DOD looks to security beyond the perimeter
- By Katherine Owens
“Cloud it or kill it” is how Scott Air Force Base thinks about its applications, according to John Hale, chief of the Cloud Portfolio Office at the Defense Information Systems Agency.
Although not all cloud migration efforts are as cutthroat, the panelists at the 2017 Defense Systems Summit acknowledged that as more data moves to the cloud, the military must be able to protect data beyond the perimeter. Going forward, they said, cyber protection on the cloud will have to start with the data itself.
“We need to figure out what it means to implement data protections that will allow us to rollback that perimeter protection. We need to start shifting to data security from where we are today," said Robert Vietmeyer, associate director for cloud computing and agile development, Enterprise Services & Integration Directorate, Office of the DOD CIO. "We can’t just abandon our boundary at this point because we still need that boundary to protect us.”
In recognition of this fact, DISA recently created a program called the Secure Cloud Computing Architecture.
“SCCA is specifically designed to address those areas between the security measures that commercial cloud providers provide natively and what the DOD expects you to be able to do for their security posture,” Hale said. “Then we are pushing the commercial cloud providers really hard for them to natively fill those gaps also,” he added.
Indeed, these commercial cloud providers are the other factor in the future of the cloud. According to Hale, where mission partners used to ask for data infrastructure services, now they demand software as a service. The panelists agreed that now more than ever, industry providers are uniquely able to meet this demand.
According to Vietmeyer, acquiring the majority of a software program from commercial providers means that in-house engineers only have to build in the last level of specialization, saving time and money.
“If we are acquiring the platform…maybe even the core application layer with the software as a service model, we now potentially become responsible for only that differentiator that makes the defense mission possible and we can be much more agile about it,” said Vietmeyer.
Another key advantage of working with commercial partners is that because of their wide market base, they generate enough revenue to be able to invest in innovating new capabilities.
“The cloud enables us to…deliver new capabilities for the warfighting community and do it in a secure, dependable, repeatable way,” Vietmeyer said.
Katherine Owens is a freelance reporter for Defense Systems