DOD’s Three-Tiered Approach to Cloud Computing

The Defense Information Systems Agency’s (DISA) three-tiered plan for DOD cloud computing and security took center stage at the Advanced Technology Academic Research Center (ATARC) Federal Cloud Computing Summit held July 26 at the Washington Marriott at Metro Center located in the District of Columbia. 

The three tiers - traditional computing, on-premise private cloud, and off-premise commercial cloud offerings - as well as the need for secure hosting environments, were explained by John Hale, ‎chief of DISA’s Cloud Portfolio in the Services Development Directorate.

The DISA Cloud Portfolio was tasked with a two-fold mission, said Hale: to move as much to the cloud as possible and to provide cost savings to the DOD.

Since October 2015, Hale’s office has been looking at cloud practices across the entire department and discovered there were a lot of disparate activities. His office has been working through policy and security issues to determine how DISA can best facilitate secure and efficient cloud capability at the enterprise level.

“Our budget looks like everyone else’s in the department,” said Hale. “It continues to shrink, so we have to facilitate cost savings, and reduce overhead for the entire department.”

Traditional Data Centers

The first pillar in the plan rises from traditional computing and data centers. According to Hale, no matter what direction computing takes the department, there are workloads that exist today that will always require hardware to function. Modernizing the current hardware inventory is slowed by budget constraints, but the mission must continue.

“We will continue to operate several traditional data centers,” said Hale.

On-Premise Private Cloud

Honing in on the department’s goal of moving as much as possible to the cloud, and securing its most sensitive data in an on-premise private cloud is the premise of the second pillar. The DOD Cloud Computing Security Requirements Guide (CC SRG) outlines the security model by which DOD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions. The on-premise private cloud will serve mission partners whose information and data are categorized within data impact levels 5 and 6 , encompassing unclassified National Security Systems (NSSs) and classified national security information.

“There are certain workloads we’ve identified as needing to be ‘on our concrete’ from a data ownership and data management perspective,” said Hale. “The best example of a use case scenario for on-premise private cloud is nuclear command and control. We’re simply not going to run those capabilities out of an off-premise commercial cloud environment.”

To help facilitate this capability, DOD recently released the request for proposal for the milCloud 2.0 contract. The contract will bring commercial cloud providers on-premise to deliver rapidly evolving cloud capabilities from the DOD Information Network.

Off-Premise Commercial Cloud Services

The final pillar, which Hale suggests offers the department the most efficiency and cost savings, is off-premise commercial cloud service which can support data at impact levels 2 through 5, as outlined in the CC SRG. With this cloud solution, DISA will provide the Secure Cloud Computing Architecture (SCCA), a set of solutions which facilitate safely and securely moving mission owner’s workloads to a commercial cloud provider. 

According to Hale, after talking with mission partners, one of their chief reasons for not widely adopting commercial cloud today is because the security posture of moving things to the cloud is seemingly difficult to manage. The Cloud Portfolio Office evaluated those concerns, coming up with a common set of shared services every mission partner needs to run workloads in commercial cloud environments. 

“We will have a management stack that allows mission partners to manage their virtual data centers in the cloud,” said Hale. “Securing credentials and maintaining key management and control is paramount; therefore, we will also offer a Trusted Cloud Credential Manager (TCCM) service, which allows us to control the credentials.”

Responding to the Demand Signal

Taking the right steps now to facilitate cost savings and the move of as much data into the cloud as possible are the hallmarks of the Cloud Portfolio and Hale said that commercial cloud providers are key mission partners to help the department reach its goals.

Hale said that moving to the cloud is not just a goal, but an imperative as we usher a younger generation into the information technology (IT) and cyber workforce.

“The big question everyone asks is, ‘why is DOD so focused on moving everything to the cloud?’,” said Hale.

There is an “unbelievable” and growing demand for instant, in-hand, anytime-they-want-it capability by the mission partner user base, according to Hale. He says the younger generation entering DOD’s workforce has never known a world where the internet, technology, and information is not held in their hand and accessible 24/7.

With mobile everything, mobile now, instant on, and instant capability, he says everything the agency is doing from a cloud computing perspective is geared toward facilitating the demand signal and information sharing our mission partners need.“As those folks move into our workforce, that’s what they’re expecting,” said Hale. “If we don’t give it to them, they’re going to go somewhere else and get it. If they do that, we lose control over the information.” 

Published August 3, 2016