Ambiguity might actually be best when it comes to cloud -- at least for now, says DISA CTO.
In December, the Defense Department inspector general released an audit suggesting the Pentagon is unable to determine whether cloud computing actually saves the agency any money because it doesn’t have a standardized definition for the term or an inventory of cloud contracts.
The audit cited the National Institute of Standards and Technology’s definition as a logical starting point, and indeed the federal government focused on it, basing integral cloud security requirements across the civilian space with NIST’s definition of cloud in mind.
While the Pentagon has taken steps to address the IG’s concerns – officials referred the IG to the cloud security requirements guide – it hasn’t carved out its cloud strategy with a narrow definition of cloud.
Yet, as Dave Mihelcic, chief technology officer and principal director of the Defense Information Systems Agency, explained Tuesday at an AFCEA breakfast event in Crystal City, Virginia, ambiguity might actually be best when it comes to cloud. At least for now.
“I do think that perhaps you don’t want to very quickly adopt the NIST definition of cloud because it doesn’t always make sense” for DOD, Mihelcic said. “In particular, some of the metered pieces of it may not be applicative. We may want to use cloud-like technologies, but we may want to buy them in slightly more dedicated fashion.”
Commercial cloud is often known for pay-as-you-go computing and utility billing, meaning a customer may pay a fee per gigabyte of space used, for example, as opposed to a lump sum for services over time.
DISA’s role in the Pentagon’s accelerating cloud use is that of designing the requirements and performing authorizations to ensure vendors’ security packages are up to snuff. DOD has several ongoing cloud pilots at varying levels of sensitivity, and it operates its own internal cloud. But in its quest to better incorporate “cloud-like” technologies, DOD doesn’t want to rule out unique solutions.
Cataloging them properly, as the IG states, will surely reduce duplicative investments over time and increase visibility to services across the branches, but DOD officials make a strong case for keeping the definition of cloud computing broad when it comes to the warfighters.
“(Cloud) doesn’t guarantee huge cost savings, but it is technology we are taking advantage of,” Mihelcic said.