In its ongoing efforts to reduce network and IT infrastructure costs, the US Navy wants to move most of its non-classified, publically available data to a commercially provided cloud, cut the number of Navy data centers from 150 to 25, and eliminate redundant costs including duplicative software applications.
The move reflects the Navy's desire to cut $1.3 billion from its IT budget, and cloud-based data storage is a cost-effective option, Navy CIO Terry Halvorsen told executives at a government IT event in Washington D.C. on March 13. A substantial part of those savings would come from consolidating the Navy's data centers and adopting cloud computing and virtualization for most of the service's non-classified data, Halvorsen said, adding that the Navy would continue to keep mission-sensitive and critical information in its classified databases.
But as the Navy closes data facilities, the data itself will require analysis for security and efficiency purposes. Besides defending against potential data breaches, the Navy wants to trim redundant and obsolete applications from its databases.
[Federal agencies are shifting beyond the 2010 cloud-first mandate. Read Cloud First: End Of The Beginning For Federal Agencies?]
Halvorsen said the Navy would also make a concerted effort to close aging buildings that are inefficient to heat and cool and expensive to operate. "We own a lot of old buildings," Halvorsen observed. By trimming back on the number of facilities and adopting virtualization, the service expects it can also trim the number of people required to run its data facilities and save on labor costs.
While the Navy plans to eliminate older software, equipment, and facilities, Halverson said that the Navy will retain some useful and effective technologies that meet mission needs but that may not be applicable in a cloud environment. "Just because things are older doesn't mean their value is less," he pointed out.
According to Halvorsen, the Navy needs to move about 50% of its non-classified data into some kind of commercial storage system as part of its cloud migration plans. Public-facing information will be moved to an Amazon cloud managed system.
The Navy also plans to rethink its continuity of operations (COOP) sites and plans. "Most data doesn't need the level of backup [that the Navy currently maintains]," Halvorsen said. Besides time-sensitive, mission-critical information, much of the service's data does not require immediate restoration in the case of power loss or disaster. For this non-sensitive data, he said, recovery times of between 72 hours and five days are acceptable. Adjusting backup requirements would mean the Navy could use more remote and less costly data storage facilities.
Halverson believes moving a portion of the Navy's data to the cloud would also lower the cost of securing the data. While it may become challenging to pinpoint exactly where data resides at any given time, Halvorsen said, knowing exactly how the security layer works has greater importance.
Halvorsen also contends that even on mission-critical classified networks, the Navy must understand that data is perishable and must be handled accordingly. The Navy and its commercial partners need to do a better job assigning different risk factors and determining the required security to associate with different types of information, he said, noting that the useful lifespan of some types of tactical information lasts only minutes.
Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.