Navy Chief Information Officer Terry Halvorsen directed the Navy and Marine Corps to use to commercial cloud service providers to host publicly releasable information. The decision follows a successful pilot of the Navy secretary’s public website on an Amazon Web Services cloud.
In an April 1 policy memo released last Friday, Halvorsen said Navy and Marine Corps information systems that contain only information previously approved for public release will move to commercial cloud service providers “unless a more cost effective DoD solution is identified.”
According to the memo, systems for which “the loss of confidentiality, integrity, and availability could be expected to have limited adverse effect” will be candidates for moving to commercial clouds.
The Navy’s decision to use commercial cloud services puts a dent in plans by DISA to become the premier hosting organization for Defense at its data centers. Bernie Skoch, a consultant and retired Air Force brigadier general who did a tour at DISA, said centrally managed services facilities need to be ready to justify their existence in the current budget climate.
Skoch said that organization like DISA need to react quickly to the needs of their users and customers. “Time will tell if any services agency has the agility and efficiency to put responsive processes in place that adequately address a broad variety of users' needs fast enough and cheaply enough.”
The shift to commercial cloud services complies with the 2012 National Defense Authorization Act, which mandated “migration of Defense data and government-provided services from department-owned and operated data centers to cloud computing services generally available within the private sector that provide a better capability at a lower cost with the same or greater degree of security.”
The Navy CIO’s office said the Amazon Web Services pilot hosting the Secretary of the Navy public website fits with this Congressional mandate. The innovative decision to host the data in a commercial cloud environment resulted from an analysis of several factors, the most important being the type of data stored in the portal, hosting costs and security requirements,” the post said.
Defense CIO Teri Takai designated the Defense Information Systems Agency as the enterprise cloud services broker for the department in a June 2012 memo that charged DISA with management and delivery of internal or commercial computing services, including adherence to information security and cybersecurity policies.
Halvorsen said in his memo the Navy cannot use DISA as a broker because “the broker concept is still being developed by DoD and is not fully in place,” which means the Navy has to pursue it own course. “Pending further guidance from the DoD CIO, the DON must move forward and employ capable solutions that meet mission and security requirements and provide the best value,” Halvorsen said.
Security and cost are key concerns as the Navy moves into the cloud world, Halvorsen said. Initial projects will help the Navy define its security documentation and certification standards and processes that are unique to cloud systems, the memo said. Halvorsen said the Navy also will conduct an analysis on how to identify the most cost effective hosting environment for information systems that require more stringent security.