Jan 22 2016

Air Force CTO Puts Focus on Cloud Governance and Cost

The service branch is trying to get a better handle on the numerous cloud services it deploys as it transitions to using commercial cloud providers.

The Air Force is focused on wrangling its cloud computing, but a poor understanding of the technology is hampering those efforts, according to Air Force Chief Technology Officer Frank Konieczny.

"We have to do comparisons across the board. It's apples and oranges half the time," Konieczny said during a Jan. 13 panel discussion at the ATARC Federal Cloud Computing Summit in Washington, D.C., according to FierceGovernmentIT.

Air Force Balances Governance With Cost

Just as the Army is looking to migrate cloud applications from federal data centers to commercial ones, so, too, is the Air Force. However, while commercial public cloud platforms can often be cheaper, the Defense Department’s required stringent security measures drives up costs, FierceGovernmentIT notes.

"So, as we progress down the path and we start that transition into the commercial cloud ... we're going to have to get better ideas of really the cost," Konieczny said, FierceGovernmentIT reported.

Meanwhile, as the Air Force thinks through cloud governance it must contend with numerous vendors that all serve the same function. FierceGovernmentIT reports: “For example, Air Force has a financial management application with three or four different cloud providers. The service is looking for new ways to govern the space through dashboards and contract tracking.”

"We can't easily do this, [we're talking] about a massive financial dashboard," Konieczny added. "We understand it's going to be nuts, and unless we start governance right away to control this right away, it's going to get out of hand right away."

Confusing Cloud Definitions

The entire DOD is facing difficulties with cloud computing and management of public cloud platforms. The DOD’s Inspector General last month criticized the Pentagon for not having a consistent definition of cloud computing or a complete list of cloud computing service contracts.

As result, it is impossible for the department to assess the effectiveness of its cloud computing contracts, the report says.

The inspector general’s report, which was issued in late December, concluded that the DOD doesn’t have complete accounting for cloud computing service contracts because its CIO, Terry Halvorsen, had not established “a standard, department-wide definition for cloud computing and did not develop an integrated repository that could provide detailed information to identify cloud computing service contracts.”

The DOD is supposed to use the National Institute of Standards and Technology’s definition of cloud computing. However, the report found that different components of the DOD interpreted that definition in varying ways.

Yet, as FierceGovermentIT reports, Defense Information Systems Agency officials noted earlier this month that the DOD hasn’t implemented the NIST definition across the board for a clear reason. DISA CTO Dave Mihelcic said at a Jan. 12 event that, “Elements of the NIST definition 'don't actually always make sense in the DoD context,' and the Pentagon saves money and is more secure by using customized definitions,” Politico reported.

United States Air Force/WikiMedia Commons

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.