DOD wants to place virtual sensors in AWS’s commercial cloud for a secure connection

DISA will place sensors in AWS's cloud to monitor "workloads hosted therein." It's not a purchase of services, but it's sign the Pentagon expects to do more business with AWS.
AWS, Amazon Web Services, RSA 2019
(Scoop News Group photo)

Editor’s Note: This story has been updated to clarify that the sensors in use are virtual.

Regardless of how the ongoing $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud procurement plays out in the next month or so, the Defense Information Systems Agency is prepping for more adoption of Amazon Web Services’ commercial cloud.

DISA issued a sources sought solicitation Tuesday saying that it plans to integrate its Secure Cloud Computing Architecture (SCCA) into AWS’s Secret Region, which is approved to host Department of Defense data and services up to impact level 6 for Secret-level classified information.

To do so, DISA will place software-based, firewall-like virtual sensors in AWS’s cloud “to monitor DoD workloads hosted therein. These sensors inspect traffic to and from those DoD workloads and route inspected traffic to the [Defense Information System Network].”


The SCCA is essentially DISA’s model for securing the Department of Defense’s workloads hosted in the commercial cloud. The agency describes it as “a set of services that provides the same level of security the agency’s mission partners typically receive when hosted in one of the DISA’s physical data centers.”

To be clear, this solicitation doesn’t mean the Pentagon is buying more commercial cloud services from AWS — though it certainly could play out that way if JEDI is awarded to AWS. However, it signals that DOD is looking to secure its connection to AWS’s cloud because it’s possible, if not likely, the two will do more work together.

“DISA does not determine where DoD mission owners chose to host their cloud-based DoD workloads but is charged with protecting those workloads in the CSPs they select,” the solicitation says. AWS “currently hosts existing DoD workloads, and has strong demand for additional DoD workloads.”

It’s likely DISA will soon look to other cloud providers next to integrate with the CSSA, as each commercial cloud provider military services do business with will need its own sensors. In this case, AWS, because of its more advanced security authorization, appears to be one of the first. “Those CSPs with existing and forecast workloads are the first to be integrated with the SCCA and have boundary defense established for those DoD workloads,” the solicitation says.

DISA wants to hear from AWS resellers by July 23. The eventual contract will be for a year with two optional renewal years.


This comes as the Pentagon’s JEDI procurement looms. AWS and Microsoft are currently faced off as the only contenders for the landmark commercial cloud contract. DOD CIO Dana Deasy said recently the Pentagon plans to make an award in August.

Meanwhile, Oracle has filed a lawsuit against the single-award nature and technical requirements of the contract; it also alleged that conflicts of interest between DOD and AWS steered the contract toward Amazon as the frontrunner to win. The Court of Federal Claims is hearing oral arguments on that protest this week. If the court were to rule in Oracle’s favor, it would certainly throw a wrench into the JEDI award timeline.

Latest Podcasts