DISA: Data center consolidation makes for stronger network defense
DISA redraws network perimeters to enhance security
- By Henry Kenyon
- Sep 08, 2011
Budget-inspired efforts to eliminate redundant data center facilities are also offering the military services new opportunities to streamline their network architectures and improve their network security, Defense Department officials say.
The Defense Information Systems Agency is playing a key role in this process, being responsible for managing DOD’s data center consolidation strategy.
The consolidation enables DISA to support the military more actively, said Alan Lewis, DISA’s vice director of Computing Services, speaking at the Defense Systems Summit on Cyber Defense on Sept. 7 in Arlington, Va.
Lewis noted that the services are approaching the agency with suggestions for data center consolidation to help trim their budgets. Options for consolidation include reducing redundant facilities and applications and hosting operations in a joint enterprise environment. Consolidation allows economies of scale and enterprise level information assurance support, he said.
Operating in a secure cloud environment offers many benefits such as cost savings because DISA no longer has to manage large data storage facilities or manage their related hardware support. However, Lewis noted that the agency is still working to reduce the amount of government-owned equipment in data centers.
DISA’s other goal is to ensure mission dependability — specifically, the ability of combat personnel to access data despite cyberattacks and jamming. “The reason that the infrastructure exists is to do something useful,” said Richard Hale, DISA’s chief information assurance executive.
Data center consolidation is vital to supporting troops, Hale explained. However, the goal of the effort is not to reduce all data centers. Core data facilities will be retained and repurposed into joint centers that will promote access to data across service boundaries, he said.
A conundrum of network security and cybersecurity is the need to share data while keeping secrets. The agency must simultaneously support a number of organizations with varying needs and service requirements, Hale said. One facet of consolidation is enhancing network security. DISA is strengthening the perimeter defenses of its networks through programs such as Project Lightning, Hale said.
DISA is also using virtualization to “zone” the infrastructure in the new consolidated data centers. Zoning will allow certain types of data to be stored in areas of varying security depending on the risk associated with the missions the data supports, Hale said. This restructuring is a part of the agency’s Defense Enterprise Security Architecture, which will repurpose the DOD’s major service perimeter defenses, he said.
Henry Kenyon is a contributing writer for Defense Systems.