Post on 05-Apr-2018
transcript
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
1/44
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
2/44
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
3/44
Thispage
intentionally
left
blank
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
4/44
E1
DoDCloudComputingGoal
Implementcloud
computing
as
the
meanstodeliverthemost innovative,
efficient, and secure information and
IT services in support of the
Departments mission, anywhere,
anytime,onanyauthorizeddevice.
EXECUTIVESUMMARY
Inthecurrentpolitical,economic,andtechnologicallandscape,informationtechnology(IT)is
expected
to
provide
extensive
and
ever
increasing
capabilities
while
consuming
fewer
resources.Withtheincreaseofbothstatesponsoredandindependentcyberthreats,the
DepartmentofDefense(DoD)isrecognizingthegrowingimportanceofleadingastrongand
securepresenceincyberspace. Concurrently,globalfinancialeventsaredrivinganeedfor
continuedbudgetaryconstraintsandstricterfinancialoversight. Asaresult,theDepartment
musttransformthewayinwhichitacquires,operates,andmanagesitsITinordertorealize
increasedefficiency,effectiveness,andsecurity.
TheDepartmenthasbegunthistransformationbyestablishingasetofinitiativesthatare
aimedatachievingimprovedmissioneffectivenessandcybersecurityinareengineered
informationinfrastructure.
The
result
of
this
new
effort
will
be
the
Joint
Information
Environment,orJIE. TheJointInformationEnvironmentisarobustandresiliententerprisethat
deliversfaster,betterinformedcollaborationanddecisionsenabledbysecure,seamlessaccess
toinformationregardlessofcomputingdeviceorlocation.
TheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto
achieveJIEgoals. TheDoDCloudComputingStrategyintroducesanapproachtomovethe
Departmentfromthecurrentstateofaduplicative,cumbersome,andcostlysetofapplication
silostoanendstatewhichisanagile,secure,andcosteffectiveserviceenvironmentthatcan
rapidly
respond
to
changing
mission
needs.
The
DoD
Chief
Information
Officer
(CIO)
is
committedtoacceleratingtheadoptionofcloudcomputingwithintheDepartmentandto
providingasecure,resilientEnterpriseCloudEnvironmentthroughanalignmentwith
DepartmentwideITefficiencyinitiatives,federal datacenterconsolidationandcloud
computingefforts. Detailedcloudcomputingimplementationplanninghasbeenongoingand
informstheJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operation
andGovernanceefforts.
Increasedmissioneffectivenessandoperational
efficienciesarekeybenefitsthatcanbeachievedwith
cloudcomputing.
Cloud
computing
will
enable
the
DepartmenttoconsolidateandsharecommodityIT
functionsresultinginamoreefficientuseofresources.
CloudservicescanenhanceWarfightermobility
throughdeviceandlocationindependencewhile
providingondemandsecureglobalaccesstomission
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
5/44
E2
dataandenterpriseservices. Cloudplatformsandservicescanprovideincreasedopportunity
forrapidapplicationdevelopmentandreuseofapplicationsacquiredbyotherorganizations.
TheDepartmenthasspecificcloudcomputingchallengesthatrequirecarefuladoption
considerations,especiallyinareasofcybersecurity,continuityofoperations,information
assurance(IA),
cybersecurity,
and
resilience.
Additional
challenges
include
service
acquisition
andfundingsustainment,datamigrationandmanagement,andovercomingnetwork
dependenceatthetacticaledge(disconnected,intermittentandlowbandwidth(DIL)users).
Tohelpmeetthesechallenges,theDepartmentisleveragingtheFederalRiskandAuthorization
ManagementProgram(FedRAMP). FedRAMPwillestablishastandardapproachtoassessand
authorizecloudcomputingservices,anddefinerequirementsforthecontinuousauditingand
monitoringofcloudcomputingproviders.Inaddition,DoDCIOiscurrentlyupdatingthe
DepartmentsInformationAssurance(IA)policiesandinstructions,aligningIAcontrolsand
processes
with
those
used
across
the
Federal
Government.
The
Department
is
taking
a
cautious
approachasitworkstofullyunderstandthechallengesandestablishtheappropriaterisk
mitigations.
