Speaking at a panel of CIOs at the 2019 DoDIIS Worldwide Conference, left to right: Mark Andress, NGA; Mark Hakun, NSA; Juliane Gallina, CIA; Eric Downes, Coast Guard; John Sherman, IC; Col. Doug Hayes, Air Force; Jack Gumtow, DIA

Aug 22 2019

DoDIIS 2019: Intelligence CIOs Deliver Lessons Learned During Cloud Migration

Nothing was simple, but the long-term impact of moving to cloud will be valuable, said CIOs from CIA, NSA, Coast Guard and others.

As the intelligence community comes to conduct more of its business and mission operations in the cloud, agency CIOs have taken away one lesson: Getting there wasn’t as easy as expected.

Unexpected costs, data-sharing issues, distant missions and ingrained culture have all been hurdles to overcome, a group of IC CIOs said at the 2019 DoDIIS Worldwide Conference in Tampa, Fla., this week.

But there are no regrets. “We put our shoulders hard into areas like the cloud,” said John Sherman, CIO for the intelligence community. “Now we’re coming ashore on the data services piece. We’ve got the compute in place, the network issues we continue to work out. We’ve got to get this right.”

For more articles from DoDIIS 2019, check out our conference coverage here.

Cloud Migration Remains in Early Phase for Many Enterprises

In June, the Office of the Director of National Intelligence released a strategic plan on advancing cloud computing in the IC that calls for supporting artificial intelligence and machine learning, applications and data that are portable, and workflows that move across multiple layers of security.

The initial strategy, said Defense Intelligence Agency CIO Jack Gumtow, had been that everything must go to the cloud. But that was not always technically feasible, so DIA now looks at two other criteria: Does it provide a mission impact? What is the business cost analysis?

As far as mission impact, cloud is still limited by geography; there are regions that providers cannot reach because they’re too far from home base, he said. And sending everything to the cloud at once often creates a fixed bill, he added: “It’s not as simple as, ‘Let’s go in the cloud.’” 

CIA CIO Juliane Gallina noted that even in the private sector, cloud — despite the buzz — is still in the early phases. “Less than 20 percent of commercial industries have converted to cloud for some workloads,” she said, “and of those, only 35 percent of their enterprises are in the cloud.”

Government agencies, she said, are “really still in the early days, so we may still have some learning to do about how to be cost-effective in cloud.”

Cloud Costs, Higher than Expected, Are Coming Under Control

For example, the cost of refactoring applications, code and other forms of compute for the cloud was higher than expected at first, she said. And as it turned out, making a resource faster and more efficient can, counterintuitively, make it more expensive.

“If you make it really efficient to use a resource, people use it more,” Gallina said. “Cloud is costing us more, but hopefully there are mission benefits.”

Mark Andress, CIO for the National Geospatial-Intelligence Agency, said his agency has been monitoring cloud use to get a better handle on cost and usage. “Cloud is a utility,” he said. “But water and electricity are utilities, and if your daughter leaves the faucet on all day, you’re not going to get good cost out of that water bill. Same thing with cloud.”

The U.S. Coast Guard — the smallest agency in the IC and the most diverse, with responsibilities including law enforcement, military missions, and search and rescue — has data locked in legacy systems that still work, with a caveat.

“They’re not interoperable with our enterprise systems in the IC,” said Eric Downes, the Coast Guard’s deputy CIO for intelligence, adding that funding is at a premium. “Our challenge is to move all of our data and all of our capabilities into the cloud.”

MORE FROM FEDTECH: Download a white paper on how government can manage hybrid clouds.

In 2017, the Coast Guard enlisted the help of data services teams within the IC, and those teams help moved Coast Guard data into the IC’s commercial and government clouds. “These IC data services people have not met an unsolvable problem yet,” Downes said. “If you are a CIO or a CEO and you have not called them up, you need to call them.”

Another issue to think about with cloud is that it may not be the sole solution for storage, said Mark Hakun, deputy CIO for the National Security Agency. “We are not getting less data. Nobody’s turned off their cell phones, nobody’s going back to the way we were with pads and paper. We can’t store all the data in one spot.”

As a result, agencies have to become even more aware of the contents of their data, he added: “You have to know what you have, what your sources are, what data you’re actually using. You may be collecting things you’re not actually using, so do you need to store it as long?”

The final challenge when it comes to cloud “won’t be a technical problem,” Downes said. “It’s going to be policy, it’s going to be culture, it’s going to be resistance to change, it’s going to be all those kinds of unknowns — and we don’t know what all those things are yet, but we’re going to run into them.”


Elizabeth Neus

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.