Email is the most attractive application for leading to implementation of a Defense Department enterprise-wide strategy. Email features are generic and functionally identical. It is shared across all components. It is mature. A shared directory of addresses and the security requirements are identical and do not require innovation. Implementing email as a software-as-a-service (SaaS) by an organization such as the Defense Information Systems Agency (DISA) would offer immediate cost reductions of at least 50 percent. This would serve as a precedent for similar enterprise-wide efforts that could follow.
The ideas of proceeding with Defense Department enterprise email now are encouraging, although progress has been slow. DISA found that the existing network was polluted with format inconsistencies installed by hundreds of local operators who acted as if they owned email, and they proceeded to add a variety of features and attachments. Consequently, local systems have incompatible hardware and software configurations.
Before taking over the proliferation of current U.S. Army email versions—which now is the first step toward enterprise email—DISA has to clean up the existing systems to fit configurations that will work together so they can be maintained for consolidated support. The current choice is to migrate local Army versions of Microsoft Exchange to centrally administered server farms located at DISA-managed facilities—provided that these will meet security requirements. Implementation as an enterprise service also would require that the Army solution fit the U.S. Air Force, Navy and Marine Corps. That is an enormously demanding requirement, and it will call for detailed directions from the Defense Department chief information officer (CIO).
Other attachments to email, such as application code security, archiving and backup provisions, will need to be standardized if enterprise system interoperability can work. Unfortunately, many such components are tightly embedded routines, such as parts of Microsoft Office, in Defense Department desktops.
Meanwhile, the department has run into new integration problems because of mobile devices, which require interfaces with Android, Microsoft and Apple operating systems. The extent to which email is linked with mobile devices limits acquisition choices while concentrating on defenses against cyber attacks that use mobile devices for hacking into the Defense Department.
DISA requires a coherent technical framework, software architecture and implementation process before proceeding to offer cloud services to the Army, Air Force, Navy and government agencies. DISA must gain acceptance of its frameworks before components can sign up for further consolidations.
What is needed is technical guidance that covers how to build interoperable private cloud services that extend beyond email. To speed up the migration and to minimize capital costs, DISA may have to rely on commercial cloud providers, assuming these firms meet the department’s security standards as well as enhanced information assurance, improved application monitoring, automated provisioning and global infrastructure synchronization. What ultimately emerges most likely will be a mix of private and public clouds.
Interest also is emerging for considering centrally procured commercial off-the-shelf SaaS applications instead of proceeding with migration from the diverse legacy email applications. From an acquisition standpoint, it would entail replacing all Defense Department email with a single SaaS that would deliver an enterprise email package. Vendors then would be able to compete for the lowest-cost services without the hurdle of conversion expenses. Local modifications for component-specific services then could be bolted on if open source application interfaces exist.
Open source applications always are the preferred choice for such a procurement. They will enable DISA to acquire standard core functions, which can be amended to accept local modifications while maintaining portability instead of accepting a lock-up by contractors. Currently, it is Defense Department policy to mandate the acquisition of open source software to enable the relocation of applications without becoming tied up in intellectual property disputes.
The critical issue in organizing enterprise systems concerns the accountability for managing a shared Defense Department computing environment. What is emerging is a shift from oversight by component CIOs to operational accountability by the U.S. Cyber Command. DISA, which is under the direction of the Cyber Command, will have the authority to deliver operational email services. The component CIOs then can focus on setting policies to accelerate progress in catching up with commercial practices.
DISA now is proceeding with the implementation of the Army’s enterprise email. The components are watching its progress to see whether the 1992 goal of making DISA a services utility finally can be realized.
Paul A. Strassmann is the distinguished professor of information sciences at George Mason University and teaches AFCEA’s online cyber ops course. The views expressed are his own and not necessarily those of SIGNAL Magazine.