DoD Moves Data to the Cloud to Lower Costs, Improve Security
By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, Jan. 30, 2015 – The Defense Department is moving its data to the cloud, driven by cost reductions, technical efficiencies and security considerations, Acting Chief Information Officer Terry Halvorsen told military and industry leaders gathered here yesterday.
Halvorsen’s office hosted the first of what it characterized as a series of DoD CIO Cloud Industry Days – meetings intended to promote a continuous, open dialogue with industry that will shape DoD’s approach to the business of information technology, or IT, and cyber.
According to the National Institute of Standards and Technology, cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources — networks, servers, storage, applications and services.
For users, cloud resources can rapidly be provisioned and released with minimal management effort or service provider interaction, NIST says, providing efficiencies and cost effectiveness.
Modernizing and Streamlining Government IT
Cloud computing is part of a government-wide effort to modernize and streamline government IT, and Halvorsen said that in the early stages of transitioning to the cloud, and moving as much as possible into the commercial cloud, it’s important to communicate with defense industry partners.
“Industry needs some consistency,” Halvorsen added, “so I’ve got to … let industry know ahead of time [what we need],” and when a baseline changes.
Such an interactive process with industry, he said, will be critical to avoiding “putting industry in a place where they think they’ve got it right, they spent their money, they’ve come in and said this is [our solution], and we have to tell them … that we’ve found new security threats and [their solution] is not going to work.”
The cloud is as new an environment as anything out there, the CIO said, and for each element of the cloud the department has new decisions to make new.
One of these has been to move as much nonsensitive data as possible to the commercial cloud, Halvorsen told the audience, because costs there are lower.
Leveraging Against a Larger Population
“We’re leveraging against a larger group population in this business. E-mail, particularly, is commoditized, and any time you can share more pricing and more capability with a commoditized environment, you’re going to drive down the price,” he added.
The CIO said commercial companies will be able to meet DoD’s security requirements for nonsensitive data.
“I see the national cyber bar coming up,” he added, “and we’re such a big market that they’ll be willing to adapt their security to meet us. I’m hoping this comes out to be 25 percent or 30 percent more efficient when we’re done.”
Two important programs involved in DoD’s transition to the cloud are FedRAMP and the Federal Data Center Consolidation Initiative, or FDCCI.
A Standardized Approach to Security
FedRAMP is a government-wide program that offers a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
FDCCI aims to reduce the number of federal data centers by optimizing them, consolidating them or closing them.
About FedRAMP, Halvorsen said that if industry wants to do business with DoD they have to meet FedRAMP security requirements, plus extra security requirements if DoD calls for them.
“I think there’s an opportunity for national, commercial and government [entities] to set some very common standards,” the CIO said. The medical industry has done that, he added, and the same could be done in other areas to “raise the national bar” together.
He added, “We actually could have some national standards that apply to everyone.”
The milCloud Suite of Capabilities
Another element of the move to the cloud is milCloud, a cloud-services product portfolio managed by the Defense Information Systems Agency, or DISA.
milCloud offers an integrated suite of capabilities that can make the development, deployment and maintenance of secure DoD applications more agile, according to the DISA website. It leverages a combination of mature, commercial off-the-shelf and government-developed technology to produce DoD-tailored cloud services.
Halvorsen said DoD has to do a better job of internal marketing so everyone understands the pricing differences between standard storage of sensitive but not classified data and storage in the cloud.
“It’s 20 percent to 25 percent less … in the milCloud now, and this milCloud data is data that, by everything I see right now, is going to stay inside the government,” he said. “It’s not classified in many cases but it is so sensitive that I’m probably not ever going to put that data into a public [cloud].
Wrestling with Data Security
The CIO says he’s wrestling with how much of DoD’s data is truly sensitive, using the example of budget data from 1949, which was sensitive at the time but is not sensitive now. Yet it is still stored with data that has relatively high security protection.
“I think [relatively sensitive data] is a much smaller portion of our data than we think it is,” he added.
Where DoD is in its transition to the cloud is hard to measure, Halvorsen said, adding, “but I can tell you this, I’m not where I want to be.”
In the near future, the CIO envisions situations in which a defense contractor might put data inside a data center located on federal property.
Pushing the Model Forward
“The other group I see that would probably want to do that is financial institutions. We are not there yet [but] that’s what we’re looking to push the model forward on,” he added.
In this scenario, federal systems and commercial systems would have to move beyond interoperability, Halvorsen said, and into interconnectivity and become part of the same structure.
“I can make things interoperable a lot of times by kluging them together. I want to get past the klugde so it’s a seamless, interconnected structure. How am I doing that? With lots of help from all the services,” he said.
“All the service CIOs get that we’ve got to go there. Top leadership gets that we’ve got to go there,” Halvorsen added. “One of the chairman’s top priorities is the whole [DoD Joint Information Environment], which gets us there.”
Making it Work
Now, he said, it’s time to take the technical engineering solutions and make them work, and do it in a cost-effective way.
In 10 years, the CIO said, DoD will have a much better distributed data network.
“It’s all data distribution,” he said, “it really is.”
Halvorsen added, “I think what you’ll have in 10 years is a lot fewer physical facilities, much more virtual cloud data that from our standpoint is accessible on whatever the new technology brings.”
The CIO doesn’t think the platforms will be laptops or smart phones, but perhaps smaller devices connected to big-screen entertainment systems accessible at home.
Wearing the Future
“You’ll probably have a watch-type device that gives you some level of data, and you’ll be wearing the rest of it,” he speculated.
“Wearable IT is going to be an interesting phenomena for DoD. Think about what you could do, how you could [suit up] a soldier, sailor, airman or Marine with wearable IT — monitor health, monitor location,” he said.
“That’s the growth area to me,” he added, “but you’ve got to get the data distribution right.”