Key DISA Initiatives Gaining Momentum
August 27, 2014 1 Comment
If you recall from our webinar on DISA given back in March, we hammered home the point that DISA is central to all the major initiatives DOD is undertaking. We centered our discussion on key pillars like cybersecurity, cloud, mobility, strategic sourcing, and enterprise system consolidation. Last week DISA held its annual Forecast to Industry Day to provide a progress report on existing activities in these areas and give updates on changes taking place in the agency. Topics of the Industry Day were largely in line with our analysis in March:
It’s been a little over a year since the formal start of DOD’s mobility program which DISA oversees. The agency is responsible for certifying phones and tablets, overseeing applications, and making sure security standards for devices and apps are up to par. The DOD Mobility program is the biggest step DOD has taken toward creating a mobility infrastructure. Now DISA wants to demystify mobility and as the FY15 government fiscal year approaches, DISA is emphasizing mobility as a part of everything that DISA does. Make sure that mobility considerations are included in any capability you are marketing to DISA. You can expect program managers to ask you how they can use your solution on a mobile device.
Because DISA buys so much information systems and equipment for all of DOD, any changes in its acquisition practices is something you should pay attention to because it will have implications for contract vehicles, security requirements, etc. With sequestration possibly coming back in FY16, DISA is looking for ways to achieve economies of scale. At the event, they described their plans to consolidate contracts. While no concrete details were provided, this would involve merging those contracts where many vendors are providing a similar product or consolidating where different offices in DOD are buying the same thing. This sounds like a continuation of DISA’s past partnerships with the Army and Air Force on Joint Enterprise Licensing Agreements (JELA). Stay tuned.
DISA will be taking on a more active role in defending and analyzing attacks on the DOD network. DISA, in cohort with U.S. Cyber Command (CYBERCOM) will establish a Joint Forces Headquarters DOD Information Networks. This is in keeping with the Single Security Architecture, a key tenet of the Joint Information Environment where operators have greater visibility over what’s happening over their networks. Presently, DISA is in charge of maintaining and upgrading DOD’s underlying network architecture, the DOD Information Networks (DODIN), but has little visibility into what’s going on. This partnership with CYBERCOM will improve DISA’s ability to not just see what’s happening on the DODIN but improve the performance of its data analytics program, Cybersecurity Situational Awareness Analytical Cloud, or CSAAC.
In its role as cloud broker for DOD, DISA is looking to expand commercial cloud adoption by releasing a commercial cloud vehicle, lowering barriers to entry for cloud vendors, and allowing sensitive but unclassified data to be hosted on commercial cloud servers. At the Industry Day, DISA officials admitted that high security requirements are stifling the number of approved vendors. In some cases, cloud security requirements are tougher than Federal Risk and Authorization Management Program (FedRAMP) requirements. As a result, DISA will be re-examining their requirements to see if pre-existing FedRAMP requirements will suffice. So far, four commercial vendors are authorized to handle public facing data and only one vendor, likely Amazon Web Services, can handle sensitive but unclassified data. Expect a new cloud vehicle in FY15 for public facing information hosting as DISA figures out the right approach for more sensitive data. Five cloud pilots are planned to do just that.
Consolidating Enterprise Networks
DISA is also active on the infrastructure consolidation front. Internally, DISA officials described their plans to consolidate its over 100 service desks into one for the agency. A virtual service desk will support DISA’s products globally.
Externally, DOD continues to consolidate storage and applications into its core data centers is ongoing. DISA identified two more of its data centers that will be designated as core data centers, bringing the number up to 10. They are located in Germany and in the Pacific theater. As the rest of DOD pushes their data into these data centers, expect storage and networking requirements to follow as these facilities scale up to accommodate the increased demand. Also, DISA expects to release a contract which will help defense agencies rationalize their applications.
Remember, anyplace the Defense Department has a presence, DISA plays some role in the technology used there. Getting an “in” with DISA, opens doors to the entire Department. Tapping into DISA puts you right into the stream of the Department of Defense’s top IT priorities.