Defense Information Department Looks Into Move To Cloud

Cloud is coming to the Department of Defense's combat support group -- it will just take time.

That's the message from David Bennett, chief information officer for the Defense Information Systems Agency. Speaking in Washington D.C. at MeriTalk's 2014 Cloud Computing Conference Wednesday, Bennett said his colleagues will have to do a superior job communicating the benefits of the shift to prompt change in Washington.

"If we don't communicate the value, we’re not going to migrate," he said.

[Related: Nearly 9 out of 10 Federal IT Professionals Apprehensive About Cloud]

Sponsored post

MeriTalk's day-long conference at the Newseum touched on a variety of issues holding federal agencies back from going to the cloud, namely their concerns and fears surrounding the effort. The conference came a day after MeriTalk released a study that showed 89 percent of 153 federal participants said they are hesitant to go to cloud, although 56 percent are in the process of implementing data stewardship or a more formal data governance program.

Bennett said he is on board with cloud in some ways and alluded to adopting a hybrid model. However, he added there are some pieces of information that just cannot be placed outside of on-premise equipment, regardless of new security developments.

"It's about figuring out what crown jewels we have today within the defensive perimeter," he said. "There are some things we're not going to put out in the commercial space. … Do you really want nuclear command controls sitting out in the open?"

Bennett said he believes the DoD doesn't move quickly, referring to the government agency as being like a "pregnant turtle," especially when it comes to adopting new concepts like the cloud.

"We're a pregnant turtle trying to move somewhere. We're very slow and we're somewhat methodical," he said, ’and when we get there, we get there. But we’re not in a rush."

MeriTalk Founder Steve O'Keeffe told CRN federal agencies will have to concentrate on streamlining processes for adopting cloud. He said there are hundreds of supply chains and human resource departments in place in the federal government, which indicates waste and a slowing down of the cloud computing migration.

"We’re going to see a range of hybrid, public and private options," he said. "One size does not fit all. … With 777 supply chain systems and 623 human resource systems, something needs to give. Shared services is definitely a major point."

Bennett noted "the color of money" is a hold-up for his government agency as well -- a term used by the Department of Defense to refer to an appropriation category for a financial account. Certain funds have to be set aside for services or hardware purchases specifically, and those designations can slow the purchasing process.

O’Keeffe added 70 percent of the federal government's $80 billion IT budget is spent maintaining "geriatric systems" like data centers and applications.

"You have to spend down some of that stuff in order to free up the budget," O’Keeffe said.

Richard Hale, deputy chief information officer for cyber security with the DoD, said in a separate presentation, money will become tighter for the federal department as a whole, with the effects of the most recent sequestration only wrapping up and another round set for 2016.

Michael Ball, senior manager for Federal Aviation Administration Initiatives at Northrop Grumman Information Systems, said following Bennett's presentation he believed the department's outlook on cloud is a "realistic" one. Northrop Grumman works directly on government contracts and Ball said he understands why the defense groups are hesitating.

"I have worked in the Department (of Defense) before and things do take time," he said.

Ball added cloud is not secure enough for highly-sensitive defense materials. O'Keeffe explained, for example, a cloud would become a target and open itself up to numerous cyber-attacks if terrorists or international governments learned "nuclear codes," which Bennett referenced, were stored in the entity.

Bennett concluded his presentation by noting the DoD is working with Federal Risk and Authorization Management Program (FedRAMP) on security concepts to adapt to his agency's concerns.

"It's a balancing act," he said. "The question is, 'What is enough?'"