Navy makes enterprise push for cloud computing
- By Defense Systems Staff
- Apr 09, 2013
The Navy will begin moving its systems that host publicly releasable information to commercial cloud service providers (CSPs) as a first step toward eventually deploying most of its systems to the cloud environment, Navy CIO Terry Halvorsen said April 5.
In an April 1 memo to service organizations, the Navy CIO instructed systems and application owners and program managers responsible for service computing systems to expand their analyses of alternatives for hosting Navy systems and information to include Defense Department and CSPs.
The Navy is seeking to move more of its computing systems to the cloud to increase efficiency and achieve cost savings, the CIO said. The service will vet CSPs to ensure that they have robust cloud computing technologies that can meet established mission and security requirements, and also provide best value.
The new policy directive comes in the wake of a recent pilot project the Navy CIO had with Amazon Web Services to move publicly accessible data to a commercial hosting environment, the Navy CIO said. As a result of the initiative, the Secretary of the Navy's information portal accessible to the public is now hosted in the Amazon Web Services cloud infrastructure. Among the key factors assessed in making the decision involved the type of data stored in the portal, hosting costs and security requirements.
The move to commercial CSPs will occur unless a more cost-effective DOD approach is identified, the Navy CIO memo stated.
The DOD had previously stated in two different memorandums issued in 2012 that the Defense Information Systems Agency was to serve as the departmentwide Enterprise Cloud Service Broker; however, since the broker concept is still being developed and not yet in place the Navy intends to move forward with its transfer of computing systems to commercial CSPs, the Navy CIO memo stated.
The Navy CIO plans to use the initial implementations of commercial and governmental cloud hosting services to define the security documentation and certification standards and processes unique to cloud systems, the memo stated. The Navy CIO plans to use reciprocal accreditation decisions and artifacts supporting such decisions to streamline the DOD and federal certification processes. This approach will also identify the need for additional security controls or verification testing, the memo stated.
Pending further guidance from the DOD, the Navy and Marine Corps deputy CIOs will take steps to ensure that all systems are properly certified and formally approved by the appropriate designated approval authority, ensure required entries are made in the Navy IT Portfolio Repository and Navy Applications and Database Management System, ensure commercial CSPs are used to support low-impact systems and mission functions unless a more cost effective DOD approach is identified.
The deputy CIOs also will establish a governance process to adjudicate requested exceptions to this policy and and analyze alternatives to identify the most cost effective hosting environment for medium impact systems. The analysis will cover the evaluation of commercial, federal, and DOD approaches.