While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The service branches of the Department of Defense are eagerly embracing cloud migrations across their enterprises, but see several institutional roadblocks within the DOD that need to be overcome so that they can take full advantage of the cloud, according to senior defense IT officials. Those hurdles include bureaucracy within the departments and closing legacy data centers.
At an AFCEA DC event on May 11 in Arlington, Va., top IT officials from the armed forces said that the branches also need to change their mindset about how the federal government procures cloud services.
Janice Haith, deputy CIO of the Navy, said the department actually has a “great relationship” with commercial cloud providers and is working to get Level 5 protections in the commercial cloud environment (as FCW notes, “Level 5 includes high-sensitivity data on national security systems and runs through cloud access points to the unclassified NIPRNet”). Yet Haith said that the Navy is awaiting approval from the General Services Administration, Federal Risk and Authorization Management Program, and the Defense Information Systems Agency. She said that working with commercial cloud service providers (CSPs) has not been a challenge but that DOD bureaucracy has “delayed” the Navy in working with CSPs.
On the topic of cloud service providers, Haith said: “We see this as a partnership opportunity that takes the business that we do and puts it in your hands, and you get it done faster, better and cheaper than what we’re doing today, and allow our personnel to go back to doing what we do, which is protecting the nation.”
Haith also said the Navy needs work on how to manage and protect data in the cloud in the event of an intrusion, and which entity would pay for that. “We don’t want to have another OPM breach with our data like we’ve had before,” she said. “But at the same time, we don’t need all of these data centers.”
The Navy planned to consolidate its data centers initially down to 25 but now envisions moving to 15 or fewer.
Haith said the Navy is rapidly moving its applications to mobile devices and is “using more tablets to do things on ships that we never did before, so it’s helping our sailors. We’re moving to that range, we just can’t get there fast enough.”
Brigadier Gen. Dennis Crall, CIO of the Marine Corps, echoed Haith and said the Marines need to consolidate the number of its data centers. “And when I use the term ‘consolidate,’ I mean ‘close’ a data center,” he said. “It means close a circuit plan associated with that data center, rather than closing a data center where you visited and you could not tell the difference prior to closure.”
Crall also noted that data security is imperative to the Marines’ cloud offerings; the branch needs cloud deployments to be on-premises and needs to have the ability to change how its applications are run. He stressed the idea of “maneuverability” in cloud deployments. The Marines need to be able to function and carry out missions even when forces might be disconnected from the branch’s network, Crall said.
“So here’s where I look to industry to help us with the problem that we have,” he said. “Even if it’s late, even if it is clunky, I have to drag some level of kit forward with me, in the event that we get off, so that we’re still able to prosecute the mission based on the last-known information set that we have. That’s what we’re building now.”
Meanwhile, Gary Wang, deputy CIO of the Army, said that the government needs to rethink how it purchases cloud services. Currently, agencies are motivated to spend their funds by the end of the fiscal year because otherwise the funds will be taken away, he noted. This pushes agencies to buy far more cloud services than they need, then pushes CSPs to offer a multitude of cloud tools that agencies desire, even though agencies may wind up using only 10 percent of the cloud services they purchased. Then, the agency needs to renegotiate its contract. Agencies need to change culturally and be willing to give back unused money, Wang said.
Wang said he rose through the ranks as a program manager. “And when I gave money back, all of my PM brethren took me out to the parking lot and basically beat me up,” he said. “‘Gary, that’s not the way you’re supposed to do it. You’re supposed to spend all of your money by the end of the year. You’re not supposed to save money and return it back to the sponsor.’”
Wang said that mindset needs to change, and agencies need to focus on purchasing the right amount of cloud services — what they need for their information and applications. “How do you inject behavioral economics into government systems where you’re incentivized to return money back to the sponsor?” he asked.