A senior Defense Department (DoD) technology official this week explained how a robust cloud environment is an essential element to ensuring the successful implementation of the Pentagon’s software modernization strategy.
During a Dec. 1 SailPoint and GovExec virtual summit, Lily Zeleke, the acting chief information officer for Information Enterprise with DoD’s Office of the Chief Information Officer, talked about how DoD can’t advance a software-driven defense or offense without having a clear and well-developed cloud environment.
DoD published its Software Modernization Strategy earlier this year to provide cybersecurity development, security, and operations in software factories, as well as cloud services and faster delivery of software in support of critical data and communications.
According to Zeleke, the strategy is about harnessing the power of the cloud and developing software applications within the cloud to provide continuous incremental capabilities for the department and for warfighters.
“When [software and cloud] elements come together, effectively it makes the department able to take advantage of new open technologies [and] emerging technologies,” Zeleke said.
For example, DoD authorization processes can be tremendously arduous at times, and sometimes lengthy. To speed up and ease the difficulty of authorization processes, “we’ve got to include automation, we’ve got to include the ability to monitor, and the ability to have real-time visibility of the environment,” Zeleke said.
“Cloud speeds up our ability to get information, process information, secure the information at all levels – and that is where zero trust comes into play – and the ability to transmit the information at scale and speed to the people that need it,” she added.
The agency also must ensure security while being able to share data from one end to another at different levels of the enterprise through a cloud environment, and zero trust is a key enabler for that.
“We are working hand in hand with the Zero Trust Portfolio Management Office to make sure that the monitoring pieces and the identity pieces are embedded” in the ability to do the zero trust mission through the cloud infrastructure, Zeleke said.
DoD said last week when it released the Zero Trust Framework Strategy and Roadmap that it intends to develop future zero trust roadmaps for both commercial and private cloud, which are expected to achieve zero trust “quicker” than the five-year, baseline approach. DoD plans on piloting its zero trust approach with the four major commercial cloud providers involved in the Joint Warfighting Cloud Capability (JWCC) acquisition: Google, Oracle, Microsoft, and Amazon Web Services.
Zeleke also explained that the JWCC award – expected to be rolled out this month – will bring a new set of enablers to the department.
“JWCC is unique because it’s a diversity of capability that’s going to be brought to bear,” Zeleke said.
However, the challenge is ensuring that the department can integrate those offering and capabilities in a way that makes sense and serves the mission. The DoD must also make sure that the enterprise and stakeholders “are appropriately aware of all the all the offerings that the JWCC is going to bring,” Zeleke said.