The Defense Department’s move toward cloud computing is methodical and deliberate- pretty much as expected of most things the military does. But unlike many agencies, the main impetus is not to save money.
“I would expect the biggest benefit is access. I could afford the teleworker or the mobile worker access to the information he or she needed it at an acceptable level of security,” said Rob Carey, the deputy DoD chief information officer during an interview on In Depth with Francis Rose Tuesday. “Security is a game of risk management. If you have that sorted out, then you should be able to derive some savings because you’ve virtualized your computing environment and hopefully you’ve standardized it because we don’t want to go from our 1,500 data centers to 1,500 clouds. We need to get to a place where there is a consistent computing infrastructure, which will enable a cloud inside dot-mil to be accessible to our workforce wherever they are and with whatever device they have.”
The Pentagon’s take on cloud differs than most of the respondents to an exclusive Federal News Radio survey of federal CIOs. The survey found 58 percent of the respondents said their agency is seeing cost savings as a benefit of cloud computing, while 42 percent said their agency is getting better service.
Eight percent of the respondents said cloud computing was costing their agencies more money than when they ran their infrastructure in typical data center set up, and 21 percent of the respondents said their agencies weren’t seeing any benefits from cloud computing.
Federal News Radio surveyed 130 federal CIOs in August 2012 and received an 18.4 percent response rate. Of those who responded, 38 percent said they worked at a cabinet level agency, 17 percent said they worked at a large agency, such as the Environmental Protection Agency, and 46 percent said they worked at a small agency. Additionally, 83 percent of those who answered the survey said they were career CIOs or deputy CIOs, while 17 percent said they were political appointees.
This was the second survey of federal CIOs over the last year. The first survey showed agencies were meeting OMB’s mandates to move systems to the cloud, but some commented on security concerns and needing to understand the business process improvements before making the jump.
Cloud pilots in progress
Carey said DoD is setting certain changes in motion as part of its move to the cloud to help deal with an assortment of challenges.
First, he said, the military is running a few pilot programs after releasing a cloud strategy earlier this summer, which told the department to work on the security issues before jumping in.
“There is a space that you now can say, ‘I have to be able to afford this kind of protection to this information as it runs around and in and amongst this environment called the cloud,'” Carey said. “Once we do that, because you now are sharing servers and capacity that is where your cost savings come from. I can then afford access better because I’m enabling access to this information from wherever I may be, and we are adopting commercial models of cloud computing inside our own world first.”
He added the cloud provides DoD with the opportunity to be more streamlined than ever before. But if it’s not done consistently, cloud could cost DoD too much money and resources.
To help achieve that consistency, Carey said DoD CIO Teri Takai last week approved a data center technical reference architecture for the core centers across the department. He said all the military services’ data centers will have to meet the technical reference architecture.
The technical reference architecture details standards around power, cooling, building codes and other rules of the road for how to set up and run DoD data centers. Carey said the architecture doesn’t get into specific technologies or operating systems, but that may come later especially around computing and virtualization platforms.
“If we define this standardized architecture, they can then through their technology refresh process grow their data center into this standard,” he said. “We are working to define those data centers, which will stay on as flagship data centers in the DoD that will meet this reference architecture. This will allow us to then create a homogenous computing environment, a computing backbone, that in essence begins to knit together a logical cloud inside dot-mil.”
Carey said DoD plans to have less than 100 core data centers from the 1,500 currently in use.
“Every base will have a small data center to move information from the Global Information Grid to a flagship data center and back to the base,” he said. “We call those processing stations.”
Shared services for classified networks
The cloud also will give DoD a path toward shared services.
Federal CIOs were mixed on the impact of shared services, and other Office of Management and Budget initiatives such as the Digital Government Strategy and PortfolioStat.
Of the respondents, 58 percent said these mandates were not changing their priorities, while 42 percent said they are having an impact on their priorities.
“We already had set priorities for our agency, and we have not changed those priorities because of these OMB initiatives. Instead, we are incorporating these OMB initiatives into our priorities,” wrote one CIO respondent.
Another said, “I do what is best for my agency. Some of the OMB mandates align with that.”
Carey said moving to shared services is an important approach to saving money, but it has to fit into the agency’s business environment.
DoD just became a shared service provider, offering public key infrastructure services for civilian agencies’ classified networks.
“We were the ones that rolled it out and have the infrastructure to help,” Carey said. “It was sort of an obvious choice that we would help those agencies that didn’t already have it, provide this capability for that level of sensitive information and allow identity to be vetted through a cryptological access token so we can then link that sensitive data to identities.”
He added DoD will provide the services and/or the tokens to civilian agencies such as the departments of Homeland Security, Justice, Treasury or any other that has a classified network.
For many CIOs, cybersecurity isn’t their biggest concern. The budget, according to 46 percent of the respondents, keeps them awake at night. Cybersecurity, according to 38 percent of the respondents, worries them the most.
“Cybersecurity is the hot issue, but it is linked to my budget, [and there is] no funding to meet all the unfunded cyber requirements,” wrote one CIO.
Sequestration could affect IT buys, use
CIOs also are worried about the potential impact on sequestration with 46 percent saying it will have a great effect on how their agency uses or buys technology.
“Cutting 8-to-10 percent of my budget will affect new initiatives as we cut back to ‘keep the lights on,'” one CIO wrote about the threat of sequestration.
But one who said cybersecurity was their biggest concern said computer security poses the greatest risk to their agency and the nation.
Half of the CIO respondents said the continuous monitoring requirements issued by DHS will have some impact on their agency’s security, but 21 percent said it will have little or no impact.
One CIO said the impact of continuous monitoring is “directly linked to budget shortfalls.”
Another said, “We are rapidly moving to continuous monitoring. We knew last year, it was critical for our security and our agency leadership agreed and funded it.”
Open ended comments
Several open ended comments addressed the state of federal IT:
“CIOs should get a separate budget line. We are a bill payer for the rest of the agencies.”
“This is hard work that requires stable leadership over a number of years. [It] starts and stops and starts and stops due to uneven funding streams and continuous shifts in priorities makes ‘big thinking’ projects impossible. Because our approach has necessarily become incremental, truly historic, break-through projects are a thing of the past.”
“There still appears to be a point of contention with many CIOs and their reporting relationships at their respective agencies. CFOs still tend to dominate how most CIOs conduct business without regard to needed technologies versus the CFO’s budget driven mission.”