Despite all the talk of cloud computing in the federal sector and, more important, action on cloud computing, security questions have threatened to overwhelm the government’s “cloud-first” policy with question marks.
While cloud has promised to “free” data, making it easier to use, share and collaborate, how feasible is cloud computing for federal agencies with particularly sensitive data, most especially the Defense Department — already an apparent victim of unauthorized access and disclosure of information in the WikiLeaks debacle?
DoD’s cloud conundrum may have a savior, though.
The Pentagon’s IT arm, the Defense Information Systems Agency, has been working on plans to host and manage a private cloud, with the essential help of private contractors, that would keep DoD’s information in an in-house cloud environment behind the government firewall, according to a Defense Systems report.
In other words, while private companies, such as the bevy of IT firms that are recognized as top cloud creators and who do business with the government, will develop the solutions, DISA will host and manage them.
The arrangement could prove that cloud-first in a security-first agency can coexist peacefully.
“In order to secure not only our classified data but also our official-business sensitive but not classified data, we are implementing a private cloud to support these requirements,” DISA Chief Information Officer Dave Mihelcic told Defense Systems.
DISA’s cloud is “under positive DoD control,” he said, being hosted in the agency’s secure Defense Enterprise Computing Center and managed by DISA personnel. Because of these strengthened security controls, many observers think DISA’s cloud template could be put in place across DoD’s networks.
In fact, Mihelcic has said as much, himself. In an interview last month, Mihelcic said DISA was “uniquely positioned” to be DoD’s cloud provider of first resort both for unclassified and classified data.
It turns out, DISA has been making a lot of headway recently in cloud matters.
“When we talk about the rapidly changing pace of technology, we’re moving away from fixed infrastructure and looking very clearly at how we support mobility and the whole complexity of operations,” said DISA Chief Technology Officer Henry Sienkiewicz.
DISA already has one high-profile “win” in its cloud column. Last month, the Army announced it was nearing the end of the testing phase of its cloud-based and DISA-hosted enterprise email and would soon begin rolling it out for use.
DISA has been singled out as a cloud leader within the federal government because of the agency’s existing strengths in IT architecture, but experts recognize there are still hurdles to cross.
For one, if agencies take on cloud solutions, it may tax already overstretched organizations beyond their capacities and take them too far from their original, core missions.
“I don’t think the immediate intent was for agencies to unilaterally build out additional capabilities,” Bob Otto, executive vice president of advisory services at Agilex, told Government Computer News. “My concern is that this additional focus may detract from their core mission.”
But, despite those concerns, defense analysts see success in DISA’s partnering with industry on a private cloud, because of far larger concerns over data security and the agency’s attempts to
This is one cloud with a silver lockbox.