While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Defense Department is going all-in on the cloud, according to DOD and service branch IT leaders, but how — and how quickly — the services and commands move applications to the cloud will depend on a variety of factors. The migrations will depend on their missions, how apps relate to each other, and the security requirements for the data, they say.
Speaking Wednesday morning at an AFCEA DC event in Arlington, Va., DOD officials argued that they are working to shift their agencies to a new cloud-based world, but acknowledged that it is a major cultural change for many IT workers.
The event, moderated by Matt Goodrich, director of the Federal Risk and Authorization Management Program (FedRAMP), offered a deep dive into how the Army, Navy, Air Force and Defense Information Systems Agency (DISA) are approaching cloud migrations.
“I think DOD is actually in a pretty good spot,” Stanley Kaczmarczyk, director of the cloud computing service program management office at the General Services Administration, said at the event. “They have been one of the more innovative agencies as far as adopting cloud technologies.”
Kaczmarczyk added that “the private sector has really set the stage for the federal government to move to the cloud in the 2017-2018 timeframe. I think it’s taken not just DOD, but other agencies awhile to get in that position because of the budget process. It takes time to plan a migration, to look at your legacy systems and determine what needs to be kept, what could be moved to the cloud.”
John Hale, chief of enterprise applications at DISA, said that “from a DISA perspective, from a DOD perspective, we are completely in bed with GSA as far as cloud computing goes.”
Hale noted that DOD’s new “MilCloud 2.0” contract has as core requirements that cloud service providers need to be certified to operate by FedRAMP before they can even bid on the contract. DOD is also working with GSA and other agencies to develop Cloud ConFIG, a new bulk buying vehicle for purchasing commodity cloud and off-premises cloud services in the future.
“We’re working very closely with our mission partners to make sure we put all of the things in place necessary to move their very important, very mission-critical workloads into the cloud environment,” Hale said.
However, he also noted that while “nobody likes to admit it, cloud is the not the savior for everything.” Hale said the DOD and service branches still need traditional data centers and that certain apps cannot be moved to the cloud because of how they are built, not to mention the lack of money in budgets to modernize them.
Moving apps to the cloud can generate savings for service branches and combatant commands, Hale said, freeing those DOD components to redirect their resources.
“Their IT folks need to be focused on their mission and not on core IT,” Hale said. “If we can take core IT and move it to a commodity-based capability, then that frees up resources to focus on the mission those organizations need to focus on. “
Speakers at the event debated when and how to make deployments off-premises in commercial cloud environments, and when to keep apps running in private, on-premises environments.
Hale noted that the DOD will keep things on-premises “when we don’t feel comfortable with data not sitting on DOD property.” However, he argued that he sees “the biggest bang for the buck” for the DOD in moving to off-premises commercial cloud solutions, especially for Software as a Service offerings.
Frank Konieczny, chief technology officer in the office of information dominance in the U.S. Air Force, agreed that SaaS is a “a big deal” and that the Air Force has embraced the model for several applications.
Konieczny said there are numerous factors that determine if agencies will move apps to off-premises commercial cloud solutions, including the nature of contracts and the data that apps generate. “What are the dependencies of those applications across all of the applications and databases in the department and the DOD?” he asked.
Another factor is cybersecurity. Traditionally, IT workers have looked at internal network traffic to monitor for vulnerabilities, but now, with the move to the cloud, they must also look at the data generated by cloud-based apps, which may number in the thousands. “That’s where the attack vector is,” he said. “That’s an overwhelming workload that no one yet has figured out how to take on.”
Konieczny added that some missions are solely based at Air Force bases and need to be handled on-premises. Whether anything can be moved to an off-premises commercial cloud solution depends on “how the data is being utilized back into the other parts of the Air Force, more than anything else,” he said.
Susan Shuryn, cloud computing lead in the executive office for enterprise information systems at the Navy, agreed with Konieczny on many points, and said that a key challenge is procuring funding for the use of the cloud as a utility-based, pay-as-you-use service, and that agencies are looking to vendor partners for help on that front.
Shuryn added that the most highly sensitive DOD data cannot be used in commercial cloud solutions. She added that interoperability between cloud is another factor. “If hybrid [cloud] comes into play, we may have some workload that we’re comfortable with in the commercial environment that has to integrate with something that stays on-prem,” she said.
Col. Rodney Swann, chief of enterprise architecture in the Army Architecture Integration Center, agreed that the mission requirements and interoperability are key factors in determining how cloud deployments proceed. He also said that SaaS cloud providers can help Army IT workers by taking on many IT tasks that are not within their core competencies.
“It feels like it’s a long road to get there right now,” Shuryn said of the path to cloud migrations. “It’s new to us. Once we’re there, it’s all of those services that are so much more readily available than they are today for us.”