Enable breadcrumbs token at /includes/pageheader.html.twig

Shifting Cloud Movements at DISA

A new day dawns as the agency consolidates efforts.
A U.S. Marine Corps lieutenant colonel with the Defense Information Systems Agency (DISA) explains a Cloud Layered Obfuscation Application Kit (CLOAK) to the commanding officer for I Marine Expeditionary Force (I MEF) Information Group. CLOAK uses commercial cloud computing resources to improve I MEF connectivity. U.S. Marine Corps photo

A U.S. Marine Corps lieutenant colonel with the Defense Information Systems Agency (DISA) explains a Cloud Layered Obfuscation Application Kit (CLOAK) to the commanding officer for I Marine Expeditionary Force (I MEF) Information Group. CLOAK uses commercial cloud computing resources to improve I MEF connectivity. U.S. Marine Corps photo

The Defense Information Systems Agency is bringing its broad resources to bear in an effort to improve the cloud and deliver its capabilities to the warfighter. Since the agency has absorbed defensewide cloud services earlier this year, it sees an opportunity to provide greater cloud capabilities to the warfighter faster and at less cost.

Two major events altered the nature of Defense Department cloud services. The first came when the department transitioned its Cloud Computing Program Office (CCPO) to the Defense Information Systems Agency (DISA). The next occurred with the cancellation of the Joint Enterprise Defense Infrastructure (JEDI) contract. DISA now is running the cloud and proceeding with contracting for the Joint Warfighter Cloud Capability (JWCC), the successor for JEDI.

DISA currently is looking at the CCPO as a whole with an eye toward reorganization, says Les Benito, CCPO director of operations. The goal would be to work across the spectrum of DISA to generate plans and solve problems jointly. These efforts probably will bear fruit sometime in the next few months, he adds.

The CCPO’s move to DISA did not change the warfighters’ needs, Benito notes. The capability gaps that have been needed to extend cloud capabilities to the tactical edge still exist and must be remedied, he notes. He offers that the CCPO’s absorption into DISA will help develop efficient and scalable solutions for the warfighter.

Replacing JEDI will be a multivendor contract. Benito reports that it will be a nine- to 12-month process. Following market research to determine that vendors can offer the needed capabilities, DISA is aiming to issue its solicitation this month. If plans hold, the agency would offer a contract in April 2022. This would enable the mission partners to obtain the cloud services as quickly as possible, he says.

The multivendor aspect offers a few changes. Under the original concept, task orders would be put together quickly for the single vendor without any competition. But the multivendor approach has DISA exploring options to determine how competition meshes with task orders. Benito adds that the agency is working with the acquisition community as a whole to find ways to make this happen as efficiently as possible. “We don’t want those individual competitions to take six months,” he emphasizes. “The whole goal is to have a quick vehicle for folks to be able to get services that they need.”

John Hale, chief of cloud services for DISA, notes that in addition to the new JWCC contract for departmentwide purpose cloud computing, DISA has its MILCLOUD 2.0 capability providing fit-for-purpose cloud access. Contracts with other cloud providers also provide fit-for-purpose capabilities. Ultimately, he foresees more capabilities brought to the department for mission partners to meet their needs at lower cost.

“The overall digital modernization strategy for the department has not changed,” Hale states. “The overall cloud compute strategy for the department has not changed.” He continues that bringing the CCPO into DISA allows the agency to focus on providing general-purpose cloud computing and fit-for-purpose cloud computing to all of the Defense Department mission partners so they can meet their mission needs. The top concern is speed to market, he adds. Being cost-effective is another goal. “Everything that we’re doing is focused on providing capabilities and meeting those two basic tenets,” he declares.

DISA offers more than a dozen cloud services, and that number is likely to expand, Hale offers. The shift toward software as a service comes in part from the warfighter, and the agency perceives other types of vehicles along that same vein to provide common services to the department. One that is common is infrastructure as a service—hosting workloads in a cloud environment regardless of what that environment happens to be.

“There will always be specialized contracts for mission purposes,” he continues. “But when we talk about common services, we talk about things such as help desks, trouble ticketing and office automation.” DISA is exploring possibilities to provide consolidated vehicles for the department to meet those mission needs cost effectively, he adds.

Benito observes that cloud service providers continue to add more capability on a regular basis, and DISA needs a way to move those capabilities to its customers as quickly as possible. One effort in the CCPO is its own infrastructure as code (IAC) project, which builds templates that allow mission owners to quickly deploy environments with security that are preapproved. “So, if they need to go out and host an application in the cloud, we can build all the building blocks for them,” he explains. “Then their focus is just getting the application out there to be able to put in the cloud. The rest of it is built using the IAC templates that have already been vetted, approved, accredited and monitored and are continuously updated.”

