Navy's Rise Toward Cloud Computing Faces Risks and Rewards
The U.S. Navy's push toward covering all of its activities under modern technology standards entails interlocking applications that seek to secure data and allow lawful users the right access level.
“When we look at identity, it’s really the new security,” said Kevin Orr, president of RSA Federal.
As the Navy collects increasing amounts of data and stores it in cloud services, the network has new vulnerabilities. Even so, this is the direction it is taking, as it was laid out in a 2020 memo.
“The Department of the Navy shall maintain its global strategic advantage by harnessing the power of data and information systems through cloud computing,” states the document.
This policy means there are hard decisions to make.
“I can't secure everything, and it's risk and reward; that's the game we kind of play. It's like going to Vegas with your money. You can afford to lose some, but you can't afford to lose it all,” Orr told SIGNAL in an interview. The information that is most valuable must be stored not only in impenetrable servers but also behind security protocols that will look at human behavior.
Among the many internal and corporate developers involved in this push is Science Applications International Corporation (SAIC), a company that has landed a $163 million contract to supply shore-based hardware and service for Navy networks.
“We are focused on delivering valuable support and solutions to a range of U.S. Navy network challenges and initiatives,” said Bob Genter, SAIC president, Defense and Civilian Sector, in a release after the deal.
An important part of the work necessary for succeeding is finding potentially rogue behaviors that may endanger operational safety. Therefore, once key data assets are identified and stored with enough guarantees, other technologies enter into play.
“We collect a lot of things coming through the pipes,” Orr explained. “When I take a look at it… there are alerts.” Orr added how artificial intelligence may look into behaviors that would be abnormal for a specific user, like location or the time of day this specific user may be entering the network.
In the case of a service that has potential points of entry in any location at any time, this creates a second challenge. “We've got to filter the noise,” Orr said.
When we look at identity, it’s really the new security.
One special demand for the service is knowing who is legitimately logging in without crying foul, and one of the keys moving forward will be knowing how “good” behavior should look.
The next level, after confirming a legitimate identity, is when shifting attitudes are detected.
“We can have artificial intelligence quarantine users or eliminate the services that a user has access to,” Orr said, in case a user has a potentially risky behavior.
While the push in the Navy toward modern services and communications is part of a wider Department of Defense policy, the challenges the service faces are unique and so are the elements that need to fall into place.