The Department of Defense’s (DoD) push toward greater adoption of commercial cloud computing could raise some questions for the military services and component agencies, including what type of cloud environment would work best while meeting unique DoD needs such as security and high-volume transactions. The Defense Information Systems Agency (DISA) took a stab at answering those questions last week while offering a plan for enterprise cloud adoption.
DISA hosted about 800 participants–either in person or virtually–from combatant commands, the military services, and agencies for a cloud symposium at its headquarters at Fort Meade, Md. The symposium was designed, among other things, to look at the options for enterprise cloud adoption, address concerns such as security, and explain the current cloud service offerings from DISA, which has for years taken the point on DoD’s cloud efforts.
“DISA has a lot of cloud experience already; we have been doing this for a number of years,” Rear Adm. Nancy A. Norton, DISA vice director, said at the event. “There’s a lot that we’re right on the verge of moving forward on. We want to make sure mission partners know what is out there today and what all of the possibilities are for the near term and the far term.”
One presentation, with a theme titled “Crawl, Walk, Run, Fly,” defined the features of on-premises and off-premises cloud services, and broke down the three basic cloud computing models–Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It also explained how each model is applied, and how areas of responsibility are assigned under each service. For example, in IaaS, the agency holds responsibility for applications, data, runtime, middleware, and the operating system. The provider supplies virtualization, servers, storage, and networking. Under PaaS, the agency is responsible for applications and data, while the provider handles the rest. And under SaaS, the agency’s responsibility is pared down to the data, with the provider in charge of everything else.
“All three options have their right place,” said John Hale, chief of DISA’s cloud portfolio. “You, as mission partners, have to look at your individual applications and decide which model is best for you.”
DISA also stressed the importance of agencies being ready for a cloud transition. “Taking traditional, legacy applications and moving them into the cloud model is not going to give you the efficiencies your organization is hoping for,” Hale said. “It requires an investment to modernize your application and make it cloud ready.”
Security and the DoD’s Impact Levels also need to be considered when moving to cloud. For example, Level 2 is used for unclassified public data, which gives the largest amount of choice for moving to cloud. Up at Level 5, which is only for unclassified sensitive data, a dedicated infrastructure is required. And Level 6 is only used with classified information, which many cloud infrastructures should never host. “Understand that if you put your application in a Level 2 environment, you could be running on the same infrastructure as a commercial service,” he said. “In the Level 4 and 5 world, our data is completely separated from the commercial world.”
DISA also has tried to anticipate the complications of moving to a commercial cloud. For example, an application that’s moved to a commercial cloud would no longer have access to DoD shared services, so the agency built its Secure Cloud Computing Architecture to provide security services in those cases.
As the move to cloud continues, DISA stressed that it will continue to evolve as well, offering advice and guidance on improving DoD efficiencies while maintaining critical security.