DISA Breaking Down Barriers for DoD Commercial Cloud E-mail Service
FORT GEORGE G. MEADE, Md. -- Will the DoD get its IT from the cloud? DISA is taking steps to harness the potential of cloud computing to deliver email as a service for the future.
In February, DISA and Google signed a Cooperative Research and Development Agreement (CRADA) to explore innovate ways for DoD users to securely authenticate to commercial cloud service providers.
As part of the CRADA, DISA Enterprise Services Directorate (ESD) developed a proof of concept Authentication Gateway Service (AGS) that allows for secure translation between DoD public key infrastructure (PKI) common access card (CAC) authentication and Google-provided cloud services using a standards based protocol known as the Security Assertion Markup Language or SAML.
In order to demonstrate the utility of the AGS, DISA’s Office of the Chief Technology Officer (CTO) launched a pilot of Google Apps for Government (GAfG) that allows users to utilize their CACs for authentication, eliminating the need for the less secure password-based login. Pilot users will evaluate the use of commercial cloud based services like GAfG in a typical DoD unclassified office environment.
During the first phase of the pilot, 50 DISA employees will use GAfG to process only non-sensitive unclassified data. At the same time, DISA’s Field Security Office (FSO) is conducting a security evaluation of GAfG to determine if the service can support additional pilot users as well as sensitive but unclassified data.
"The DISA-Google CRADA work is a necessary precursor activity that if successful would allow DISA to bring competitive commercial "cloud based" e-mail providers into the DEE Service Offering,” said Rear Adm. David Simpson, Vice Director of DISA.
“The goal would be to provide for a portion of the DEE user communities' e-mail requirements with lowest cost, technically acceptable service providers whose security is commensurate with Organizational and Individual assigned missions for the designated DEE users. The target implementation would integrate lower cost offerings into the Single E-mail Enterprise in a manner that continues to utilize one Directory Service for the entire DoD and seamless collaboration between commercial and DoD hosted DEE environments,” Simpson said.
“The results of the CRADA are going to play a major role in our cloud strategy going forward,” said Jack Wilmer, DISA’s Deputy CTO for Enterprise Services. “The resulting Authentication Gateway Service will be critical to connecting DoD users to commercial cloud services while maintaining security through CAC logon. While the current Google pilot is scheduled to end on 30 September, this is laying the groundwork for many future cloud services.”
Given the importance of email to the Department, DISA is also using the Google pilot to explore and validate next generation approaches to cloud based email that can augment DISA’s existing Defense Enterprise Computing Center (DECC) hosted Defense Enterprise Emails (DEE) service. Key to this is the ability to integrate DISA’s Enterprise Directory Services (EDS) with cloud based email to allow a single Global Address List (GAL) and seamless email interoperability. To accomplish this, DISA is leveraging its Identity Synchronization Service (IdSS) to automatically provision Google pilot users and synchronize the GAL between DEE and the pilot.
“If we can validate this approach,” said Wilmer, “in the future we will be able to competitively acquire cloud based email services to provide browser based email for users that don’t need all of DEE’s features.”
Posted May 17, 2013