When the Pentagon and its military branches move data and IT services to the cloud, do they have any idea how much they’re spending or saving?
A soon-to-be published audit from the Defense Department’s inspector general may soon shed light on the extent the Pentagon and its components perform cost benefit analysis before acquiring cloud services.
The audit will be published over the next 30 days and is part of a series of audits the IG has conducted into DOD’s cloud computing efforts. Its first dive into the Pentagon’s cloud computing use, released last January, found Pentagon policymakers did not fully execute on numerous elements of its cloud strategy.
To its credit, the Pentagon has said time and again its approach to cloud is evolving as it juggles security risks by storing information in the cloud. While it started slowly, the Pentagon’s use of cloud computing has accelerated in recent years.
In November, John Hale, Defense Information Systems Agency’s chief of enterprise applications, announced the agency would soon issue provisional authorizations to operate for commercial cloud service providers to handle the government’s most sensitive unclassified information. In DISA’s cloud security guide, this kind of data is designated at Impact Level 5, and examples include national security systems information accessed via the NIPRNet.
The next step up – Level 6 data – is classified information viewable only on a SIPRNet connection.
“There's a certain portion of the workload which we don't feel comfortable with in the commercial environment today, but I do wholeheartedly believe the commercial environment will get there very quickly,” Hale said Nov. 17, as reported by FCW.
That the Pentagon is opening its doors to cloud providers that meet its rigorous – and evolving – cloud security requirements indicates some of its security concerns have been mitigated. But is the Pentagon opening its wallet to cloud providers without knowing how much – and what it might get – in these kinds of IT purchases?