Over the past several years the Department of Defense (DoD) has aggressively pursued cloud migration to modernize its digital infrastructure, but without careful planning, that cloud sprint can end up creating visibility gaps and fragmented systems — hindering real-time response and stalling the move toward more proactive, unified operations, a Pentagon tech official said on July 24.
“Every agency is like, I have to go to cloud,” Steve Mathews, technical adviser for the Cybersecurity Division at DISA J-9 Hosting and Compute, said at the GovForward: The ATO and Cloud Security Summit in Washington on Thursday.
“The detriment of that is that not everybody is going to cloud in the right way,” he added.
Mathews’ comments reflect growing concern across DoD that cloud adoption is happening in a fragmented, siloed manner, with agencies operating independently and often without full awareness of their digital assets.
“There are certain pieces that aren’t necessarily factored in [… for example] if you don’t have a solution to thoroughly collect [data] and ensure awareness, then you can’t have a trigger risk posture built for the DoD. And I have concerns about that, especially if people are already struggling with [cybersecurity],” Mathews said.
According to Mathews, DISA is working to build a more cohesive cloud ecosystem by establishing clear standards for cloud security and adoption, aiming to reduce inconsistencies, improve visibility, and strengthen security across the DoD.
Mathews noted that while organizations looking to modernize and move to the cloud should have the resources to re-format their code, DISA aims to support them by offering capabilities to help take that first step. “If an organization doesn’t have the resources to re-format their code … we try to make sure that we offer those capabilities,” he said.
Additionally, Mathews cautioned against rushing all systems into the cloud, stating, “I don’t think that everybody needs to modernize at the same time … it can be self-paced, because not every program necessarily needs to be in the cloud.”