recommended reading

Navy CIO Tells Units to Use Commercial Cloud Services for Public Information


Navy Chief Information Officer Terry Halvorsen directed the Navy and Marine Corps to use to commercial cloud service providers to host publicly releasable information. The decision follows a successful pilot of the Navy secretary’s public website on an Amazon Web Services cloud.

In an April 1 policy memo released last Friday, Halvorsen said Navy and Marine Corps information systems that contain only information previously approved for public release will move to commercial cloud service providers “unless a more cost effective DoD solution is identified.”

According to the memo, systems for which “the loss of confidentiality, integrity, and availability could be expected to have limited adverse effect” will be candidates for moving to commercial clouds.

The Navy’s decision to use commercial cloud services puts a dent in plans by DISA to become the premier hosting organization for Defense at its data centers. Bernie Skoch, a consultant and retired Air Force brigadier general who did a tour at DISA, said centrally managed services facilities need to be ready to justify their existence in the current budget climate.

Skoch said that organization like DISA need to react quickly to the needs of their users and customers. “Time will tell if any services agency has the agility and efficiency to put responsive processes in place that adequately address a broad variety of users' needs fast enough and cheaply enough.”

The shift to commercial cloud services complies with the 2012 National Defense Authorization Act, which mandated “migration of Defense data and government-provided services from department-owned and operated data centers to cloud computing services generally available within the private sector that provide a better capability at a lower cost with the same or greater degree of security.”

The Navy CIO’s office said the Amazon Web Services pilot hosting the Secretary of the Navy public website fits with this Congressional mandate. The innovative decision to host the data in a commercial cloud environment resulted from an analysis of several factors, the most important being the type of data stored in the portal, hosting costs and security requirements,” the post said.

Defense CIO Teri Takai designated the Defense Information Systems Agency as the enterprise cloud services broker for the department in a June 2012 memo that charged DISA with management and delivery of internal or commercial computing services, including adherence to information security and cybersecurity policies.

Halvorsen said in his memo the Navy cannot use DISA as a broker because “the broker concept is still being developed by DoD and is not fully in place,” which means the Navy has to pursue it own course. “Pending further guidance from the DoD CIO, the DON must move forward and employ capable solutions that meet mission and security requirements and provide the best value,” Halvorsen said.

Security and cost are key concerns as the Navy moves into the cloud world, Halvorsen said.  Initial projects will help the Navy define its security documentation and certification standards and processes that are unique to cloud systems, the memo said. Halvorsen said the Navy also will conduct an analysis on how to identify the most cost effective hosting environment for information systems that require more stringent security.

(Image via ClickHere/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.