DOD cloud strategy puts emphasis on security, commercial services

July 16, 2012

An ambitious plan that will see the Department of Defense adopt an enterprise cloud computing infrastructure places a great deal of importance on maintaining a high-level of security, according to a memo from department CIO Teri Takai to Pentagon officials. The Defense Information Systems Agency (DISA) will be responsible for security oversight on all DOD cloud strategies.

"Cloud computing and cloud services offer unprecedented opportunities for cost savings, enhanced information sharing and mission effectiveness," Takai wrote in the memo. "However, the Department of Defense's mission assurance and information interoperability must be maintained as we take advantage of these emerging new capabilities."

Under DISA supervision, maintaining a secure cloud computing environment will be the top priority. In addition to making sure that all cloud projects are in line with the security standards that the DOD requires in-house, DISA will also ensure that strategies and services comply with the new cloud security requirements installed across the government under the Federal Risk and Authorization Management Program (FedRAMP) used to inspect new cloud contractors.

Four-step plan
DISA's contribution will be vital on the security front, but comprise just a small part of the overarching DOD cloud computing strategy. Takai and her team laid out the department's strategy under the guide of four simple steps.

Although some parts of the plan involve multiple complex initiatives, the general outline starts at the cultural aspect and winds its way through to the final delivery. Included in between is the crux of another initiative to consolidate federal data centers. Once the massive web of DOD servers spread across the country is reduced to a few remaining "core" centers, the enterprise cloud infrastructure will be built.

Commercial security
A number of commercial services contracted to the department will be included in the final delivery. Although Takai indicated in her foreword to the strategy that commercial products were not always included in earlier drafts because of potentially lower standards of data protection, their cost efficiency made their inclusion a more viable option in the long run.

Because of this, the FedRAMP vetting process will be particularly important to preserve the integrity of DOD data. Although the challenges associated with commercial products may present an additional hurdle for the project, Takai believes that the overall success of the strategy hinges on them.

"The key to successfully leveraging cloud computing will be managing the new risks associated with an increasing dependence on rapidly emerging commercial technologies," Takai wrote in her memo to the DOD officials.

-McAfee Cloud Security