastructure into a Joint Information Environment, which is defined as follows:
The Joint Information Environment is a robust and resilient enterprise that delivers faster, better informed collaboration and decisions enabled by secure, seamless access to information regardless of computing device or location.
In order to achieve this goal, the cloud strategy calls for a network redesign, resource consolidation and policy changes along with the adoption of enterprise standards.
Working together, the DOD’s CIO office and DISA led the Capability Assurance and Alignment Process (CAAP) Working Group to solidify their strategy. The department has identified four steps that will take place during the transition to a cloud environment.
Phase 1: Foster adoption of cloud computing
During this time, a joint governance structure will be created to assist with the transition to a DOD enterprise cloud environment. An “enterprise first” approach will be taken to establish a cultural shift towards the adoption of cloud computing. Financial practices, including acquisitions and contracting policies will be reformed. Finally, a cloud computing outreach and awareness campaign will be established to increase the visibility of government cloud services.
Phase 2: Consolidate resources
The department plans to reduce its hardware footprint through virtualization and IaaS. Currently, server utilization is typically less than 30 percent, and they’re hoping to boost that figure to 60-70 percent. Another part of the plan is to wind down software redundancy through the adoption of a limited set of standard software platforms. The DOD expects to save on expenses by migrating legacy applications and data to a smaller, core infrastructure. This practice is also expected to increase resilience to cyber threats, as the infrastructure would be managed as a single enterprise.
Phase 3: Establish the DOD enterprise cloud infrastructure
Described as a resilient enterprise cloud infrastructure, it has the goal of working seamlessly between all DOD units. This will be seen as the engine driving the enterprise cloud environment. Cloud service brokerage is seen as an important component, enabling flexibility in the consumption and management of services spanning disparate providers. Essentially, the environment should not have any single points of failure, which continues the focus of resiliency.
The broker will also assist various departments with the acquisition of cloud resources, ensuring that application requirements are met. Some examples include:
- Compliance with DOD information assurance requirements for encryption and key management.
- Cyber intrusion detection and response.
- Billing and contracting interfaces.
- Usage and workload distribution.
The department will also establish a cloud development and test environment. Referred to simply as “DevOps,” it will encourage collaboration between developers and IT professionals.
Straying from the NIST cloud service model, the department will also establish a DOD Data Cloud, given the definition “Data as a Service” (DaaS). The Data Cloud will continue a strategy of deploying standard data interfaces and incorporate big data technologies to handle quickly growing datasets.
Phase 4: Deliver Cloud Services
The final phase involves offering cloud services with improved capabilities at reduced costs. DISA currently provides a number of cloud services that are hosted in DOD datacenters. These include:
- Defense Connect Online (DCO)
- Global Content Delivery Service (GCDS)
- Customer Relationship Management (CRM) tools
These services will continue to be offered and augmented with enterprise directory and messaging, file storage, and identity and access management services. The cloud environment will also switch legacy collaboration services to everything over IP (EoIP), which will include mobile device support for real-time collaboration.
While the department is bolstering the services it provides, it will also encourage users to leverage external resources when appropriate. This includes services provided by other agencies or commercial vendors if needed.
Because of the sensitive nature of DOD data, high-risk information will not be permitted on commercial cloud infrastructures. The department describes this data as creating severe or catastrophically adverse effects on organizational operations should its integrity be lost.
The DOD CIO views the cloud computing strategy as a requirement to dramatically improve IT operations while lowering costs and adhering to federal mandates. As the project is implemented, the CIO plans to keep communications open, making refinements where they are needed. If the DOD’s plan is successful, it may become a model for replacing legacy IT operations.