Future conflicts will demand instant, data-driven decision-making across domains, services, and coalition partners. To meet that imperative, the Department of Defense (DOD) is tasked to transform sprawling, legacy IT into secure, scalable cloud architectures that deliver real-time command and control while withstanding relentless cyber threats.
MeriTalk recently sat down with Ray Hall, managing director of technology services at Maximus, to discuss key architectural and operational considerations as the DOD works to accelerate secure edge to cloud innovation, enable real-time joint force operations, and ensure cloud environments remain adaptive in the face of rapidly evolving threats. Hall brings decades of experience with military IT programs as an U.S. Air Force service member, a DOD civilian, and a contractor supporting Air Force and other defense IT initiatives.
MeriTalk: What are the most pressing architectural or operational challenges the DOD faces in building scalable, resilient cloud environments across domains?
Hall: The heart of the problem is legacy systems. Many mission-critical systems still run on decades-old hardware, or they have been lifted and shifted into the cloud as giant monoliths. Because those applications were never refactored to be cloud agnostic, they can’t scale horizontally, and blue-green deployments or Kubernetes-style orchestration become impossible. Before migrating applications, agencies need to re-architect them into microservices, establish common data schemas, and fund a roadmap that prioritizes the warfighter over maintaining siloed contracts and infrastructure.
MeriTalk: How can the DOD accelerate cloud innovation while maintaining compliance with IL5/IL6, FedRAMP, and other mission-critical security standards?
Hall: Speed and compliance are not mutually exclusive if we embrace continuous authority to operate (ATO). Instead of certifying every application independently, which duplicates ATO packages and certificates across environments, we should adopt a shared, modular approach. When applications are decomposed into containerized microservices, the same secure pipeline can promote code across multiple classification levels with minimal rework.
MeriTalk: What role do cloud-native technologies, including containers, microservices, and serverless computing, play in enabling real-time command and control for defense missions?
Hall: Cloud-native technologies are the only way to scale to meet joint force requirements. A dozen users won’t tax a single-tenant application, but when that same workload supports an entire service, elastic compute and memory are mandatory. Containers make it possible to spin resources up or down on demand; microservices isolate faults and speed updates; and serverless functions remove idle infrastructure costs. Together, they allow for rapid deployment and scaling of mission applications across all domains without sacrificing performance or security.
MeriTalk: In your experience, what strategies best enable secure, real-time data sharing across services and coalition partners, and where can industry partners like Maximus add the most value?
Hall: Historically, defense agencies and their mission partners relied on separate mission partner environments, each with its own stack and security model. That redundancy slows collaboration. Moving to a DOD-wide zero trust architecture will let us authenticate once and share data confidently across networks. Industry’s role is to bring expertise from commercial and other federal organizations, showing how large organizations have implemented zero trust, cloud migration, and cybersecurity at scale, and tailoring those lessons to defense-specific requirements.
MeriTalk: How should the DOD approach cloud modernization in legacy-heavy environments where mission continuity is critical and they must consider warfighter realities?
Hall: First, resist the urge to forklift everything. Some legacy systems will stay on premises for years, and that’s acceptable. For the rest, we need structured, repeatable transition plans that rearchitect code before migration, document every dependency, and stage cutovers to avoid operational gaps.
We need to focus on mission-critical applications and really work with the warfighters from the beginning. We need to know how they’re using an application, not just what it does. When a warfighter doesn’t have the appropriate tool for a specific situation, they learn new ways to use the tools that they have. Bringing end users in as stakeholders when we’re doing migration planning and re-architecting is crucial to understanding how they’re using the tool, not just how it was designed.
MeriTalk: How can automation and AI/machine learning (ML) within cloud platforms enhance cyber situational awareness and decision-making for defense operations?
Hall: Any task performed the same way multiple times should be automated. The result is fewer errors and more time for humans to focus on higher-order problems. ML shines in anomaly detection, spotting deviations a tired analyst would miss and triggering real-time, automated remediation. Ultimately, we need self-healing systems that restart services or reroute traffic before an operator even knows there’s an issue.
MeriTalk: Looking ahead, which emerging cloud capabilities or trends will be most transformative for mission readiness and cyber resilience?
Hall: First and foremost is zero trust expansion, focusing on securing data rather than networks. Next is harnessing AI and Internet of Things telemetry to turn raw sensor data into actionable insight at mission speed. I also expect greater adoption of mesh and cloud-mesh architectures so data and applications can flow seamlessly across services, partners, and contested geographies. Finally, I’d like to see requirements and industry days shift from prescribing solutions to posing problems and inviting industry to innovate rather than comply. That mindset will unlock capabilities the DOD hasn’t yet imagined.