TheDoDCIOisacceleratingandsynchronizingeffortsthatcreateenterprisewidecapabilities
andserviceswhileeliminatingtheunnecessaryduplicationofcapabilities.Currently,the
Componentsareconsolidatingtheirdatacentersandnetworkinfrastructure. Bydesignatinga
fewdatacentersasCoreComponentscanbuildincloudinfrastructurethatbeginsthe
processofcreatingaDoDEnterpriseCloudEnvironment.Thisprocesswillincludenetworkre
designandconsolidation,policyandprocesschanges,andtheadoptionofenterprisestandards
thatenable
interoperability
across
networks
and
between
data
centers.
The
DoD
Enterprise
CloudEnvironmentwillincludeseparateimplementationsanddataexchangesonNonsecure
InternetProtocolRouterNetwork(NIPRNet),SecureInternetProtocolRouterNetwork
(SIPRNet),andTopSecretSensitiveCompartmentalizedInformation(TSSCI)securitydomains.
ThisenvironmentwillbecloselyalignedwithIntelligenceCommunity ledinitiatives,and
supportinformationsharingwithDoDtraditionalandnontraditionalpartnersonJoint
WorldwideIntelligenceCommunicationsSystem(JWICS), andothernetworks.
InadditiontoenterprisecloudservicesprovidedDepartmentwide,Componentswillbe
encouragedto
use
or
provide
cloud
services
offered
by
other
Components,
other
entities
in
the
FederalGovernment,missionpartnersandcommercialvendorsthatmeettheirspecificmission
requirements. AllcloudservicesmustcomplywithDepartmentIA,cybersecurity,continuity,
andotherpolicies.TheDepartmentwillleveragecommerciallyofferedcloudservicesthatoffer
thesameoragreaterlevelofprotectionnecessaryforDoDmissionandinformationassets.
NewguidanceisbeingdevelopedthatwillestablishanEnterpriseCloudServiceBrokerto
managetheuse,performance,andsynchronizeddeliveryofcloudserviceofferingswithinthe
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
6/44
E3
Department,fromotherFederal,andcommercialproviders. TheBrokerwillmakeiteasier,
safer,andmoreproductiveforDoDconsumerstodiscover,access,andintegratecloudservices
tosupporttheirmission.
TheDepartmenthasidentifiedfourconcurrentstepsthatenableaphasedimplementationof
theDoD
Enterprise
Cloud
Environment:
Step1: FosterAdoptionofCloudComputing
EstablishajointgovernancestructuretodrivethetransitiontotheDoDEnterpriseCloudEnvironment
AdoptanEnterpriseFirstapproachthatwillaccomplishaculturalshifttofacilitatetheadoptionandevolutionofcloudcomputing
ReformDoDITfinancial,acquisition,andcontractingpolicyandpracticesthatwillimproveagilityandreducecosts
Implementacloudcomputingoutreachandawarenesscampaigntogatherinputfromthemajorstakeholders,expandthebaseofconsumersandproviders,and
increasevisibilityofavailablecloudservicesthroughouttheFederalGovernment
Step2: OptimizeDatacenterConsolidation
ConsolidateandvirtualizelegacyapplicationsanddataStep3: EstablishtheDoDEnterpriseCloudInfrastructure
Incorporatecorecloudinfrastructureintodatacenterconsolidation OptimizethedeliveryofmultiprovidercloudservicesthroughaCloudService
Broker
DrivecontinuousserviceinnovationusingAgile,aproductfocused,iterativedevelopmentmodel
DrivesecureinformationsharingbyexploitingcloudinnovationStep4: DeliverCloudServices
ContinuetodeliverDoDEnterprisecloudservices Leverageexternallyprovidedcloudservices,i.e.,commercialservices,toexpand
cloudofferingsbeyondthoseofferedwithintheDepartment
TheDoDCIOwillestablishajointenterprisecloudcomputinggovernancestructuretodrivethe
policyandprocesschangesnecessarytotransitiontotheDoDEnterpriseCloudEnvironment
andoverseetheimplementationoftheDoDEnterpriseCloudStrategy. Toachievethecloud
computinggoal,allbarrierstoconsolidationandtransitionmustbeaddressedwithoutmajor
delay. DoDCIOwillbethefinaldecisionauthorityandwillprovideoversightforComponent
executionofdatacenterconsolidationandcloudservices,exercisingappropriategovernanceto
ensureanefficientorchestrationofchange.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
7/44
iv
TableofContents
Introduction.................................................................................................................................... 1
CloudComputingDefined........................................................................................................... 2
Federaland
DoD
Mandates
Driving
Cloud
Computing
Adoption
...............................................
