The Department of Defense needs to accomplish its critical global missions despite a decreasing budget and rising cybersecurity threat. To that end, the Chief Information Officer of the DoD, Teri Takai, released its Cloud Computing Strategy, which outlines its goals to accelerate the adoption of cloud computing throughout the department. In the strategy, the Office of the CIO explains why it wants to move to the cloud, its goals, the challengesthat stand in its way and methods to mitigate them, and the coming steps the Defense Department plans to take to get there.
The strategy uses the National Institute of Standards and Technology’s definition of cloud computing for their strategy. NIST defines cloud computing as: “A model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” DoD likes this definition because it includes Software as a Service, Platform as a Service, and Infrastructure as a Service.
According to the CIO, the DoD currently has a “duplicative, cumbersome, and costly set of application silos” that can benefit from more cloud computing. The shift is not the sole initiative of Takai as it is in line with several federal mandates urging a move to the cloud. These include the 2012 National Defense Authorization Act (NDAA), Office of Management and Budget (OMB)‐directed Federal Data center Consolidation Initiative, Federal CIO 25 Point Implementation Plan to Reform Federal Information Technology Management, DoD IT Enterprise Strategy and Roadmap, and Federal Risk and Authorization Management Program (FedRAMP).
The goals presented in the Cloud Computing Strategy is to “consolidate and share commodity IT functions resulting in a more efficient use of resources.” The DoD hopes to provide device and location independent on-demand secure global access to mission data and enterprise services. They also hope to enable rapid application development and reuse of applications by other organizations. This means both sharing and adopting the most secure commercially available cloud services.
To do so, the strategy hopes to establish a Department of Defense Enterprise Cloud Environment. The DoD Enterprise Cloud Environment will provide access to both new and legacy applications and data exchanges on NIPRNet, SIPRNet, and Top Secret Sensitive Compartmentalized Information security domains, as well as information sharing with Joint Worldwide Intelligence Communications System (JWICS), and other partner networks. The DoD CIO will lead efforts to connect NIPRNet and SIPRNet to the cloud while the Director of National Intelligence CIO will lead for TS SCI networks and above. The Enterprise Cloud Environment will also enable the Joint Information Environment, “a robust and resilient enterprise that delivers faster, better informed collaboration and decisions enabled by secure, seamless access to information regardless of computing device or location.”
Transitioning to a cloud environment, however, poses unique challenges to the Department of Defense. which needs to ensure an outstanding level of cyberseucrity, continuity of operations, and information assurance on its networks. As of now, DoD systems have been designed to operate in a protected environment with dedicated infrastructure. The DoD will also have to overcome acquisition and funding changes, data migration and management, and service to clients in austere and tactical environments. The DoD hopes to overcome these challenges in part through FedRAMP, which standardizes continuous auditing and monitoring requirements for federal clouds as well as the cloud service authorization process. The DoD CIO is also updating Information Assurance (IA) policies and instructions.
The Cloud Computing Strategy also lays out four steps for implementing the Department of Defense Cloud Environment. The first will be to “Foster Adoption of Cloud Computing” by establishing a joint governance structure to drive the transition and an Enterprise First approach while reforming DoD IT finance, acquisition, and contracting and increasing cloud outreach and awareness. The next step is to “Optimize Data Center Consolidation” by consolidating and virtualizing legacy applications and data. The third step is to “Establish the DoD Enterprise Cloud Infrastructure” so that it’s agile, consolidated, and secure. The last step will be to “Deliver Cloud Services” using existing DoD cloud services and external providers. The CIO will provide oversight for component implementation of these steps.