DOD Looks to Industry for Cloud Enterprise Email

Acting DOD CIO Terry Halvorsen says the next version of unclassified, enterprise email will be a commercial solution.

The Department of Defense is eyeing a commercial solution for the next version of its unclassified enterprise email.

That service is currently provided by the Defense Information Systems Agency (DISA), but the promise of significant cost savings is driving DOD to adopt a commercial cloud offering, acting DOD CIO Terry Halvorsen said Thursday at the department’s cloud industry event in Washington, D.C. Industry has proven it can provide enterprise email at a lower cost, said Halvorsen, who said he thinks companies will be open to adapting their security requirements to meet DOD’s needs.

“I’m hoping that this comes out to be probably 25 or 30 percent more efficient when we’re done,” Halvorsen said. “The next version of DEE [Defense Enterprise Email] will be, on the [unclassified] side, a purely commercial answer.

He added that DOD is still sorting through a number of questions: In which areas should the department be using more commercial capabilities? What businesses should DOD be in and to what extent?

Halvorsen made clear that DOD will move more data to the commercial space. In addition, there won’t be a single cloud environment; there will be multiple clouds and partnerships.

That makes sense, considering DOD’s data is increasingly being shared with commercial entities. More than 68 percent of the department’s medical business traffic is with civilian medical providers and about 65 percent of its logistics data is with commercial partners, Halvorsen said. Moving data to the cloud would help DOD more effectively distribute its data to ensure recipients receive it in a timely manner, he added.

When asked what steps DOD is taking to ensure healthcare data exchanges with industry can occur in the cloud, Halvorsen explained that current cloud security initiatives will support that type of sharing. Federal law already governs the protection of healthcare data, but DOD is looking at how that data can be jointly managed and operated with industry in the cloud, he said. The Defense Health Agency is being included in those discussions, as well as the agency’s CIO, who is now part of the DOD CIO Council.

Liability in the Cloud

Data liability is a big issue DOD must work through. For Halvorsen, it’s not a matter of if — but when — data is lost in the cloud. When a cloud service provider loses DOD data in the cloud, Halvorsen said, it will make the news and get Congress involved.

So how will the department and industry jointly handle the loss of data and be transparent about the incident? In conversations with industry, “we do well until we talk about, ‘Well, that means you’re going to have to say our company was a part of the loss.’ Yup. It does, and we need to work through that,” he said.

What the Future Holds for milCloud

DISA’s milCloud offering is being structured to host military data that “for all kinds of risk reasons we want to keep inside the government,” Halvorsen said, including financial, technical and political risks. But that doesn’t mean DISA won’t partner with industry on milCloud, he added.

In fact, “there is a lot of commercial in milCloud,” said Maj. Gen. Alan Lynn, DISA’s vice director. “There is a lot of commercial in our DECCs [Defense Enterprise Computing Centers] as well — our computing centers. Probably 60 percent is commercial.”

The discussion is focused around how much computing DOD wants to move to the commercial cloud and how industry can drive down costs, Lynn said. DISA is feeling pressure to reduce its costs. Halvorsen praised the agency for achieving a 10 percent rate reduction this year but said those reductions weren’t enough.

“Don’t think milCloud is trying to catch a pass,” when it comes to cost reductions, he said. “It didn’t get a pass, doesn’t get a pass.”

To learn more about how cloud computing solutions can help your organization get ahead, visit cdw.com/cloud.

RayaHristova/thinkstock
Jan 30 2015