The Navy Looks to the Promise of the Cloud

This month is a crucial time for the U.S. Navy, as far as information technology goes. Its Program Executive Office for Enterprise Information Systems is developing the request for proposal for its Next Generation Enterprise Network Re-compete contract that will provide information technology services, including cloud services, for more than 700,000 Navy and Marine Corps users.

The Navy has the chance to get the advanced cloud computing it needs as part of the multibillion-dollar contract known as NGEN-R, as well as through other contract vehicles, which could provide capabilities and grow cost savings by leaps and bounds. Andrew Mansfield, technical director, Space and Naval Warfare Systems Center (SSC) Atlantic, is responsible for engaging Navy leadership in understanding how best to leverage technology, bringing the center to bear on naval programs and interacting with the commercial sector. He has spent the last year speaking with industry to learn just what information technology offerings they would have for the Navy and Marine Corps cloud environment.

To Mansfield, the cloud is much more than people realize. It is a fundamental shift in how information technology services are provided. “We’ve all heard that cloud is just someone else’s computer, but that is not it,” he says. “That is actually a bad way to look at it. Cloud is information technology of the 21st century. It is the further evolution of technologies up and down the stack, from networking and up to applications, and the transport layer and over the air, and everything else. It’s a different way of doing things.”

The engineer especially wants the commercial sector to be cognizant of this shift. “I think the biggest thing for industry is to take this opportunity of cloud and rethink how to look at information technology with us. This is a fundamental change in agility and speed and flexibility,” he says. “The potential of that change is essential to our continued outpacing of our threats.”

For the service, a lot is riding on the success of the cloud and the implementation of advanced information technology. Both are essential to reducing the Navy’s costs, Mansfield says. “If we really embrace the opportunity that cloud represents, we could save orders of magnitude on our information technology. The advanced information technology services will make it possible for us to take amazing advantage of capacity and bandwidth that we would have never had access to before without heavy capital expenditures and continued upkeep,” he describes.

The SSC Atlantic has been operating in the cloud for a while, and the U.S. Defense Department has charged it with accelerating migration to the commercial cloud. The center has authority to operate (ATO) security components, and it has been buying cloud through the Defense Information Systems Agency (DISA), procuring network bandwidth. As far as commercial cloud offerings such as infrastructure, platform and software as a service (IaaS, PaaS, SaaS), the SSC Atlantic is already using Amazon Web Services to host applications, Mansfield says. It is doing pilot programs with a number of other vendors, such as Microsoft Azure and Office 365. From a SaaS perspective, the SSC Atlantic has been doing “some small things with software vendors, trying to get a feel of things,” Mansfield says.

The main focus presently is figuring out a path forward. “There are all kinds of initiatives we are looking at doing, but the specifics haven’t been worked out yet,” he says. Mansfield adds that the SSC Atlantic “will work with whoever wins the Next Gen Navy contract, as well as whatever vehicles we can find that we can use.”

The SSC Atlantic and Pacific have been supporting the Program Executive Office for Enterprise Information Systems (PEO EIS) in its commercial cloud efforts to help it take advantage of new SaaS and PaaS capabilities and use infrastructure in new ways, Mansfield explains. The SSC Atlantic is assisting with engineering and identifying “what some of the requirements are and what PEO EIS is trying to advance, including concepts of security,” he says. Part of discerning requirements means working with vendors “to try to figure out what the shared responsibilities are of operating in commercial cloud holistically with our current operations,” Mansfield clarifies. “We want to make sure that our naval cyber operators can perform their duties. It is that simple. And if there is any vendor that looks at things differently, we are going to try to leverage it to our maximum advantage.”

At the end of the day, “It’s a partnership,” he says. “It’s all in—everyone is in the scrum.” This must hold true not only for commercial cloud providers but also for traditional contractors and the government, “extending across the whole spectrum.”

What must be at the core of this village effort, though, is an emphasis on cybersecurity. And here, mistakes cannot be made.

“Cybersecurity, cybersecurity, cybersecurity: It has to be upfront and present in everything we do,” Mansfield stresses. “We have to design with that in mind. We can’t make that an afterthought. It has to be secure in design, secure in implementation, secure in testing, secure in deployment and secure in operations and support.” He warns that not everyone in industry understands this need. “It’s not everywhere, no. Not all vendors get this. Some do, some don’t.”

As a customer, the government must hold industry to a high standard of security. But to do so, government employees must be prepared, Mansfield continues. “It is one of the biggest challenges for us as government to make sure that we have the right people with the right knowledge to interact with these vendors and industry,” he says. “We understand security extremely well, but we have to learn from industry. It’s important to take cyber security very seriously because for us, lives are at stake. Industry also takes this seriously, but their stakes are different.”

While the Navy adroitly maneuvers toward figuring out requirements for cloud platforms, it keeps clear advantages in sight. The cloud will give the Navy agility and flexibility. “That is the key,” Mansfield says. “It helps advance and accelerate efforts to do everything from requirements analysis to engineering and testing to deployment and support. If we leverage development operations and secure development operations, we are talking quantum leaps to speed-to-fleet—serious acceleration with regards to how we can put capabilities out into the field, so that as the threat changes, the capabilities can change almost as fast.”

What modern computing capabilities can offer the tactical side is something the SSC Atlantic and the Navy are “specifically looking to take advantage of in many ways,” he stresses. “Imagine what you can do with systems engineering and development environments if you can spin up and shut down instances of capability and connect them virtually to larger and larger datasets with service-specific analytical capabilities.”

For a Navy swimming in data, advanced analytics are especially appealing. “Data processing will be enhanced by the cloud as far as getting access to datasets and being able to consume them and include them as part of an analytics capability,” Mansfield notes. “In the past, where there was significant heavy lifting to get the data to move, with cloud capability engineered properly, that is not the case.”

Another big advantage of advanced cloud technologies for the Navy is the potential for cost savings. “We are not going to have to spend the billions of dollars in research and development that those industry partners have spent to learn how to do these things and how to do them securely,” Mansfield states. “We are going to be able to leverage that and make significant advances by adopting industry solutions.”

In the past, the government has been the one to own and operate everything, he explains. “The government had always built our own information technology solutions, integrated our own stuff—we’ve hosted our own stuff and operated our own stuff. Commercial cloud offers an opportunity to rethink all of our information technology going forward, whether or not we leverage the services or the new technologies and architectures,” Mansfield says.

He cautions that the service is not “just going to throw things over the wall blindly to vendors and say, ‘Here, you can do this.’” Instead, it is “going to work collaboratively with them and to have them understand. If a vendor is hosting our capabilities and we can’t hug our server anymore, I’m OK with that. That being said, we have to understand who is accessing our data. And we have to leverage their security features to the best extent possible. We must continue to evolve our abilities to outpace the threat.”

Mansfield will be keeping an eye on the future as the cloud continues to evolve, especially as it incorporates miniaturization. “In my lifetime, I absolutely can see that the data centers of today will fit in the same form factor as my smartphone,” he says. “Think about the impact of that miniaturization. With miniaturization, the concepts of agility and speed will change even more, and the context of a service as a component becomes that much more relevant. If I am fitting a data center in the palm of my hand, do I even need a larger data center?” He also suggests that quantum computing “is going to get us there, and if not, what comes after it will.”

Consider the data center of tomorrow, Mansfield advises. “Thinking about that and planning for that as part of your design from a scalability perspective, and understanding how you are going forward, that is important,” he states. “Think about what it is going to be like 20 years from now and what you need to do to prepare for that as well.”