DoD to test commercial cloud for some sensitive data

Thursday - 8/14/2014, 5:22am EDT

Listen to Jason Miller's interview on the Federal Drive.

Download mp3

The Defense Department will identify a set of pilot programs in the next month to put more sensitive data into a cloud not run by the military.

This is one of several initiatives Terry Halvorsen, DoD's acting chief information officer, is planning, to change the way the military uses and manages its network.

Halvorsen said his office will announce the five pilots in the next 20 days that will see how sensitive data — at the Level 3 and Level 4 security classification — can work in a cloud environment that is owned by the public sector.

"We are probably not going to put a lot of Level 3 data into what I would call a standard open cloud. But we will be putting in semi-private clouds. I could see some of that data going into government-only clouds that are in the commercial sector, but it's partitioned so that it's only government. Some of that will be private clouds," Halvorsen said Wednesday at the Federal Forum conference sponsored by Brocade in Washington. "And we are looking at some interesting opportunities that might even do things like, what if I had a government buildings that I said. ‘OK, commercial vendor come in and operate the whole thing. Give me the cost for doing that and comparing that to our costs for internal operations.'"

Halvorsen said he's meeting with the team leading this effort daily to ensure these pilots get off the ground in a timely manner. He said they also have another big incentive.

"If they get five of them done, and I won't give you the exact timeline, but it could be the first of September, I am buying steak dinners and we decided it would not be at Golden Corral," Halvorsen said.

To be clear, this is not classified data going on commercial clouds, but its sensitive data that traditionally is kept on DoD-only networks.

He said the pilots are important because it would give DoD confidence in moving their networks in a new direction that meets its goals of agility, affordability and security.

The move to the cloud is part of a broader network modernization strategy, which the Joint Information Environment (JIE) is driving.

The JIE is not a contract or network, but an umbrella term to talk about standards, consolidation and sharing of network and data.

Halvorsen said DoD is planning a series of discrete objectives around JIE that are definable, affordable, defendable and measurable.

New policies under development

He said the efforts around the JIE are leading to a series of policy opportunities.

"How do we get into a more software-defined network? Another one is implementing what we are calling smart, safe code. It's leveraging some of the industry work to put out some acquisition guidelines that says code on anything that is software must meet these following standards for both security and frankly for ease of conversion too. We are working through what those are and we will come back to industry to ask for more guidance for that, to ask what you see. The last one is to put some harsher standards that say, if you are doing to develop software for us, you must develop it to require the minimum bandwidth possible to operate on."

Halvorsen said the bandwidth requirement may not be a hard-and-fast rule, but it's something DoD wants vendors to begin to get used to.

"We have to operate in what you could call challenging, low bandwidth environment," he said. "The more we can standardize how we do that, the more effective and efficient we get. Part of that means, we need to have software that takes into account that it will have to operate in some of those environments."

He says software that can run well on lower bandwidth is a good thing all around as more devices and applications requires additional bandwidth.

Halvorsen didn't offer any time table when he would issue these new policies.

In the end, Halvorsen said the goal is to reduce the number of DoD networks, understanding that getting down to one or a small number may not be realistic even in the long-term. But by implementing the standards under the JIE, the military services and agencies will be able to share data more easily and have better capabilities across the department.

Business data benchmarking underway

Halvorsen said he also wants DoD to do a better job aligning network investments, which means having the data and trust to exchange data.