DoD needs to move carefully as it thunders toward cloud migration, DISA officials say

As the military services and components of the Defense Department prepare to transition to Milcloud 2.0, the Pentagon is considering the best ways to move its data to the cloud.

Part of that movement means being very deliberate in the way DoD organizes its data and prepares it for the transition.

“As we move this data to the cloud it’s an opportunity, but it’s also a challenge. The challenge is we need to take the time to get a handle on that data, understand what the data is and what it’s really telling us and tag it and associate it properly,” said Terry Carpenter, service development executive and program executive officer at the Defense Information Systems Agency, during a May 16 AFCEA event in Baltimore.

What Carpenter means is DoD can’t just throw information into the cloud without sorting it and making it navigable for future use.

DISA and DoD not only want to store data in the cloud, but also access it easily and use it to their advantage. That means making the data sortable and accessible to future artificial intelligence.

“Cloud is good. Moving to the cloud faster is great, but don’t go so fast that you don’t take the time to clean up the data and realize what it is you really have. You are going to discover along the way when you’re looking at the data,” Carpenter said. “What you don’t want to be doing is discovering all kinds of false positives because you didn’t take the time to understand it.”

But one of the main issues hampering that data drive is some of the policies and regulations by DoD. Carpenter said some policies have not properly adapted to the age of cloud and it hinders the ability to put data in one area and manage it with one group.

Security

Of course accessing that data is another important factor for cloud. DISA is currently trying to figure out the best way to identify and verify who is accessing the cloud and how they access it.

Lee Taylor, chief of DISA’s infrastructure applications branch, said the agency is implementing new identity and access management to better cloud security. That includes the Enterprise Privileged User Authentication Service and virtual desktop infrastructure.

“Migrating to EPAUS resulted in an 80 percent reduction in the number of privileged user accounts on DISA-owned and managed systems,” said Taylor. “Essentially, we went to a centralized privilege user directory service that allows users to log on to any system they have access to, which is based on a rule-based access control model.”

Taylor added that using the virtual desktop infrastructure “prevents non-compliant systems from connecting to our out-of-band network, reducing the possibility of an infected system connecting to the network.”

DISA is also working a handful of new identity and access management tools.

Purebred is billed as the replacement for CAC sleds. Instead of plugging a CAC into a computer, Purebred allows over-the-air certificate credentialing.

DISA and DoD have been looking to biometric authentication for a while now.

“What we have been seeing lately is these new joint emerging requirements,” Will Graves, deputy product manager and chief engineer for biometrics enabling capability in DoD, said last December. “When we talk about voice, we actually are going to deploy voice to the theater next year. We have a project that has rapid DNA. We are working with the University of Virginia to create a rapid DNA device that’s actually built on a CD. It’s a 10-pound device. It’s not packable in a ruck yet. But it’s going to be very cheap. The device is going to be less than $10,000. The current device right now is about $225,000. We are going to deploy that in the Central Command region next year.”

Graves said these tests are part of how DoD is shifting the use of biometrics from just law enforcement to identity and access management.