DOD set to deploy new cloud policies
Cloud integration is clearly a key area of focus for the federal government as a whole. Virtually every agency has now made at least a tentative step in this direction, and many are embracing strategies to more fully integrate cloud services throughout their departments.
One of the leaders in this capacity has been the Department of Defense. For example, the DOD recently identified a number of pilot programs for moving its data onto non-military cloud servers for the first time in order to maximize efficiency and cost savings.
Now, the DOD is once again pushing the envelope of cloud integration by preparing to deploy new policies geared toward improving the agency's culture, InformationWeek reported.
Speaking at a recent event, Terry Halvorson, CIO for the DOD, explained that the new policies will allow military organizations to have a greater say in which cloud services they pursue, the news source reported. To a certain degree, this represents a continuation of the pilot program described above, as military services will now have more flexibility when considering commercial cloud vendors. Additionally, these agencies will have the opportunity to advance their mobile capabilities.
A big part of this new policy will be the creation of Joint Regional Security Stacks, part of the broader Joint Information Environment, according to InformationWeek. This will represent an opportunity for different military agencies and departments to freely share sensitive data in real-time from behind a collective firewall. This increases both efficiency and security across the board.
Previously, the Defense Information Systems Agency was responsible for choosing all cloud services in place throughout the DOD. Now, Halvorson explained, DISA will focus more on vetting commercial cloud options, ensuring these offerings meet DOD security requirements, the source reported.
As important as these new cloud-related discretionary policies will be, the most significant change the DOD hopes to achieve is cultural. As Halvorson illustrated, the success or failure of a given cloud strategy will largely depend on employee use and engagement, according to the source. Personnel need to have the right attitude in regard to the cloud.
"[W]e've got to change people's thoughts," Halvorson said, the news source noted.
This is an important point for several reasons. First and foremost is the issue of cybersecurity. As a recent Associated Press report revealed, a huge percentage of all security incidents among government agencies are largely attributable to government workers. By clicking on untrustworthy links or downloading questionable files, employees have frequently put government data and networks at risk.
In a cloud environment, these issues become even more fraught, as the cloud makes information and resources more widely available to authorized users than on-premise solutions. This can be a huge benefit, as it allows employees to be more flexible and productive. However, the interconnectedness of cloud environments also means that any employee missteps can have farther-reaching consequences.
To maximize the cloud's value while maintaining cybersecurity, the DOD and other agencies must make sure that employees fully understand best practices and the dangers that risky behavior can carry.