DISA goes commercial for milCloud 2.0
The agency says the next version of its cloud computing service will be operated by a commercial provider, though on DOD property and strictly for DOD users.
Building on the Defense Department’s milCloud 1.0, an on-premise cloud solution managed and operated by the Defense Information Systems Agency, DOD is looking to go commercial with milCloud 2.0, according to DISA’s cloud official.
At the AFCEA Defensive Cyber Operations Symposium, John Hale, cloud portfolio chief at DISA, explained milCloud 2.0 won’t be built or maintained by DOD. “We will bring a commercial provider into the [DOD Information Networks, also known as the DODIN,] to provide services internally to the Department of Defense,” Hale said.
“Cloud is not the savior for everything. There is always going to be the need for traditional hosting in a DOD data center,” Hale added. “There are certain workloads that just do not fit well in a virtualized or cloud model.” One example Hale provided in this regard was nuclear command and control.
Cloud is also billed as a cost-saving measure, an immensely important component in the era of sequestration. “By leveraging cloud capability — both commercial on-premise and off-premise capability — we can bring significant savings to the department and we can also provide a new, agile functionality to our mission partners going forward,” Hale said.
MilCloud 2.0 will also affect mission partners differently, as they’ll be billed based upon consumption of capabilities as opposed to a flat rate each month under milCloud 1.0. “Every time a mission partner comes to us and says ‘I have this workload,’ our job is to sit down with them, go through the requirements, and find them the best solutions that fit their needs. It may be off-premise commercial cloud, it may be on-premise commercial cloud, it may be traditional hosting, or it may be a mix, depending on what the particular mission needs are,” Hale said.
“The mission partner environment [MPE] would certainly use cloud technology… As we can move to cloud technology, one of the things that we’ve got to recognize, we’ve got to get our MPE is going to have to be commercial-based. We’re not going to be able to do this at, say, a U.S.-only based system,” DOD CIO Terry Halvorsen told Congress in March, noting that some allies would not be able to afford it.
Halvorsen also pushed back against criticism that DOD is behind in the cloud environment. “We say a lot of times that DOD is behind in cloud, so I wanted to really know if that was true. So I’ve asked my staff and some outside to take a look at how does DOD compare in the use of cloud with other Fortune 50 or peer competitors? We’re actually slightly ahead of most of the Fortune 50 in the use of cloud. We are now embarking on doing more but I don’t think DOD is behind,” he said.
DISA’s plans in the short term include the delivery and enhancement of milCloud 1.0 capabilities to ease mission partner migration while increasing automation, develop and deliver cloud access points, revise and evolve DOD Cloud Computing Security Requirements Guide and provide a path for commercial cloud service providers through the provisional authorizations process.
MilCloud 2.0 will be delivered in two phases. Commercial providers will first be brought into DISA data centers to discern a business model of hosting DOD workload with an on-premise private cloud. Phase II will include providing capability on classified and unclassified networks and will be informed by Phase I. Additional long term plans DISA laid out include evolving the cloud access points into the Secure Cloud Computing Architecture for securing mission application on commercial cloud service offerings and continuing to improve DOD’s security posture while simultaneously reducing operating costs.
Halvorsen told lawmakers that he hopes for an almost virtual cloud environment in five years, with private clouds within segments of DOD, private clouds that are just inside DOD, private clouds comprising DOD and other components of the federal government and hybrid public clouds.
NEXT STORY: Cyber operations come out of the shadows