Despite all the talk of cloud computing in the federal sector and, more important, action on cloud computing, security questions have threatened to overwhelm the governmentâs âcloud-firstâ policy with question marks.
While cloud has promised to âfreeâ data, making it easier to use, share and collaborate, how feasible is cloud computing for federal agencies with particularly sensitive data, most especially the Defense Department — already an apparent victim of unauthorized access and disclosure of information in the WikiLeaks debacle?
DoDâs cloud conundrum  may have a savior, though.
The Pentagonâs IT arm, the Defense Information Systems Agency, has been working on plans to host and manage a private cloud, with the essential help of private contractors, that would keep DoDâs information in an in-house cloud environment behind the government firewall, according to a Defense Systems report.
In other words, while private companies, such as the bevy of IT firms that are recognized as top cloud creators and who do business with the government, will develop the solutions, DISA will host and manage them.
The arrangement could prove that cloud-first in a security-first agency can coexist peacefully.
âIn order to secure not only our classified data but also our official-business sensitive but not classified data, we are implementing a private cloud to support these requirements,â DISA Chief Information Officer Dave Mihelcic told Defense Systems.
DISAâs cloud is âunder positive DoD control,â he said, being hosted in the agencyâs secure Defense Enterprise Computing Center and managed by DISA personnel. Because of these strengthened security controls, many observers think DISAâs cloud template could be put in place across DoDâs networks.
In fact, Mihelcic has said as much, himself. In an interview last month, Mihelcic said DISA was âuniquely positionedâ to be DoDâs cloud provider of first resort both for unclassified and classified data.
It turns out, DISA has been making a lot of headway recently in cloud matters.
âWhen we talk about the rapidly changing pace of technology, weâre moving away from fixed infrastructure and looking very clearly at how we support mobility and the whole complexity of operations,â said DISA Chief Technology Officer Henry Sienkiewicz.
DISA already has one high-profile âwinâ in its cloud column. Last month, the Army announced it was nearing the end of the testing phase of its cloud-based and DISA-hosted enterprise email and would soon begin rolling it out for use.
DISA has been singled out as a cloud leader within the federal government because of the agencyâs existing strengths in IT architecture, but experts recognize there are still hurdles to cross.
For one, if agencies take on cloud solutions, it may tax already overstretched organizations beyond their capacities and take them too far from their original, core missions.
âI donât think the immediate intent was for agencies to unilaterally build out additional capabilities,â Bob Otto, executive vice president of advisory services at Agilex, told Government Computer News. âMy concern is that this additional focus may detract from their core mission.â
But, despite those concerns, defense analysts see success in DISAâs partnering with industry on a private cloud, because of far larger concerns over data security and the agencyâs attempts to
This is one cloud with a silver lockbox.