And speeding up the time it takes for a customer to be able exploit the cloud is a prime goal at the CCPO. Tools available in the cloud service provider can be supplemented by those of the mission user, he continues. That shifts the focus from accrediting a giant environment to just the customer add-ons. This should accelerate the ability to mission owners to use the cloud to do their missions, he says, pointing out that it often takes a year from the time of a contract award for a customer just to be able to start using cloud services.

Benito says that customers generally have two issues with cloud services. The first is to have the services that they want, as many of these services are not authorized or available. The second is obtaining the authorization for their environment. The accreditation process is involved and takes a long time, he notes. DISA is working to accelerate that process while ensuring it is secure, and this effort is targeted “up front,” he says.

Several aspects of cloud services beg for greater focus. Benito offers, “We really need to get our hands around identity and improve it in a way that makes it easier for folks to have a centralized identity and authentication capability for their cloud services.” Currently, several different options for identity and authentication are available for those setting up defense cloud services, but none of them are enterprise across the department, Benito says. “We need to get authentication right.”

This philosophy extends to other tools as well. Having a centralized tool that all mission owners can use makes much more sense than having different solutions, he emphasizes. Other parts of DISA are working to help develop unified tools to help mission owners evolve their products.

Any discussion of the cloud must include security, and cloud security is at something of a crossroads, Hale offers. Historically, the Defense Department treated the cloud as if it were just another data center with defense in layers and boundary protection defense. That remains the case, but zero trust is looming on the near horizon. “Zero trust is the model that we ultimately want to get to,” he declares.

In this model, the onus would be on the cloud service providers and application owners to do what is necessary to meet the cloud security needs for the department. One DISA overarching effort, known as Thunderdome, would put zero trust into practice with a couple of selected pilot programs and push that model into a production environment. If successful, it could serve as the framework for moving forward in security, Hale suggests.

“Zero trust is really about distributing the trust model to the point where we can make it just an inherent part of the system,” he continues. “We believe that will ultimately lower the barrier entry to get cloud services in the hands of the warfighters quickly.” He describes it as one of the more important things his group is focused on.

In addition to zero trust, artificial intelligence (AI) plays a role in future DISA cloud capabilities. The Joint Artificial Intelligence Center (JAIC) is building the frameworks for AI and moving the tools into the hands of the warfighter, Benito allows. The CCPO is working to ensure that these capabilities are available for customers to access them quickly, particularly at the tactical edge. “Ensuring that those capabilities are available at the tactical edge is absolutely vital,” he states. “The capabilities that AI and [machine learning] bring to that environment are very important to the warfighter.” This includes performing analysis on site.

“The cloud group within DISA is vital to getting solutions out there available to the department, so we have a lot of work to do and we are working very hard to get them into the hands of the department as quickly as possible,” Benito says.

“Cloud is an enabler of AI,” say both Benito and Hale.

The pandemic strongly influenced Defense Department cloud activities. With remote working suddenly thrust upon the bulk of personnel, in March 2020 the CCPO deployed the commercial virtual environment (CVR) for the entire department of 3.2 million people. Virtual private network (VPN) systems then weren’t built for everyone to use them all at once. So, DISA turned to commercial services that were experienced in this, and deployed them into the entire environment. Not only did these services meet pandemic conferencing needs, they also opened up eyes to potential capabilities for collaboration such as videoconferencing and working in shared documents. The commercial world took these capabilities for granted, Benito observes, but self-imposed restrictions prevented the Defense Department from taking full advantage of them. “The pandemic overall really accelerated a lot of that,” he states.

It was up to the individual organizations to determine whether they wanted to adopt it or not, Benito relates, noting that the Marine Corps turned it down because it was already well along building its own environment. The department as a whole recorded roughly 1.5 million logins per day.

“There were a lot of late nights, a lot of workarounds,” he recalls. “We deployed it in just under a month, and it is still the largest Office 365 deployment ever.” When other organizations saw the effectiveness of this deployment, they accelerated their adoption, he notes.

Hale notes that this effort focused on putting the capabilities in place so that warfighters and mission partners could continue to do their jobs—“basically as if the pandemic never happened.”

DISA internally already had a full telework program in place that had been tested extensively. The challenge lay in the rest of the Defense Department, not all of which had fully tested plans in place. DISA had to spend a lot of time helping these elements of the department incorporate the needed capabilities rapidly, Hale notes. “From a day-to-day worker perspective, I think we didn’t really skip a beat,” he says of DISA’s activities. “But we spent a lot of time helping the mission partners meet their needs.”