The Department of Defense released its cloud computing strategy on Wednesday that includes a four-step process that will enable a phased implementation of the DOD Enterprise Cloud Environment.
“We are moving to an enterprise cloud environment that provides tangible benefits across the department by supporting the delivery of the joint information environment, from the continental United States to the warfighter at the tactical edge,” said DOD Chief Information Officer Teri Takai.
“This strategy lays the groundwork, as part of the Joint Information Environment framework, for achieving cloud adoption within the department. It focuses on the creation of department core data centers, enterprise cloud infrastructure and sustainment of cloud services,” said Takai
The four-step process will look as such, according to the document:
Step 1: Foster Adoption of Cloud Computing
- Establish a joint governance structure to drive the transition to the DoD Enterprise Cloud Environment
- Adopt an Enterprise First approach that will accomplish a cultural shift to facilitate the adoption and evolution of cloud computing
- Reform DoD IT financial, acquisition, and contracting policy and practices that will improve agility and reduce costs
- Implement a cloud computing outreach and awareness campaign to gather input from the major stakeholders, expand the base of consumers and providers, and increase visibility of available cloud services throughout the Federal Government
Step 2: Optimize Data center Consolidation
- Consolidate and virtualize legacy applications and data
Step 3: Establish the DoD Enterprise Cloud Infrastructure
- Incorporate core cloud infrastructure into data center consolidation
- Optimize the delivery of multi‐provider cloud services through a Cloud Service Broker
- Drive continuous service innovation using Agile, a product‐focused, iterative development model
- Drive secure information sharing by exploiting cloud innovation
Step 4: Deliver Cloud Services
- Continue to deliver DoD Enterprise cloud services
- Leverage externally provided cloud services, i.e., commercial services, to expand cloud offerings beyond those offered within the Department.
With the department having specific cloud computing challenges, especially related to security, the department will leverage the Federal Risk and Authorization Management Program (FedRAMP), according to the document.
FedRAMP will establish a standard approach to assess and authorize cloud computing services and define requirements for the continuous auditing and monitoring of cloud computing providers. In addition, Takai is currently updating DOD’s Information Assurance (IA) policies and instructions, aligning IA controls and processes with those used across the federal government.
Takai also will accelerate and synchronize efforts to create enterprise‐wide capabilities and services while eliminating unnecessary duplication, including consolidation of data centers and network infrastructure.
By designating a few data centers as core components, DOD can build in cloud infrastructure that begins the process of creating a DOD Enterprise Cloud Environment. This process will include network re‐design and consolidation, policy and process changes and the adoption of enterprise standards that enable interoperability across networks and between data centers, the document said.
The DOD Enterprise Cloud Environment will include separate implementations and data exchanges on Non‐secure Internet Protocol Router Network (NIPRNet), Secure Internet Protocol Router Network (SIPRNet), and Top Secret Sensitive Compartmentalized Information (TS SCI) security domains.
“The Defense Department is committed to accelerating the adoption of cloud computing and providing a secure, resilient enterprise cloud environment,” said Takai. “This strategy will align with all department-wide information technology efficiency initiatives, federal data center consolidation and cloud computing efforts. The result of the strategy will be improved mission effectiveness, increased IT efficiencies, and enhanced cyber security.”
In addition to enterprise cloud services provided department‐wide, components will be encouraged to use or provide cloud services offered by other components, other entities in the federal government, mission partners and commercial vendors that meet their specific mission requirements.
A major part of the strategy includes designating the Defense Information Systems Agency as the DOD Enterprise Cloud Services Broker, requirement department components to obtain cloud functions through the agency.
In a memorandum to Pentagon leadership dated June 26, Takai established that DISA will perform cloud broker functions to achieve IT efficiencies and improved reliability through cloud service offerings, which signaled initial operating capability for the agency.