This analysis was first available to Bloomberg Government subscribers
The U.S. Department of Defense will follow Silicon Valley’s lead and emphasize cloud computing as it seeks to secure sensitive databases and preserve the technological advantage the U.S. military enjoys around the world.
Deputy Secretary Patrick Shanahan emphasized the need to prioritize cloud usage in a memo following Defense Secretary James Mattis visited Seattle and Palo Alto, California, and saw how commercial entities are protecting themselves against cyberattacks.
Shanahan stressed that innovative technologies are both rapidly evolving and altering war, making IT modernization essential to maintaining the U.S. military advantage. He wants to speed up the Pentagon’s adoption of cloud computing to promote risk-taking, provide the latest technologies to warfighters, and accelerate IT procurement and development.
Who’s in Charge Here?
One of the most important activities that resulted from the memo is the establishment of a Cloud Executive Steering Group (CESG) to devise and oversee the adoption strategy with a focus on commercial solutions.
Shanahan also outlined what he calls the “cloud adoption initiative” in two phases.
The first phase is to acquire enterprise cloud services that support both classified and unclassified information and provide analytics, training, migration support, and change management across the military.
During the second phase, DOD components will transition to the acquired cloud product. Agencies will then be able to use the security, software, analytics, and other capabilities available in the cloud.
CESG is required to deliver a plan by Nov. 15 and then report on the progress of both phases.
What to Watch
Bloomberg Government will be tracking three important themes after the plan is delivered: funding, acquisition planning, and the handling of classified information.
One item in question is where the funding for this initiative will come from and how much will be put toward it.
CESG actions include the establishment of funding for phase two but not phase one. Funding for the first phase could be included in the budget or the source may already be known to Shanahan.
The acquisition plan is another item to watch. A program office chosen for phase one will draft an acquisition strategy, which could provide contractors with an office to contact and a timeline to plan by.
The strategy may also provide an explanation for how the Pentagon would like to address the different cloud security requirements for classified versus unclassified information.
The Defense Information Systems Agency’s Cloud Computing Security Requirements Guide states that the cloud infrastructure must be separate for classified information up to secret, and the top-secret cloud requirements aren’t public.
It’s likely that DOD would keep information at different classification levels separate. DOD may decide to acquire a private commercial cloud for secret and top-secret information and a public cloud for unclassified information in order to get the best balance of security, price, and efficiency.
It’s unclear whether the Pentagon will look for one cloud vendor to provide solutions for all levels of information or if multiple vendors could win the contract. If it’s one vendor, Amazon.com Inc.’s Amazon Web Services unit could have an advantage after the CIA trusted the cloud vendor with classified information in 2014.
If you’re not a client, and would like to see BGOV in action, click here to request a demo.