By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, Jan. 30, 2015 – The Defense Department is moving
its data to the cloud, driven by cost reductions, technical efficiencies and
security considerations, Acting Chief Information Officer Terry Halvorsen told
military and industry leaders gathered here yesterday.
Halvorsen’s office hosted the first of what it characterized
as a series of DoD CIO Cloud Industry Days – meetings intended to promote a
continuous, open dialogue with industry that will shape DoD’s approach to the
business of information technology, or IT, and cyber.
According to the National Institute of Standards and
Technology, cloud computing is a model for enabling on-demand network access to
a shared pool of configurable computing resources -- networks, servers,
storage, applications and services.
For users, cloud resources can rapidly be provisioned and
released with minimal management effort or service provider interaction, NIST
says, providing efficiencies and cost effectiveness.
Modernizing and Streamlining Government IT
Cloud computing is part of a government-wide effort to
modernize and streamline government IT, and Halvorsen said that in the early
stages of transitioning to the cloud, and moving as much as possible into the
commercial cloud, it’s important to communicate with defense industry partners.
“Industry needs some consistency,” Halvorsen added, “so I've
got to … let industry know ahead of time [what we need],” and when a baseline
changes.
Such an interactive process with industry, he said, will be
critical to avoiding “putting industry in a place where they think they've got
it right, they spent their money, they've come in and said this is [our
solution], and we have to tell them … that we’ve found new security threats and
[their solution] is not going to work.”
The cloud is as new an environment as anything out there,
the CIO said, and for each element of the cloud the department has new
decisions to make new.
One of these has been to move as much nonsensitive data as
possible to the commercial cloud, Halvorsen told the audience, because costs
there are lower.
Leveraging Against a Larger Population
“We're leveraging against a larger group population in this
business. E-mail, particularly, is commoditized, and any time you can share
more pricing and more capability with a commoditized environment, you're going
to drive down the price,” he added.
The CIO said commercial companies will be able to meet DoD’s
security requirements for nonsensitive data.
“I see the national cyber bar coming up,” he added, “and
we're such a big market that they'll be willing to adapt their security to meet
us. I'm hoping this comes out to be 25 percent or 30 percent more efficient
when we're done.”
Two important programs involved in DoD’s transition to the
cloud are FedRAMP and the Federal Data Center Consolidation Initiative, or
FDCCI.
A Standardized Approach to Security
FedRAMP is a government-wide program that offers a
standardized approach to security assessment, authorization and continuous
monitoring for cloud products and services.
FDCCI aims to reduce the number of federal data centers by
optimizing them, consolidating them or closing them.
About FedRAMP, Halvorsen said that if industry wants to do
business with DoD they have to meet FedRAMP security requirements, plus extra
security requirements if DoD calls for them.
“I think there's an opportunity for national, commercial and
government [entities] to set some very common standards,” the CIO said. The
medical industry has done that, he added, and the same could be done in other
areas to “raise the national bar” together.
He added, “We actually could have some national standards
that apply to everyone.”
The milCloud Suite of Capabilities
Another element of the move to the cloud is milCloud, a
cloud-services product portfolio managed by the Defense Information Systems
Agency, or DISA.
milCloud offers an integrated suite of capabilities that can
make the development, deployment and maintenance of secure DoD applications
more agile, according to the DISA website. It leverages a combination of
mature, commercial off-the-shelf and government-developed technology to produce
DoD-tailored cloud services.
Halvorsen said DoD has to do a better job of internal
marketing so everyone understands the pricing differences between standard
storage of sensitive but not classified data and storage in the cloud.
“It's 20 percent to 25 percent less … in the milCloud now,
and this milCloud data is data that, by everything I see right now, is going to
stay inside the government,” he said. “It's not classified in many cases but it
is so sensitive that I'm probably not ever going to put that data into a public
[cloud].
Wrestling with Data Security
The CIO says he’s wrestling with how much of DoD’s data is
truly sensitive, using the example of budget data from 1949, which was
sensitive at the time but is not sensitive now. Yet it is still stored with
data that has relatively high security protection.
“I think [relatively sensitive data] is a much smaller
portion of our data than we think it is,” he added.
Where DoD is in its transition to the cloud is hard to
measure, Halvorsen said, adding, “but I can tell you this, I'm not where I want
to be.”
In the near future, the CIO envisions situations in which a
defense contractor might put data inside a data center located on federal
property.
Pushing the Model Forward
“The other group I see that would probably want to do that
is financial institutions. We are not there yet [but] that's what we're looking
to push the model forward on,” he added.
In this scenario, federal systems and commercial systems
would have to move beyond interoperability, Halvorsen said, and into
interconnectivity and become part of the same structure.
“I can make things interoperable a lot of times by kluging
them together. I want to get past the klugde so it’s a seamless, interconnected
structure. How am I doing that? With lots of help from all the services,” he
said.
“All the service CIOs get that we’ve got to go there. Top
leadership gets that we've got to go there,” Halvorsen added. “One of the
chairman’s top priorities is the whole [DoD Joint Information Environment],
which gets us there.”
Making it Work
Now, he said, it’s time to take the technical engineering
solutions and make them work, and do it in a cost-effective way.
In 10 years, the CIO said, DoD will have a much better
distributed data network.
“It’s all data distribution,” he said, “it really is.”
Halvorsen added, “I think what you'll have in 10 years is a
lot fewer physical facilities, much more virtual cloud data that from our
standpoint is accessible on whatever the new technology brings.”
The CIO doesn’t think the platforms will be laptops or smart
phones, but perhaps smaller devices connected to big-screen entertainment
systems accessible at home.
Wearing the Future
“You'll probably have a watch-type device that gives you
some level of data, and you'll be wearing the rest of it,” he speculated.
“Wearable IT is going to be an interesting phenomena for
DoD. Think about what you could do, how you could [suit up] a soldier, sailor,
airman or Marine with wearable IT -- monitor health, monitor location,” he
said.
“That’s the growth area to me,” he added, “but you've got to
get the data distribution right.”
No comments:
Post a Comment