DOD cloud computing strategy a public-private collaboration
- By Kimberly Johnson
- Oct 25, 2012
The Defense Department is turning to the cloud in expectation it will rain down greater computing efficiency. The Pentagon’s strategy seeking to clarify the transition, which was released in July, has cast the DOD’s net wide enough to include commercial cloud solutions.
The move, while aimed at closing a computing capability gap, also highlights DOD’s ongoing navigation of public-private collaboration.
Undoubtedly, using the cloud environment as an enterprise portal service is proving beneficial for the military. The old way of doing business meant one application per operating system per computer, where an exchange application for e-mail might use only 25 percent of a server’s capabilities, said Bill Rowan, VMware’s vice president for the DOD. The majority of that server’s capabilities weren’t tapped into.
“What we found with these agencies as they move to a cloud strategy is that I’m now taking that same server, virtualizing [it], and layering on multiple operating systems with multiple instances of the application,” Rowan said. “I’m consolidating the footprint in terms of the number of servers, which is obviously reducing the cost. I’m reducing the number of operating systems and applications that have to be fielded.”
The Defense Information Security Agency is doing just that by pushing enterprise e-mail to the cloud. “[There are] well over a half-million users right now, and we’re on target to support the entire Army in the near future,” said Henry Sienkiewicz, DISA’s vice chief executive for information assurance. “That is a great instance of a cloud offering that we’re providing the DOD within the department.”
Cloud computing is a fundamental aspect of establishing core data centers that are interoperable and able to transfer workload, Sienkiewicz explained. The next wave of cloud migration, according to the DISA official, will include the Army’s Ozone Widget, an initiative to tap into intelligence analysis software over networks as a bid to cut down hardware and software costs.
Sienkiewicz said DISA is focused on establishing private clouds for enterprise e-mail and share points, as well as incorporating public clouds via the Federal Risk Authorization and Management Program initiative, which sets security standards and vets cloud computing providers.
“There isn’t a comfort zone when it comes to having military [data] collocated in the same virtual environment with other commercial offerings,” Sienkiewicz admitted. “We really have a lot of concerns on making sure we have positive control of data, not to dictate how the cloud providers are doing their business, but rather to provide safeguards for the military and the taxpayers,” he added.
Concerns stem largely from the fact that computing DOD tactics, techniques and procedures have not yet been clarified to incorporate the cloud environment, industry stakeholders say. In the commercial world, companies like Amazon or Microsoft, for example, may have a variety of their data centers outside the United States, which can spark concern about where information will reside and its security.
“If you make this move, your concerns are going to be, what are my blind spots?” said VMware’s Rowan, who likened the cultural shift as being on par with the shift from mainframe to client server computing. “What we’ve found is that many of the concerns aren’t necessarily true security concerns. It’s much more to do with the lack of ‘how will we implement the processes in this new type of environment’?”
Unlike the client server environment, the virtual nature of the cloud offers more security, Rowan said. “If someone is able to gain access or break into a network, in many cases, they’re breaking into a server. They’re breaking into a virtual machine. They’re not seeing other parts of the system. That is allowing the agencies to respond in a very quick fashion, isolate a threat or problem, evaluate it and potentially use additional forensics to understand what happened… without that threat moving across the rest of the network.”