3
BenefitsDoDCanDeriveFromCloudComputing...................................................................... 4
AchievingDoDITObjectivesThroughCloudComputing........................................................... 4
ChallengestheDepartmentFacesMovingtoaCloudComputingEnvironment.......................6
TransitioningtotheDoDEnterpriseCloudEnvironment............................................................... 8
Step1:FosterAdoptionofCloudComputing........................................................................... 10
GoverntheDoDEnterpriseCloudEnvironment.................................................................. 11
Adoptan
Enterprise
First
Approach
.....................................................................................
12
ReformDoDITFinancial,Acquisition,andContractingPolicyandPractices.......................12
ImplementaCloudComputingOutreachandAwarenessCampaign..................................14
Step2:OptimizeDataCenterConsolidation............................................................................ 15
ConsolidateandVirtualizeLegacyApplicationsandData....................................................15
Step3:EstablishtheDoDEnterpriseCloudInfrastructure......................................................16
IncorporateCoreCloudInfrastructureintoDatacenterConsolidation...............................17
Optimizethe
Delivery
of
Multi
provider
Cloud
Services
via
Cloud
Service
Brokerage
........
18
UseAgileApproachestoDriveContinuousServiceInnovation...........................................19
ExploitCloudInnovationtoDriveSecureInformationSharing............................................20
OperationalDataFunctionsandInformationalDataServices.............................................20
Step4:DeliverCloudServices.................................................................................................. 22
ContinuetoDeliverDoDsEnterpriseCloudServices..........................................................22
LeverageExternallyProvidedCloudServices....................................................................... 23
NextSteps
.....................................................................................................................................
26
Conclusion..................................................................................................................................... 27
AcronymList................................................................................................................................ A1
References................................................................................................................................... B1
CloudrelatedTerms.................................................................................................................... C1
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
8/44
v
Figure1:DoDEnterpriseCloudEnvironment............................................................................... 10
Figure2:ConsolidatedCoreDatacenterswillFormtheBasisoftheEnterpriseCloud
Infrastructure................................................................................................................................ 18
Figure3:
Example
Services
Available
to
Cloud
Consumers
.........................................................
C
4
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
9/44
1
IntroductionAsbusinessandmissiondependencyonInformationTechnology(IT)grewwithintheDoD,
duplicative,costlyandcomplexITinfrastructureswerebuiltbyComponentstoexecutetheir
missionsand
run
their
businesses.
The
development,
operation,
and
management
of
these
resourcesarelargelyinefficient,costingtimeandmoneythatcouldbeapplieddirectlytowards
achievingstrategicinitiatives. AccordingtoaDefenseScienceBoardanalysisof32major
automatedinformationsystemacquisitions,theaveragetimetodeliveraninitialDoDprogram
capabilityis91monthsoncefundingisapproved. Thisistwotothreetimestheaverage
industryITrefreshcycletime,makingitdifficulttokeeppacewithuserneedsandtechnology
evolution. ContinuedtechnologymaturationhasenabledcommoditizationofcertainIT
functions(email,serverhosting,collaboration,etc.),andimprovednetworkperformancenow
allowsITorganizationstospecializeinofferingthesecommoditizedITfunctionsasserviceson
thenetwork.
TheDepartmentmusttakeadvantageofthecommoditizedITfunctionsandtransformtheway
inwhichitacquires,operates,andmanagesitsITinordertorealizeincreasedefficiency,
effectiveness,andsecurity. TheDepartmenthasbegunthistransformationbyestablishinga
setofinitiativesthatareaimedatachievingimprovedmissioneffectivenessandcybersecurity
inareengineeredinformationinfrastructure. TheresultofthisneweffortwillbetheJoint
InformationEnvironment,orJIE. TheJIEisarobustandresiliententerprisethatdeliversfaster,
betterinformedcollaborationanddecisionsenabledbysecure,seamlessaccesstoinformation
regardlessofcomputingdeviceorlocation.
TheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto
achieveJIEgoals. TheDoDCIOiscommittedtoacceleratingandsynchronizingeffortsto
eliminateunnecessaryduplicationofcapabilitieswithEnterprisewideservices,while
establishingEnterprisesecuritymechanismstoensuresecureconnectionandaccesscontrol
acrossmissionpartnerandnetworkboundaries. TheDoDEnterpriseCloudEnvironmentwill
facilitateconsolidatingandoptimizingtheDepartmentsITinfrastructure,includingdata
centersandnetworkoperations,andstandardizingITplatformsthatensureasecurecyber
environmentandleverageAgiledevelopment.TheDepartmentwillalsoadoptcommercial
cloudcomputing
solutions
to
the
greatest
extent
possible
in
support
of
the
Departments
mission. DetailedCloudComputingimplementationplanninghasbeenongoingandinforms
theJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operationand
Governanceefforts.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
10/44
2
TheFederalCloudComputingStrategy(SeeAppendixB,(ReferenceA))characterizescloud
computingasa:
profoundeconomicandtechnicalshift(with)greatpotentialtoreducethecostof
federalInformationTechnology(IT)systemswhileimprovingITcapabilitiesand
stimulatinginnovationinITsolutions.
TheDoDCloudComputingStrategylaysthegroundwork,consistentwiththeFederalCloud
ComputingStrategy,foracceleratingcloudadoptionintheDepartment. Itisintendedtofoster
asubstantivediscussionastheDepartmenttransitionstoitsEnterpriseCloudEnvironment.
CloudComputingDefined
TheNationalInstituteofStandardsandTechnology(NIST)definescloudcomputingas:
Amodelforenablingubiquitous,convenient,ondemandnetworkaccesstoashared
poolofconfigurablecomputingresources(e.g.,networks,servers,storage,applications,
andservices)
that
can
be
rapidly
provisioned
and
released
with
minimal
management
effortorserviceproviderinteraction.
ThedetailsoftheNISTcloudcomputingdefinitionsprovideasimpleandunambiguous
taxonomyofthreeservicemodelsavailabletocloudconsumersthatarethecoreofcloud
computing:SoftwareasaService(SaaS),PlatformasaService(PaaS),andInfrastructureasa
Service(IaaS). DetaileddefinitionsofthesethreemodelsappearinAppendixC,alongwith
othertermstypicallyassociatedwithcloudcomputing,suchasdeliverymodelsand
characteristics.
WhilethetraditionalITdeliverymodelisfocusedonthedevelopment,maintenanceand
operationofcomputinghardwareandsoftware,thecloudcomputingmodelfocuseson
providingITasaservice.Underthecloudcomputingmodel,thereareserviceprovidersand
serviceconsumers. Serviceprovidersspecializeinperformingspecifictasksorfunctionsfor
serviceconsumers.Theserviceprovidersandserviceconsumersinteractwithoneanotherover
anInternetProtocol(IP)basednetwork.
DoDCloudComputingGoal
Implementcloudcomputingasthemeanstodeliverthemostinnovative,efficient,andsecureinformationandITservicesinsupportofthe
Departmentsmission,anywhere,anytime,onanyauthorizeddevice.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
11/44
3
FederalandDoDMandatesDrivingCloudComputingAdoption
TheFederalGovernmentintendstoacceleratethepaceatwhichitwillrealizethevalueof
cloudcomputingbyrequiringagenciestoevaluatesafe,securecloudcomputingoptionsbefore
makinganynewITinvestments. InalignmentwithFederalandDepartmentwideITefficiency
mandates,the
DoD
is
committed
to
cloud
computing,
and
to
providing
asecure,
resilient
EnterpriseCloudEnvironment.Specificmandatesinclude:
2012NationalDefenseAuthorizationAct(NDAA)(PublicLaw11281): Thefiscal2012NDAA(SeeAppendixB,(ReferenceB))mandatesthatDoDCIOsubmitaPerformancePlanthatincludesastrategytoaddressmigrationofDefensedataandgovernment
providedservicesfromDepartmentownedandoperateddatacenterstocloud
computingservicesgenerallyavailablewithintheprivatesectorthatprovideabetter
capabilityatalowercostwiththesameorgreaterdegreeofsecurityandutilizationof
privatesectormanagedsecurityservicesfordatacentersandcloudcomputing
services.
