Overview

For defense contractors, cloud security is a mandate. Under a Defense Federal Acquisition Regulation Supplement (DFARS) clause, cloud service providers have until December 31, 2017, to comply with detailed requirements for safeguarding defense information in contractor-run systems. But cloud security is more than a matter of compliance. Instead, it is a competitive tipping point.

In the coming year, the Defense Department and its mission partners plan to expand adoption of commercial cloud computing in major programs and mission systems. But it all hinges on cloud security.

“Cloud computing enables the Department to consolidate infrastructure, leverage commodity IT functions, and eliminate functional redundancies while improving continuity of operations,” states the Cloud Computing Security Requirements Guide, developed by the Defense Information Systems Agency (DISA). “The overall success of these initiatives depends upon well-executed security requirements, defined and understood by both DOD Components and industry.”

Defense organizations are looking for business partners that can execute on cloud security—not just on controls specified by the DFARS but also on the requirements spelled out by the International Traffic in Arms Regulation (ITAR), the FedRAMP High baseline, and DOD Impact Level 4 and Impact Level 5.

This event provided defense contractors and other members of the Defense Industrial Base with insights into technologies and strategies that can help them deliver secure commercial cloud solutions that not only meet but exceed their customers’ cloud security requirements—providing a competitive edge in this growing market.