DOD’s new cloud approach comes into focus
While the federal government has been surprisingly quick to embrace cloud integration wholeheartedly, some agencies have been less adventurous than others in this area. One of the most conservative in terms of cloud adoption has been the Department of Defense. Due largely to cybersecurity concerns, the DOD was slow to embrace the cloud to any capacity, and its integration continued at a sluggish pace for some time. Now, however, the DOD seems to be eager to move forward with cloud adoption.
Recently, the DOD revealed that it will soon reconfigure its approach to cloud technology. As NextGov reported, this new strategy aims to improve the efficiency and accessibility of cloud resources throughout the agency.
Terry Halvorsen, acting chief information officer for the DOD, first revealed that the department would modify its cloud integration policies in a speech delivered at last month's Fed Talks 2014 event. Halvorsen explained that the DOD wants to allow its various military organizations to have more control over the specific cloud services they pursue and adopt.
Up to this point, the Defense Information Systems Agency has played the lead role in this capacity, dictating which cloud services on the market were suitably secure for DOD use and contracting the services themselves for DOD organizations. This was an ideal approach initially, when the cloud market was more nascent and had been less vetted. Now, though, the DISA's oversized role is proving to be a limitation for DOD organizations eager to make their own cloud decisions.
To ensure that DOD organizations are able to make the best possible cloud integration decisions once they are on their own, the agency is establishing new categorization levels and other classification tools, as documents obtained by NextGov revealed. For example, workloads will soon receive a rating between 1 and 6 to measure their "cloud security impact levels," which will determine the amount of security these assets will require when moved into cloud environments.
These levels themselves are also set to change, the source reported. This will acknowledge the fact that much of the information stored by DOD organizations is not particularly sensitive and therefore should be stored in more cost-efficient public cloud solutions. Data designated cloud security impact level 3 or higher will need to be housed in cloud environments that are specifically designated government-only to maximize protection.
Navigating the cloud
Once this new cloud integration strategy is fully in place, the DOD and its various organizations should have the ability to greatly expand their use of cloud solutions. IT leaders will have the ability to exert greater control over the agency's cloud architecture and how these services fit into a broader strategy.
However, this process is more complicated than it sounds. To fully maximize the advantages that cloud services have to offer, DOD departments will need to be extremely precise in their planning and deployment of the technology. This is especially true when it comes to cybersecurity. While granting DOD organizations greater leeway in terms of selecting and adopting cloud services should improve efficiency, it does increase the risk of a data breach or other cloud-related security incident. Considering the nature of the information that these groups possess, this needs to be seen as a major concern.
This does not mean that the DOD's new approach to cloud integration is faulty in any way. Instead, it means that the agency and its attendant groups should consider working with third-party cloud integration specialists that have robust experience with choosing, establishing and rolling out cloud solutions. Organizations should be especially intent on finding third-party firms with cybersecurity backgrounds to ensure adherence to cloud security standards.