SecretaryofDefense(SecDef)EfficienciesInitiative:TheSecDefannouncedaDoDwideefficienciesinitiative(SeeAppendixB,(ReferenceC))tomoveAmericasdefense
institutionstowardamoreefficient,effective,andcostconsciouswayofdoing
business. ThisinitiativedirectedtheconsolidationofITinfrastructuretoachieve
savingsinacquisition,sustainment,andmanpowercoststoimproveDoDsabilityto
executeitsmissionswhiledefendingitsnetworksagainstgrowingcyberthreats.
OfficeofManagementandBudget(OMB)directedFederalDatacenterConsolidationInitiative(FDCCI):TheFDCCI(SeeAppendixB,(ReferenceD))directedareductionin
datacenters
to
be
achieved
primarily
through
the
use
of
virtualization
techniques
and
leveragingcloudcomputing.
FederalCIO25PointImplementationPlantoReformFederalInformationTechnologyManagement:The25pointplan(SeeAppendixB,(ReferenceE))specifiesthatAgencies
mustfocusonconsolidatingexistingdatacenters,reducingtheneedforinfrastructure
growthbyimplementingaCloudFirstpolicyforservices,andincreasingtheuseof
availablecloudandsharedservices.
FederalRiskandAuthorizationManagementProgram(FedRAMP): FedRAMP(SeeAppendix
B,(Reference
F))
provides
joint
"provisional"
authorizations
and
continuous
securitymonitoringservicesapplicabletoExecutivedepartmentsandagencies
procuringcommercialandnoncommercialcloudservicesthatareprovidedby
informationsystemsthatsupporttheoperationsandassetsofthedepartmentsand
agencies,includingsystemsprovidedormanagedbyotherdepartmentsoragencies,
contractors,orothersources.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
12/44
4
DoDITEnterpriseStrategyandRoadmap(ITESR):TheITESR(SeeAppendixB,(ReferenceG))presentstheDoDCIOsplanforachievingthegoalsoftheSecDefs
EfficiencyInitiativeandthemandatesofOMBsFDCCIand25PointImplementation
Plan.
BenefitsDoD
Can
Derive
From
Cloud
Computing
Table2oftheFederalCloudComputingStrategy(SeeAppendixB,(ReferenceA))summarized
threeareasofcloudcomputing,reproducedinTable1,below.
Table1:Cloudbenefits:Efficiency,Agility,Innovation
Efficiency
CloudBenefits CurrentEnvironment
Improvedassetutilization(serverutilization>6070%)
Aggregated
demand
and
accelerated
system
consolidation(e.g.,FederalDatacenterConsolidation
initiative)
Improvedproductivityinapplicationdevelopment,applicationmanagement,network,andenduser
devices
Lowassetutilization(serverutilization
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
13/44
5
ReducedCosts/IncreasedOperationalEfficiencieso Consolidatingsystems,whichreducesthephysicalandenergyfootprint,the
operational,maintenance,andmanagementresources,andthenumberof
facilities
oUsing
a
pay
as
you
go
pricing
model
for
services
on
demand
rather
than
procuringentiresolutions
o LeveragingexistingDoDcloudcomputingdevelopmentenvironmentstoreducesoftwaredevelopmentcosts
IncreasedMissionEffectivenesso Enablingaccesstocriticalinformationo Leveragingthehighavailabilityandredundancyofcloudcomputing
architecturestoimproveoptionsfordisasterrecoveryandcontinuityof
operations
o EnhancingWarfightermobilityandproductivitythroughdeviceandlocationindependence,andprovisionofondemand,yetsecure,globalaccessto
enterpriseservices
o Increasing,orscalingup,thenumberofsupportedusersasmissionneedssurge,optimizingcapabilitiesforthejointforce
o Enablingdatatobecaptured,stored,andpublishedalmostsimultaneously,decreasingthetimenecessarytomakedataavailabletousers
o Enablingtheabilitytocreateandexploitmassivelylargedatasets,searchlargedatasetsquickly,andcombinedatasetsfromdifferentsystemstoallowcross
systemdata
search
and
exploitation
Cybersecurityo LeveragingeffortssuchasFedRAMPthathelpstandardizeandstreamline
CertificationandAccreditation(C&A)processesforcommercialandFederal
Governmentcloudproviders,allowingapprovedITcapabilitiestobemore
readilysharedacrosstheDepartment
o MovingfromaframeworkoftraditionalsystemfocusedC&Awithperiodicassessmentstocontinualreauthorizationthroughimplementationofcontinuous
monitoring
o Movingtostandardizedandsimplifiedidentityandaccessmanagement(IdAM)o Reducingnetworkseamsthroughnetworkanddatacenterconsolidationand
implementationofastandardizedinfrastructure
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
14/44
6
ChallengestheDepartmentFacesMovingtoaCloudComputing
Environment
MostDoDsystemshavebeendesignedtooperateinaprotectedenvironmentwithdedicated
infrastructure,andthoughcloudcomputingcontinuestodemonstratesignificantbenefits,
challengesremain.
