milCloud: The Future of DOD Cloud Capability
Relevant links are at the bottom of this post.
Since its launch in 2013, the Department of Defense’s use of milCloud 1.0 — an on-premise cloud solution based on commercial technology and built, operated, and managed by the Defense Information Systems Agency (DISA) —has grown exponentially.
As DISA advances cloud capabilities for the Department of Defense (DOD), it embraces the opportunities to use commercial cloud solutions to reduce operational costs, release available resources, enhance standardization, and increase agility and responsiveness to the changing needs of mission partners.
milCloud 2.0 — the follow-on solution to milCloud 1.0 — will be a commercial cloud, built, operated and maintained by commercial cloud service providers on DOD property, used exclusively for DOD data and users, said John Hale, chief of the DISA Cloud Portfolio, at the Armed Forces Communications and Electronics Association’s (AFCEA) Defensive Cyber Operations Symposium in the District of Columbia last month.
Hale emphasized “this is not going to be something we build and maintain in-house. We will bring a commercial provider into the [DOD Information Networks, also known as the DODIN,] to provide services internally to the Department of Defense.”
Even as DISA advances with cloud computing, the agency still plans to offer hosting in traditional data centers.
“Cloud is not the savior for everything. There is always going to be the need for traditional hosting in a DOD data center,” said Hale. “There are certain workloads that just do not fit well in a virtualized or cloud model.” He provided nuclear command and control as an example.
Hale noted that traditional hosting is probably going to be the most costly option for mission partners because they would be responsible for the entire cost recovery. milCloud 2.0 is expected to be an economical alternative because infrastructure costs would be shared.
Another key difference between milCloud 1.0 and 2.0 is the way mission partners will be billed.
With milCloud 1.0, mission partners pay a set amount each month. The plan for milCloud 2.0 is for mission partners to be billed only for actual consumption of capabilities. Many mission partners will welcome this change, said Hale, though he noted that cost is not the only driver when it comes to hosting decisions.
“Every time a mission partner comes to us and says ‘I have this workload.’ Our job is to sit down with them, go through the requirements, and find them the best solutions that fit their needs. It may be off-premise commercial cloud, it may be on-premise commercial cloud, it may be traditional hosting, or it may be a mix, depending on what the particular mission needs are.”
In the near term, DISA plans to:
- Deliver and enhance milCloud 1.0 capabilities to ease mission partner migration to the platform while increasing automation.
- Develop and deliver cloud access points (CAPs), which provide secure access to commercial cloud provider’s services allowing DOD to safely and securely leverage those services off premise.
- Revise and evolve the DOD Cloud Computing Security Requirements Guide (SRG). The latest version was released in March 2016.
- Guide commercial cloud service providers through the provisional authorizations process.
In the long term, DISA plans to:
- Deliver milCloud 2.0 in two phases. Phase I will include bringing a commercial provider into a few of DISA’s data centers and will occur this year. The objective is to figure out the business model side of hosting DOD workload with an on-premise private cloud. Phase II involves providing capability on the classified and unclassified networks, involving more data centers and more workload. Phase II will be informed by Phase I, and it will be a longer term effort. Services provided by the commercial service provider will be acquired through DISA’s Service Catalog. In other words, mission partners will still purchase computing and cloud services from DISA; DISA will then purchase the services from the commercial provider.
- Evolve the CAP into the Secure Cloud Computing Architecture (SCCA) — the proposed framework to secure mission applications deployed to commercial cloud service offerings at impact levels four and five. DISA recently released a draft Functional Requirements Document (FRD) for the SCCA and is seeking comments from DOD components and industry. Open comments will be accepted until May 31. The draft FRD and response instructions are available via the Information Assurance Support Environment.
- Continue to improve DOD’s security posture while reducing operating costs.
“By leveraging cloud capability — both commercial on-premise and off-premise capability — we can bring significant savings to the department and we can also provide a new, agile functionality to our mission partners going forward,” said Hale.
Published May 4, 2016
http://disa.mil/News/Stories/2016/milCloud-Future
http://disa.mil/News/PressResources/2016/Cloud-Security-Requirements
http://www.disa.mil/~/media/Files/DISA/Fact-Sheets/Secure-Cloud-Computing.pdf
http://iase.disa.mil/cloud_security/Pages/index.aspx