Jack Wilmer, a Defense Information Systems Agency official, has said DISA needs to field tools designed to defend Defense Department applications from potential security vulnerabilities in commercial cloud environments.
Wilmer, vice director of the development and business center at DISA, told attendees of the MeriTalk Cloud Computing Brainstorm event that the need for such tools is one of the lessons that DISA learned when it migrated the first two DoD apps to the commercial cloud, DISA said Thursday.
“We need to define our relationships with cloud providers, and then find a way to have scalable solutions, at cost, for individual applications we take care of as a service out of our own data centers,” Wilmer said.
He noted that cloud service providers must comply with DoD’s cloud security requirements and the Federal Risk and Authorization Management Program standards to facilitate continuous monitoring and certification of cloud platforms and services.
DISA should also make changes to its culture and business processes as it works to integrate new CSPs and application owners and move DoD apps to the cloud, Wilmer noted.
“We need to train up operators in how to do business differently,” he said.
“They’re going to be getting different feeds of information, potentially with different levels of detail, through the CSP in different ways that they’ve previously accepted.”