CLOUD

Are cloud providers ready to play politics?

Editor's Note: This story was originally published on FCW.com.

Acting Defense Department CIO Terry Halvorsen on Jan. 29 called on commercial cloud providers to own up to the challenges of data liability and information sharing, measures he sees as instrumental to the Pentagon reaping the benefits of the commercial cloud.

"When you lose our data that's in your cloud, you have all the normal liability issues, but let's be real, you're dealing with DOD…you also have a bit of a political liability," Halvorsen said. "Our data gets lost, it's going to make the news. It's going to get interest [from] Congress, it's going to get interest [from] the American people."

Halvorsen's blunt talk at a DOD cloud industry day held at the Commerce Department was the latest step in the Pentagon's effort to court the private sector for cloud services. In tight fiscal times, DOD officials are trying to balance the savings likely to come from more commercial cloud adoption with the security risks of moving too fast.

The Pentagon's top IT official said he has heard plenty of concerns from cloud firms about what he called the "political liability" of doing business with DOD, but told the audience that is the cost of entering the potentially lucrative DOD cloud market.

"This is going to have to be…a much better partnership between industry and government in how we do this in a way that makes you money," Halvorsen said.

The only way a multiple-cloud environment is "going to work effectively, efficiently and securely is [if] we share common data," he added. "Particularly in the security area, we're going to have to have common infrastructure, common sensors, common data exchange – and it has to cross government and industry boundaries."

At a press briefing at the event, Halvorsen said that within 90 days he expects DOD to stand up "cloud access points" -- key elements of the security apparatus that connects DOD information networks to the commercial cloud. The Defense Information Systems Agency has been conducting a pilot project to test the speed and security of the CAPs, Maj. Gen. Alan Lynn, the agency's vice director, said earlier at the industry day.

Halvorsen told reporters that that the CAPs are crucial for cloud security because it reduces the number of potentially vulnerable connections to commercial networks.

Halvorsen also revealed during his remarks to industry that the next version of the unclassified part of DOD's enterprise email system "will be a completely commercial solution." He explained that decision to reporters by saying, "I think that the commercial industry has certainly shown that they could do an unclassified email at a lower price."

The cloud industry day, which drew several hundred commercial and government cloud practitioners, caps a busy several weeks for DOD's changing cloud policy.

DISA, the DOD agency in charge of IT infrastructure, on Jan. 12 released a security requirements guide for commercial and non-DOD cloud providers. The document is aimed at simplifying the selection process by reducing the number of "impact levels" for sensitive information handled in the cloud.

And in another move intended to quicken the Pentagon's adoption of the commercial cloud, Halvorsen issued a memo on Dec. 15 that allowed the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to DISA.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Reader Comments

Mon, Feb 2, 2015

Just to be clear and address that first comment... It's not that ALL Cloud Service Providers (CSP) want to be held harmless for their own security lapses. It's that the traditional "shiny object" silicon valley CSPs want that, because they force that model on individual citizen consumers. The traditional government contractors are all more than happy to take the usual amount of liability we take based on FAR/DFAR when we do business from the Federal government. This administration is intent on doing business with the silicon valley glamour companies who they think do it better - they get to do it "better" because they grew by exploiting the consumer market and selling to them on unfavorable terms. Good luck with that. You'll get what you pay for.

Mon, Feb 2, 2015

Politics is not what they are playing, but rather government-focused business survival. The providers want to be held harmless for their own security lapses. So why would the government use them?

Mon, Feb 2, 2015

This really isn't new, is it? Check out what the Challenger explosion did to Lockheed Martin (then two companies) and its stock in 1986. What's relatively new is the ugly political climate between the two parties, and the willingness of the politicians to pummel businesses as proxies for beating up the other party. Hell, people are STILL trying to beat up CGI for Healthcare.gov, despite official evidence that there was more than enough blame to assign to every company, agency and legislator involved. http://wisdomofcrowds.blogspot.com/2009/12/stock-market-reaction-to-challenger.html

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.