recommended reading

The Pentagon Accelerates Move to Cloud Computing

Flickr user Michael Baird

The Defense Department is accelerating toward wide-scale cloud computing adoption, buoyed by the promises of cost savings and untold increases in mission capabilities.

However, the largest potential consumer of cloud computing services in the U.S. government has also been the most deliberate in ensuring the security of every bit of data that moves to the cloud.

Indeed, security has been a point of friction between industry -- commercial cloud service providers that want access to billions of dollars’ worth of business -- and DOD brass who believe their data necessitates special requirements.

After DOD began exploring cloud in earnest three years ago, a familiar information technology song-and-dance played out: The Pentagon or its IT arm, the Defense Information Systems Agency, would release strategy memorandums or standards, which industry would strive to adhere to -- and then DOD’s strategy would change.

DOD’s most recent changes in cloud strategy and DISA’s latest security requirement update, though, indicate DOD’s cautious approach has laid enough groundwork for industry to get in the game.

The proof is in the participation: The release of the Pentagon’s latest cloud security guidelines generated 800-plus public comments, the vast majority of them from industry players and cloud providers, according to DOD Acting Chief Information Officer Terry Halvorsen.

Not coincidentally, Halvorsen made that announcement Thursday at DOD’s cloud industry day before a standing-room-only audience in Washington, D.C.

Halvorsen noted ongoing commercial cloud pilots with some of DOD's most sensitive, unclassified information and touted DOD’s simplified approach to security standardization.

“If we have public-facing data,” he said, citing an example, “why wouldn’t we put it in a public cloud?”

Not There Yet

Increased dialogue with industry is encouraging, Halvorsen said, but DOD’s cloud policies will continue to evolve, much like the technology itself.

“As we put the cloud document out, the hard part – and I know this from all the interactions with industry – is that you’re all wanting a base,” Halvorsen said. “That’s not going to happen.”

An unchanging baseline made up of certain security standards would fail to keep pace with emerging cyber threats. Some requirements may be grandfathered in “where security is not a concern,” Halvorsen said. Still, standards are destined to continually change.

Other challenges also persist. Halvorsen said data sharing between cloud service providers will need to improve. Issues surrounding of liability of DOD data and the political ramifications if it is breached through the cloud also need to be worked out.

There are technical and procedural guidelines, too, that will continue to evolve. During industry-day panels that followed Halvorsen's remarks, much was made of cloud access points – the means by which commercial cloud providers will connect to DOD networks. However, Amazon Web Services remains the only commercial cloud vendor using a cloud access point.

Questions too remain about cloud’s true return on investment and its potential impact on the workforce.

Cloud will allow for automation that will force DOD to repurpose some of its workforce.

“Today’s guidance is not quite right,” Halvorsen said.

And tomorrow’s guidance will be different, but it seems DOD, after a long journey, finally has a framework in place that puts it on the cusp of testing cloud’s potential.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.