Department of Defense Bolsters Security with Cloud Computing Offense

The best defense is a good offense, according to the Defense Department. No, seriously. At last week’s Cloud Computing Caucus Advisory Group Hillversation, some of the country’s most important IT leaders – tasked with oversight and protection of our nation’s military – spoke on how cloud adoption is affecting our nation’s defense.

alt

The best defense is a good offense, according to the Defense Department. No, seriously.  At last week’sCloud Computing Caucus Advisory Group Hillversation, some of the country’s most important IT leaders – tasked with oversight and protection of our nation’s military – spoke on how cloud adoption is affecting our nation’s defense.

Balancing Act
Our armed forces are currently teetering on a wire, balancing between cost-effectiveness and innovation.

Terry Halvorsen, acting CIO at the DoD, asserted that out of $3.6 trillion in worldwide IT spending, $100 billion is allocated to cloud computing. In comparison, the DoD alone will spend half a billion dollars this year on cloud.

Halvorsen stressed that while there is certainly room for improvement, the armed forces have committed to cloud computing investments. “I don’t know that DoD is behind,” said Halvorsen. “When we say that everybody is jumping on the bandwagon…not so much.”

Cloudy Vision
The armed forces’ cloud computing strategies must align with their mission-specific requirements. “The cloud is just data distribution technology,” said Halvorsen. “Every business needs to do their own budget and ROI for the cloud. They need to constantly ask, ‘Am I mission-effective?’ and ‘Am I saving money?’”

This constant introspection will pay dividends, and even save lives, if agencies remain on course.

“When we pursue the private cloud, it’s all about how we support the end user,” said Ken Bible, Chief Technology Advisor, U.S. Marine Corps. “Some of ours are on a ship, in harm’s way, or engaging in a high-scale operation. Cloud computing has enabled us to do things we couldn’t do with physical hardware. We’re always thinking where we can get a tactical advantage.”

Learning to Share
Because cloud enables more collaborative operations, agencies need to work together to successfully implement it. Thomas Michelli, deputy CIO of the U.S. Coast Guard, plans to maximize the cloud’s potential by heeding feedback from agencies that are experienced in the cloud.

“It’s all about the dialogue. We need to constantly review our requirements,” said Michelli. “We need to use stewardship for the taxpayer’s dollar.”

“At DISA, we’re listening, changing, and taking all of the feedback we can,” said Major General Alan Lynn, the agency’s vice director.

Discussing Privacy, Publically
Agencies consistently rank privacy and security as top considerations when storing, sharing and analyzing caches of data. Cloud computing requires a culture change for agencies to buy into its potential. But the lack of dialogue around the technology could stymie implementation.

“We need a better discussion on privacy,” said Halvorsen. “It’s not about ‘if’ the loss of data is going to happen, but when. Everyone in an organization should know their responsibilities so there are no surprises.”

The DoD CIO described FedRAMP as a “great starting point” but noted that it suffers from the same flaws as other requirements that fail to reflect the current state of IT. Without constant updates, all documents become obsolete.

“There should be a national dialogue by raising the bar of cyber national hygiene. We need more dynamic, live documents to expedite the process,” said Halvorsen.

“We scrub all 700 million emails we receive each month. About 600 million of them have something suspicious, like spam, malware, or an unknown attachment,” said Lynn.

While cloud computing promises a more secure environment, agencies should be proactive and discuss guidelines for the inevitable loss of data, no matter how significant.

Changing of the Guard
Emerging technology won’t wait for FedRAMP to modernize its requirements, nor will it pause for agencies to catch up with private sector innovations. The DoD will mostly follow FedRAMP Plus, FedRAMP’s new certification process requiring additional security controls. While Halverson has spoken of going “out of the box” to satisfy security requirements while completing mission objectives, the goal of FedRAMP Plus is to promote a common language that agencies can use for unified protection and certification.

In addition to creating ‘living’ documents that reflect current IT security measures, our nation’s defense needs to concentrate on recruiting a young, inventive workforce.

“We’re all going to be struggling with an ill-equipped workforce with how fast technology is moving,” urged Halvorsen.

Many agencies hire third-party professionals to implement cloud solutions, but are wary to let third-party vendors handle their sensitive data. “Everyone needs to understand emerging technology,” said Bible. “There is the expectation that someone internally can just open the hood, take a look inside, and fix it.” But agencies often lack the technical expertise to manage these new systems. Agencies need to instill more IT education in order to reap the potential of the cloud.

Too frequently, stringent measures established in the name of security hinder agencies from advancing their missions. But if the best defense is a good offense, then cloud computing is worth the growing pains.
Save the date for the next Cloud Computing Caucus Avisory Group Hillversation, May 12 in D.C. Contact Meredith Kelly to register.
Want to weigh in? Post a comment below or email me at adoggett@300brand.com.

No Comments

    Leave a Reply


    Popular

    Recent