The
Department
must
be
careful
not
to
jeopardize
its
mission
by
trading
the
confidentiality,integrity,andavailabilityofDoDinformationfordesiredbenefits.The
DepartmentwillensureadherencetotheNationalContinuityPolicy(SeeAppendixB,
(ReferenceH))thatrequirescommunications/ITcapabilitiestomaintaindataavailabilityand
resiliencetosustainComponentmission essentialfunctions(MEF)andDoDsDepartmental
PrimaryMEF(PMEF)insupportofNationalEmergencyFunctions(NEF).
Table2identifiesfivebroadcategoriesofchallengesandmitigationactivitiesthatwillhelpthe
Departmentmeetthosechallenges.Notethatthesechallengesarenotexclusivetocloud
computingand
apply
to
all
levels
of
the
Department.
Table2:ChallengesMovingtoaCloudComputingEnvironment
GovernanceandCultureChanges
Challenge Mitigation
EstablishingandmaintainingaDoDCIO ledEnterprise Firstapproach
SustainingandmanagingtheevolutionoftheEnterpriseCloudEnvironmenttoenableJIE
objectives
OvercomingculturalroadblocksthatmakeitdifficultfortheDepartmentsITcommunitytoadoptanEnterpriseFirstapproachandcloud
servicesapproach
IncentivizingentrepreneurialinnovationinthefaceofcurrentregulatoryDoDpolicyand
processmandates
ExecuteauthoritiesdelegatedtotheDoDCIOtoapprove/enforceanEnterpriseFirstcloud
approachtoJIEcapabilitiesthroughoutthe
Department
EstablishDoDCIO ledjointgovernancetooversee
Component
cloud
related
activities
EstablishcomprehensivegovernanceatServiceCIOlevelstooverseeandguide
implementationandexecution
Executeacloudawarenesseducationcampaign
AdoptAgileacquisitionandfundingmechanismstoexploitcloudinnovation
InformationAssurance,Resiliency, and Cybersecurity
Challenge Mitigation
Achievingrealtimevisibilityintoallcloudactivities
where
consumers
do
not
have
physicalcontrolovertheirsystems,andthe
systemscanchangedynamicallyasproviders
respondtoemergentcapacityrequirements
Implementingcontinuousmonitoring,handlingintrusiondetectionandalerts,andproviding
diagnosisandresponse
Ensuringcommunications/ITcapabilitiesto
ImplementInformationAssurance(IA)controlsthat
provide
real
time
monitoring
to
designatedDoDIApersonnelandprovide
methodsandproceduresformissionowners
torequestresponses
Provideacquisitionregulationandcyberdefensepoliciestowhichcloudprovidersmust
adhereinordertoadequatelysecureand
defendDoDinformation
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
15/44
7
maintaindataavailability,privacy,and
resilience
Maintainingforensic,recordsmanagement,FreedomofInformationAct(FOIA)reporting,
andtwofactorauthenticationwithDoD
CommonAccessCards
Implementneworadjustexistingtechnicalcapabilitiesforoperationwithinthecloud,
and,inparticular,providedtoDepartment
networkandsystemoperationcenters
(NOCs/SOCs)
Bolster
critical
infrastructure
protection
efforts
toensurearesilientandsustainablecloud
computingenvironment
ImplementIdAM,PublicKeyInfrastructure(PKI),andsecuredatataggingDepartment
wide
EnsureeffectiveacquisitionofcommercialcloudservicesleveragingFederalCIOCouncils,
CreatingEffectiveCloudComputingContracts
fortheFederalGovernment(SeeAppendix
B,(ReferenceI)
NetworkDependenceattheTacticalEdge
Challenge Mitigation
Providingaccesstoreliable,remotelydeliveredservicestoWarfightersandsupportpersonnel
operatinginrestrictedtacticalenvironments
(highmobility,disconnected,intermittent
connectivity,limitedbandwidthandlong
latency)
Providingadequateprotectiontoensurecontinuityofoperationsandresiliency
