DoD Looks to Break Cloud Security ‘Bottleneck’
The Pentagon is looking for ways to recast is its cloud security guidelines as a way to accelerate the department's slow migration to cloud computing.
Meanwhile, key cloud providers to the U.S. military are extending their capabilities via acquisitions while expanding their capabilities to handle classified workloads.
The Defense Department's chief information officer for cyber-security confirmed this week that it is in discussions with cloud providers to revise security requirements that have created a "bottleneck" in migrating DoD systems to commercial cloud platforms.
Those discussions focused on "what are those things that industry can provide for us and where do we need to adjust, not only in terms of requirements, but to shift our language from specifically what we’re looking for in terms of solutions to expected outcomes," Federal News Radio quoted DoD's Essye Miller as stating during a conference call with reporters.
The discussions follow a September directive by Patrick Shanahan, the deputy defense secretary, to accelerate DoD's cloud adoption, which has moved in fits and starts over the last several years. One reason, DoD officials acknowledge, is current Pentagon security requirements for isolating sensitive, classified and highly classified data.
Commercial cloud vendors currently must meet stringent cloud security requirements issued by the Defense Information Systems Agency in order to compete for DoD cloud contracts. Security levels range from public information to Top Secret data. Permissions controlling who has access to what data has been a major challenge as the Pentagon's migration to the cloud moves at the pace of a tank column.
Meanwhile, the department continues to certify commercial cloud providers at various security levels under the Federal Risk and Authorization Management, or FedRAMP, program. Those certifications has resulted in a series of large commercial cloud contracts over the last month, including a $1 billion Air Force contract awarded to a team that includes Dell EMC and Microsoft (NASDAQ: MSFT).
Late last month, the Navy awarded a $34.6 million cloud migration contract to CSRA Inc. The deal calls for the fast growing cloud integrator to provide the Navy with migration services to Amazon Web Services (NASDAQ: AMZN) and Microsoft Azure clouds.
This week, CSRA (NYSE: CSRA) announced the acquisition of Praxis Engineering of Annapolis Junction, Md. The $235 million cash deal gives the cloud provider an application development capability focused on the U.S. intelligence establishment. The deal is expected to close by the end of 2017.
Also this week, Microsoft said it is expanding its government cloud to support classified workloads while adding new technologies such as a blockchain digital transaction ledger and support for high-performance computing. Microsoft claims its Azure Government is the only enterprise cloud platform certified at DoD's "Level 5" security rating for handling secret government data.