What Air Force Wants in a Cloud Broker
January 28, 2014 1 Comment
Speaking at an AFCEA event, held January 17, Dr. Tim Rudolph, U.S. Air Force Senior Leader for Integrated Information Capabilities, stressed that the Air Force is moving to the cloud too slowly. He admitted that the organization is behind on implementation and that a cultural change is needed. Along with the Navy and Marine Corps, the Air Force appears reluctant to adopt Defense Information Systems Agency (DISA) as their cloud broker. At a separate AFCEA event, held January 21, DISA program managers were in agreement that cultural change is needed when vetting solutions across DOD agencies with “140+ engineers in a room”— each one wanting their own perfect solution.
Dr. Rudolph discussed the challenges and policies surrounding cloud adoption. He stated that the Air Force is still operating under a consolidated data center model. The Air Force needs to stop investing in “future legacy” data centers, and focus on implementation rather than consolidation.
Regarding security issues, Dr. Rudolph spoke of taking on reasonable risk and defensible controls where appropriate. FedRAMP (Federal Risk and Authorization Management Program), provides a government-wide standard approach to security assessment where cloud products are concerned. He said that these security standards may not always be needed – that the “ramp” may be a bit too high and is not providing value in every case. Accepting risk as part of the cloud brokerage process, he said, can be worth it if it speeds up the cycle time and gives the warfighter the capabilities they require. DISA complained that the current pool of FedRAMP-approved cloud vendors is too small and more cooperation from industry is needed to comply with FedRAMP. To show its commitment, DISA will be putting its own internally-developed cloud through the FedRAMP certification process.
The Air Force is looking for honest cloud brokerage – they want a trust model with industry partners. They are looking for innovation through collaboration, and are hoping to leverage the cloud marketplace for real savings. Dr. Rudolph stated that “for robust capability, commercial is the only way to go.” The Air Force needs to balance commodities with budget. Commercial cloud providers can convey value to the DOD by demonstrating how their solutions, tooling, and applications can navigate policies to help them get to the cloud quickly, securely, and with their mission in mind. DISA argues that commercial cloud adoption depends to an extent on the sensitivity of the data. They mentioned three options for DISA to use cloud: (1) private cloud, (2) commercial/private, (3) hybrid model where the commercial cloud is hosted within DISA’s environment. Which path it takes needs to should consider all the different levels of security sensitivities and mission requirements.