With seven years’ experience in moving IT enterprises to the cloud under the federal Cloud First policy, U.S. military and many civilian agencies are settling on the hybrid cloud model of on- and off-premise resources to support warfighters and workers in the field.
“I’m a big advocate” for the cloud strategy, said Randall Conway, the Defense Department’s deputy CIO for information enterprise. “We have to embrace it because there is so much value there.”
The most effective path to realizing that value is one with options that allow agencies to move at their own pace to meet their specific needs. Officials from the DOD, Army, U.S. Marine Corps and the Justice Department discussed the challenges and benefits of implementing a multi-vendor cloud environment in a Federal News Radio panel discussion sponsored by VMware.
The hybrid choice
The cloud promises flexibility, economy and robustness in helping agencies execute their missions. But there are a variety of cloud offerings to choose from, including public and private, dedicated and multi-tenant, each with its costs and benefits. Bill Rowan, VMware’s vice president of federal sales, said there is a surprising level of agreement among the military services and DOJ as to the value of a hybrid solution that can combine the benefits of each.
The common factor among these agencies is the need to support their people deployed in the field, often operating in harsh environments with limited bandwidth. This puts a premium on the ability to quickly move data and IT resources as close to the end user as possible.
“Our primary user is the Marine who is out there doing the business of the Marine Corps,” said Daniel Corbin, USMC’s chief technology advisor for C4 headquarters. “The strategy we are putting in place embraces commercial cloud services, but our primary place for cloud services will be in our core data center in Kansas City. Where it makes sense we will use commercial cloud services as well.
“The Army is following a similar strategy,” with a mixed on- and off-premise environment, said Tom Sasala, director of the Office of the CIO’s Army Architecture Integration Center. So is the DOJ said Larry Reed, assistant director for security operations. “The challenge is putting it together in a coherent service to provide what the users need, when and where they need it.”
In making the decision on when to host cloud resources on premises and when to move to commercial services, “there is a business case analysis you have to do to figure out the best way for you,” said the DOD’s Conway. This analysis should balance financial costs with mission needs.
Although the cloud can provide significant cost efficiencies, saving money is not the principle driver in making the choice, panel participants agreed. Reliability and survivability come with a cost, Sasala said. “There is a premium we have to pay to protect our war fighters, and we will pay it.”
The challenge of mobility
Mobility is a big part of the USMC’s strategy in the tactical environment, said Corbin. The growth of mobile computing has pushed security concerns from the datacenter into the field.
“We’ve don’t a good job of protecting the datacenter environment,” Rowan said. The Army’s experience supports this, Sasala said. “Most of the attacks we are seeing now are at the end point, whatever the end point might be.”
The traditional end-points—desktop and laptop computers—are relatively easy to secure, he said. But the proliferation of mobile devices, smart weapons platforms and sensors in the field are more challenging. “As more things become Internet-aware, the more avenues there are to inject malware into the environment,” Sasala said. “We’re growing more concerned about that.”
“The more capable we make our user, the more risk we’re putting into our network at large,” said Conway. “If you don’t have that trusted connection” to the Internet, “you have a vulnerability.”
Putting security into the application rather than the hardware is a way of more effectively securing the end user. Software as a Service, which allows applications to be hosted in the cloud and made available to uses as needed, can give an agency greater control over software being used in the field to better ensure its security. The Marines’ software development standard allows secure applications to be developed and certified more quickly, ensuring the users get the applications and the security they need.
The cloud and mobility are “changing the way we communicate,” Conway said, and government is following the lead of the private sector in pursing the hybrid cloud model. The entrenched legacy infrastructure will remain a challenge, he warned. “We’re government; we’re big and we’re always going to have a legacy infrastructure.” But a flexible cloud policy that fully supports the end user can provide the efficiency and savings to help modernize the federal IT infrastructure. “Agency employees are doing whatever they can to be effective,” Rowan said. “It’s an interesting shifting model,” and one that can provide unexpected savings as well as challenges.