recommended reading

The Pentagon Accelerates Move to Cloud Computing

Flickr user Michael Baird

The Defense Department is accelerating toward wide-scale cloud computing adoption, buoyed by the promises of cost savings and untold increases in mission capabilities.

However, the largest potential consumer of cloud computing services in the U.S. government has also been the most deliberate in ensuring the security of every bit of data that moves to the cloud.

Indeed, security has been a point of friction between industry -- commercial cloud service providers that want access to billions of dollars’ worth of business -- and DOD brass who believe their data necessitates special requirements.

After DOD began exploring cloud in earnest three years ago, a familiar information technology song-and-dance played out: The Pentagon or its IT arm, the Defense Information Systems Agency, would release strategy memorandums or standards, which industry would strive to adhere to -- and then DOD’s strategy would change.

DOD’s most recent changes in cloud strategy and DISA’s latest security requirement update, though, indicate DOD’s cautious approach has laid enough groundwork for industry to get in the game.

The proof is in the participation: The release of the Pentagon’s latest cloud security guidelines generated 800-plus public comments, the vast majority of them from industry players and cloud providers, according to DOD Acting Chief Information Officer Terry Halvorsen.

Not coincidentally, Halvorsen made that announcement Thursday at DOD’s cloud industry day before a standing-room-only audience in Washington, D.C.

Halvorsen noted ongoing commercial cloud pilots with some of DOD's most sensitive, unclassified information and touted DOD’s simplified approach to security standardization.

“If we have public-facing data,” he said, citing an example, “why wouldn’t we put it in a public cloud?”

Not There Yet

Increased dialogue with industry is encouraging, Halvorsen said, but DOD’s cloud policies will continue to evolve, much like the technology itself.

“As we put the cloud document out, the hard part – and I know this from all the interactions with industry – is that you’re all wanting a base,” Halvorsen said. “That’s not going to happen.”

An unchanging baseline made up of certain security standards would fail to keep pace with emerging cyber threats. Some requirements may be grandfathered in “where security is not a concern,” Halvorsen said. Still, standards are destined to continually change.

Other challenges also persist. Halvorsen said data sharing between cloud service providers will need to improve. Issues surrounding of liability of DOD data and the political ramifications if it is breached through the cloud also need to be worked out.

There are technical and procedural guidelines, too, that will continue to evolve. During industry-day panels that followed Halvorsen's remarks, much was made of cloud access points – the means by which commercial cloud providers will connect to DOD networks. However, Amazon Web Services remains the only commercial cloud vendor using a cloud access point.

Questions too remain about cloud’s true return on investment and its potential impact on the workforce.

Cloud will allow for automation that will force DOD to repurpose some of its workforce.

“Today’s guidance is not quite right,” Halvorsen said.

And tomorrow’s guidance will be different, but it seems DOD, after a long journey, finally has a framework in place that puts it on the cusp of testing cloud’s potential.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.