DoD Changes Cloud Computing Policy - InformationWeek
Government // Cloud computing
09:06 AM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

DoD Changes Cloud Computing Policy

Changing culture is just as important as new technology, CIO Halvorsen says.

8 Lessons From Rosetta Comet Mission
8 Lessons From Rosetta Comet Mission
(Click image for larger view and slideshow.)

The Department of Defense is getting ready to deploy a new cloud computing policy that allows the armed services more say in selecting service providers. Besides allowing commercial vendors to support DoD operations, the move also allows the military to be more efficient in adopting mobile devices and other related technologies, said the department's acting chief information officer.

Speaking at a recent government and industry event, Terry Halvorson, the Navy's former CIO who moved to the DoD's top tech spot this summer, noted that the military faces dilemmas in how it manages and deploys IT systems. But he added that the biggest changes and challenges in the department are not hardware or software, but cultural.

Terry Halvorson
Terry Halvorson

The DoD is working on a new cloud computing policy. Although the Defense Information Systems Agency (DISA) recently was removed as the lead agency for selecting the military's cloud providers, it is still involved in the process, Halvorsen said. Under the new policy, the individual services will be able to select their own cloud providers. Halvorsen wants the DoD to move to commercial clouds, such as Amazon or Google, where possible. DISA's new role in this process will be to ensure that commercial cloud providers meet DoD security standards, he said.

"That's the technical piece. The second piece is we've got to change people's thoughts." One of the big cultural changes that the new cloud policy implies is that individual services, agencies, and commands are no longer able to hoard their data or run their own data centers, he said. The military can no longer afford to operate in this way; instead, the DoD is moving to more "distributed data" operations based in the cloud. The challenge remains in convincing data owners to physically "let go" of it, said Halvorsen.

Cloud computing also enables mobility, something the DoD is embracing. Halvorsen noted that mobility is impossible if data remains locked up in stovepiped data centers. The need for mobility also reflects the fact that the DoD's young personnel are used to mobile devices and rapid access to information in their daily lives. When they join the military or government service, they expect and demand certain capabilities from their mobile devices, according to Halvorsen.

[Is the Army falling down in logistics? Read GAO: Army Logistics Implementation Needs Tighter Controls.]

Although security and meeting mission requirements come first for DoD mobile devices, their deployment across the department -- and the ongoing IT infrastructure modifications needed to support it -- represents a cultural shift, he said.

To help manage this process, the DoD is preparing to release a new cloud policy by the end of this November. Additionally, a new mobile phone is currently being issued to department personnel that features secure email and voice communications. A set of upgrades to the phone's software and applications is already underway and will be followed by a major upgrade at the beginning of 2015, Halvorsen said.

At the core of the DoD's move to cloud computing is the Joint Information Environment, a secure space where commanders can share data and information in real time. The JIE is not a program, but a concept consisting of several discrete characteristics, said Halvorsen.

The first parts of the JIE are the Joint Regional Security Stacks, which streamline network security and operations into regional zones. This provides better security and allows all the services and individual commands to see and know what is happening across the entire DoD enterprise infrastructure, according to Halvorsen.

The stacks also eliminate redundant firewalls. Halvorsen noted that the DoD must currently keep some 1,600 firewalls synchronized. When the JIE is fully functional, it will allow many of these firewalls to be eliminated. If the process is done right, he said the DoD could save up to $2 billion in annual operating costs. The first JRSS is now operational, he said.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

Henry Kenyon is a contributing writer to InformationWeek Government. He has covered Government IT and Defense markets since 1999 for a variety of publications including Government Computer News, Federal Computer Week, AFCEA's Signal Magazine and AOL Government. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/27/2014 | 9:05:24 AM
Defense Knowledge Online - Ahead of Its Time
Defense Knowledge Online (DKO or www dot dko dot mil) is all of this and was built on public address space (aka cloud) but wholly owned and operated by the military.  Unfortunately the combined forces effort was not embraced completely... the whole "let go" is not easy by any stretch of the imagination. While DKO (now back to Army Knowledge Online or AKO) had the mission and the capability, competing priorities from DISA did not help.

Having DISA be the prime for selecting cloud services is like asking an employee to select their successor when the employee has no intention of retiring or leaving an organization.  Moving DISA out of the lead of selecting competing services is the way to advance the WhiteHouse "Cloud First" directive.
Charlie Babcock
Charlie Babcock,
User Rank: Author
11/17/2014 | 5:35:28 PM
A diversity of harder to hack
DoD can be a powerful example in the federal government. The changes are a good thing, At the same time, as military IT gets centralized in fewer data centers and among a handful of cloud providers, it will serve as z more identifiable and concentrated target. Let's hope some good thinking goes into the security of future operations. I'm sure it will. There's a principle of nature that there's security in diversity; maybe some kind of frequent alterred means of communicating and rotating encryption keys can be implmented as well as more centralized operations..
User Rank: Ninja
11/17/2014 | 12:15:23 PM
Commanding Culture Change
Culture change is nearly always harder than policy or technology change. At least the military should have better luck given that most of the work it does across all branches is much more command and control oriented than the corporate environments the rest of us work in. Hopefully, this will be successful and save the kind of dollars that are expected.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll