Do cloud access points slow DOD’s cloud migration?
- By Sean D. Carberry
Despite a number of challenges, the Defense Department is meeting its targets for data center consolidation, according to acting CIO John Zangardi.
While the slow pace has been frustrating, the barriers -- which are related to the age and cleanliness of the data, the age of the systems and the migration -- "are not unreasonable," Zangardi said at the AFCEA Army IT day.
Modernization is a one of the bigger challenges, he said. Costs escalate and schedules drift when old data and systems require updating before they can move.
Getting the DOD into the cloud is also a barrier to data center consolidation.
"We have met with several vendors over the last couple of months, and I've tasked my team to look at the policy for the cloud. And right now, industry and some folks view [Cloud Access Points] as a bottleneck," he said.
The cloud access point is the security conduit through which DOD connects to the commercial cloud. It serves as a demarcation between the DOD Information Network and commercial cloud providers; the CAP's sensors allow the Defense Information Systems Agency to monitor traffic passing through it, according to a report in FCW, a sister site to Government Cloud Insider.
"The idea is to make sure that if a vulnerability exists and is exploited on a commercially hosted site, it cannot be exploited to the point of endangering others on the DODIN," Dave Mihelcic, DISA's CTO, has said.
"Can CAP be provided as a service?" Zangardi asked. "Keep in mind that even if you're Level 4 or Level 5 certified, most vendors out there still have a back door to the internet. We have to make sure that our data is protected from that back door to the internet. That was the purpose of the CAP in the simplest terms."
Zangardi said that one option is for DOD to set a standard for vendors to build to so they provide "the same data invisibility as the current CAP."
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.