Deliverservicesasfarforwardaspossible,usingtheleastbandwidthpossiblewhile
ensuringofflinecapabilitiesaremaintained
ServiceAcquisitionandFundingSustainment
Challenge Mitigation
Changingfromafocusontheacquisitionofmaterielsolutionstotheacquisitionand
consumptionofcloudservices
Establishingfundingmechanismsthatcanrapidlyadapttochangingdemandtosustain
thegrowthofwidelyusedservices
Reducingoreliminatinginvestmentinunderutilizedandunderperformingservices
Implementingeffectivechangemanagementina
cloud
environment
Ensuringdataownershipandtransportabilityofdatafromonecloudprovidertoanother
Establishpoliciesandproceduresforbudgeting,funding,acquisition,andcost
recoverythatleverageafeeforservice
model
Useacloudbrokerfunctiontomanagetheuse,performance,andsynchronizeddelivery
ofcloudserviceofferings
DevelopabudgetstrategytofundinitialcloudinvestmentsacrosstheDepartment
Reduce
or
eliminate
investment
in
underutilizedandunderperformingservices
EstablishandenforceDoDcloudcomputingchangemanagementcriteria
Ensurecontractingandacquisitionmechanismspreservedataintegrityand
supportdatatransportability
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
16/44
8
DataMigration,ManagementandInteroperability
Challenge Mitigation
Ensuringthatdataandapplicationshostedinthevariouscloudservicescanbediscovered,
accessed,stored,used,andprotected among
variousDoD
components
and
mission
partners
Providingadequatesecurityservices(monitoringandresponse,IA,etc.)toensure
theintegrity,confidentiality,andavailabilityof
DoDdatainacloudcomputingenvironment
EnsuringthatthehostingofDoDComponentdatabyacloudserviceproviderissubjectto
technicalandcontractualconditionsthat
facilitatemigrationofthedatatoanother
providerorbacktotheDoDComponent
Ensuringdatainteroperabilityandsecureinformation
sharing
with
multi
national
and
othermissionpartnersviacloudservices
Ensuringdataportabilityandinteroperability EnsuringallcategoriesofControlled
UnclassifiedInformation(CUI),toinclude
PersonallyIdentifiableInformation(PII),
PersonalHealthInformation(PHI),
InternationalTrafficinArmsRegulations
(ITAR),andContractualInformation,are
properlyandadequatelysecured,controlled,
andauditedduringtransmission,processing,
andstorage
Enableintelligentdeliveryofmultisourceinformationindiverseapplicationformatsby
providingseamless,realtimeinformation
sharingthat
is
secure,
supports
multiple
platforms,andcombinesnewadvancesin
informationprocessinganddataanalysis
Enforceuseofriskassessments thatconsiderexposuretothelegal,lawenforcement,and
nationalsecurityrequirementsofthehost
country
EnsureServiceLevelAgreements(SLAs)arewrittentoaddressDoDmissionassuranceand
dataconfidentialityandavailability
requirements
Require
and
enforce
the
adoption
of
enterprisediscoverandsearch,enforcement
ofIdAManddatatagging,jointgovernance,
andcrossdomainsecuritysolutions
Requiretheuseofdataportabilityandinteroperabilitystandardsastheyemerge
EnforcecompliancewithlawsandregulationsregardingCUIdata
TransitioningtotheDoDEnterpriseCloudEnvironmentThetransitiontocloudcomputingrequiresmovingfromthecurrentstateofduplicative,
cumbersome,andcostlyapplicationsilostoanendstatewhichisanagile,secure,andcost
effectiveserviceenvironmentthatwillenableComponentstorapidlyconfigureanddeployITto
meetchangingmissionneeds. Thetransitionwillnotbeaccomplishedallatonce,butin
plannedphases,buildingonthesuccessesandlessonslearnedfromDoDandIndustrycloud
initiativesastheyareimplemented.
