With milCloud 2.0, DISA Aims For Best of Both Worlds

(Illustration: Shutterstock)

Contractor CSRA is set to launch the Defense Information Systems Agency’s (DISA) milCloud 2.0 on Feb. 1–three months ahead of schedule–combining a commercially run cloud offering within the confines of DISA’s data center. In its first phase, milCloud 2.0 will offer scalable Infrastructure as a Service (IaaS) to customers from two locations.

DISA, the Department of Defense’s (DoD) IT and communications arm, awarded CSRA a maximum $498 million contract in June 2017 for the next iteration of the agency’s milCloud cloud services portfolio, which debuted in 2014. The contract, for Phase 1, has a three-year base with five option years, under which milCloud will offer services on a pay-as-you-go basis designed to lower costs. And unlike the first version of milCloud, which was government-run, Version 2.0 will be run by the contractor, though CSRA will work from DoD data centers, and DoD will continue to own the data and applications provided.

“It’s been a very fast-paced program,” said Donald Robinson, chief technology officer of CSRA’s defense business. “We have a great partner in the government that, as we can all see from the top of government down, is aligned to accelerate cloud adoption, and we hope this is one of the flagship programs that helps the DoD achieve its strategic goals.”

The early launch of milCloud 2.0, initially at Maxwell Air Force Base in Alabama and Tinker Air Force Base in Oklahoma, comes amid a push for accelerated adoption of cloud services in DoD and throughout the Federal government. The DoD Cloud Executive Steering Group established by Deputy Defense Secretary Patrick Shanahan–and since reorganized–in late October issued a Request for Information for DoD Enterprise Cloud Acquisition, calling for IaaS and Platform as a Service (PaaS) offerings capable of handling all classification levels operating both inside the United States and outside, all the way to the tactical edge for warfighters.

MilCloud 2.0 is to offer secure, portable, and interoperable infrastructure services to DoD customers and partners by operating on both the military’s Secure Internet Protocol Router Network (SIPRNet) and Non-classified Internet Protocol Router Network (NIPRNet) while reducing the costs of ownership for DoD and employing green computing methods to lower energy use and DOD’s data center footprint, according to CSRA.

In its design, milCloud 2.0 seems to be going for a best of both worlds approach, using a commercial provider in line with the department’s overall cloud plan, while operating on-premises at DISA, with the built-in security of its network perimeter. The data center is protected by the Joint Regional Security Stacks (JRSS) that DISA operates to ensure security for military services and components connecting to DoD’s Joint Information Environment.

“By building the cloud inside JRSS, DISA drastically simplifies the business of connecting cloud services to DoD’s NIPRNet and SIPRNet networks and ensures a faster route to getting an Authorization to Operate (ATO),” Chris Burns, a vice president and technical director with General Dynamics Information Technology, said at an AFCEA symposium last year at which DISA and industry executives discussed milCloud.

A lot of cloud providers are capable of handling information at DOD’s lower, mostly unclassified levels, but getting approval to handle sensitive information has been a challenge. To date, only Amazon Web Services, which supplies the intelligence community’s cloud-based information sharing platform, has received authority to operate at the government’s highest classification levels. In November, the company launched its Secret Region, which would cover cloud operations up to DISA’s Impact Level 6 including secret information, and be open to all government customers.

Recent