RELATED: The government is preparing to roll out a new federal cloud marketplace.
The Next Iteration of Cloud Computing
DISA has used PaaS offerings such as Azure Database and Amazon Relational Database Service for years, but adoption is not yet mainstream, Lago says.
“I think of PaaS services as Cloud 2.0,” he says. “Currently, most U.S. Department of Defense customers are doing Cloud 1.0, using Infrastructure as a Service virtual machines, where the model looks a lot like what we do in data centers today.
“We harden an operating system, install host security, integrate middleware, connect to vulnerability scanning, etc. In Cloud 2.0, we transition much of that work to the cloud service providers themselves.”
A customer can get from Cloud 1.0 to 2.0 in a few ways, he says: The apps can be rehosted in a PaaS service; the apps may have to be refactored to operate within a container, and then the agency can use a managed container; or the apps can be rebuilt to use more serverless technologies.
Lago says the cloud service providers are responsible for patching, middleware integration and the majority of hardening. In general, it takes about 15 weeks to complete this process, and to connect host security and vulnerability scanning solutions.
“It’s not a one-time cost,” he says. “The images constantly need to be patched, and the security technical implementation guides are updated on a quarterly basis. The benefit, however, is that customers can then deploy capabilities to production faster, and with smaller teams.”
MORE FROM FEDTECH: How edge computing brings cloud closer to the data for agencies.
Lago says PaaS supports a variety of DOD missions, including top-secret workloads.
“At the Hosting and Compute Center, we maintain baselines via the DoD Cloud Infrastructure as Code, which provides preapproved templates to help customers take advantage of these PaaS services and can take seven months off the typical cloud journey,” he says.
Lago, an IT practitioner in the DOD and federal space for more than 20 years, thinks the biggest selling point for PaaS is tapping into the innovation from the cloud service providers, which are constantly adding new services.
PaaS managed services exist to support containers, database hosting, serverless computing, artificial intelligence and machine learning, Internet of Things, quantum computing, data lakes and content hosting. “If you can think of it,” Lago says, “there probably is a managed service available or coming soon.”
He constantly checks to see which providers have received a DISA provisional authorization. “It’s a little bit like a wish list,” he says.