The Defense Department will expand its use of cloud computing through a four-step plan, which includes incentivizing DoD components to use shared cloud services and training acquisition professionals to procure cloud technologies.
DoD’s Cloud Computing Strategy released Wednesday outlines a phased approach for adopting both commercial and government-provided cloud solutions. According to the strategy, DoD will:
– Foster adoption of departmentwide cloud services through an outreach campaign to increase the number of cloud consumers and providers.
– Optimize data center consolidation by eliminating duplicative software and providing information technology services, hosted in the data centers, in a standard way.
– Incorporate cloud hardware and software into select DoD data centers.
– Deliver cloud services via DoD components, vendors or other agencies.
DoD cloud services will include messaging and collaboration capabilities, such as instant message, chat, email, and web conferencing and integrated voice, video and data services over the Internet.
The Defense Information Systems Agency will manage and negotiate cloud services on DoD’s behalf, but DoD chief information officer Teri Takai will be the final authority and provide oversight for the use of enterprise cloud services, according to the strategy. The cloud strategy is a key part of DoD efforts to provide seamless access to its data anytime, anywhere on any device.
“Cloud computing will enable the Department to consolidate and share commodity IT functions resulting in a more efficient use of resources,” the strategy said. However, funding, data migration from legacy systems to the cloud and security are among the challenges facing DoD.
One concern is that moving DoD data into a vendor’s cloud environment that operates outside of DoD’s operational control can increase security risks.
Vendors will have to provide visibility of real-time use and consumption of data in their cloud environment that meets DoD standards. Cloud providers hosting DoD data off site will also have to integrate their continuous monitoring and response capabilities with U.S. Cyber Command’s systems for protecting DoD information.
DoD will not use commercial cloud services to provide mission critical data or services that if lost, compromised or interrupted could have severe or catastrophic effects on DoD operations.