ThevisionfortheDepartmentisamultiproviderEnterpriseCloudEnvironmentthatmeets
DoDITobjectives. Programmanagersandapplication/serviceownerswillgenerallynotneedto
designthephysicalinfrastructurethathostsandrunstheirsoftwareapplications. Instead,they
willberesponsiblefordesigninganddevelopingapplicationsandservicesthatoperatewithin
thecomputingenvironmentsofferedbyDoDdatacenterproviders. NewCoredatacenters,
andstandardsbasedequipmentdeployedinregionalandtacticaldatacenters,willprovidethe
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
17/44
9
physicalcomputinginfrastructuretodeliverdataandcloudservicestotheuser,regardlessof
accesspointorthedevicebeingusedacrosstheGlobalInformationGrid(GIG). Thesedata
centerswillhostexistingapplications,provideaviableplatformforthedevelopmentofnew
applications,andenablesharedhostedservices.
TheDepartment
will
be
responsible
for
the
Enterprise
Architecture
and
standards
that
will
guidehowtheDoDcloudisdesigned,operated,andconsumed. TheEnterpriseCloud
Environment,inturn,willdrivearchitecturesandstandardsthatextendthefullrangeofIT
servicestomobiledevicesandtothetacticaledge. TheEnterpriseCloudEnvironmentwill
provideDepartmentwideservicesattheenterpriselevelthatenableimprovedinteroperability,
access,dataintegrity,andsecurity. InadditiontoenterpriseservicesprovidedDepartment
wide,Componentswillbeencouragedtouseorprovidecloudservicesofferedbyother
Components,otherentitiesintheFederalgovernment,missionpartnersandcommercial
vendorsthatmeettheirspecificmissionrequirements. Allserviceswillcomplywith
DepartmentIA,
cybersecurity,
continuity
and
other
policies.
TheDoDEnterpriseCloudEnvironmentwillsupportnewapplications,accesstolegacy
applicationsanddataexchangesonNIPRNet,SIPRNet,andTopSecretSensitive
compartmentalizedInformation(TSSCI)securitydomains. Thisenvironmentwillbeclosely
alignedwithIntelligenceCommunityinitiativesandwillsupportinformationsharingwithDoD
traditionalandnontraditionalpartnersonJWICS,themissionnetwork,andothernetworks.
TheDoDCIOwillleadNIPRNetandSIPRNeteffortswhiletheDirectorofNationalIntelligence
(DNI)/CIOwillleadTSSCIandabove.
Figure1is
alogical
depiction
of
the
envisioned
DoD
Enterprise
Cloud
Environment
end
state.
It
illustratesthattheDoDEnterpriseCloudisanintegratedenvironmentontheGIG,consistingof
DoDComponents,commercialentities,Federalorganizations,andmissionpartners.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
18/44
10
Figure1:DoDEnterpriseCloudEnvironment
TheDepartmenthasidentifiedfourconcurrentstepsthatenableaphasedimplementationof
theDoDEnterpriseCloudEnvironment:
Step
1.Foster
Adoption
of
Cloud
Computing
by
establishing
a
strong
governance
structure
that
hastheauthorityandresponsibilitytodriveanEnterpriseFirstapproachandenableIT
financial,acquisition,andcontractingpolicyandpracticereforms.
Step2.OptimizeDataCenterConsolidationbyimplementingalimitedsetofstandardizedsoftwareplatformsanddatacentersthatwillenableeffectivemanagementasasingle
enterprisewithareducedintrusionsurfaceforcyberthreats.
Step3.EstablishtheDoDEnterpriseCloudInfrastructureasthefoundationforrapidparticipationintheDoDEnterpriseCloudEnvironment.
Step4.DeliverCloudServicesusingcommercialserviceprovidersandcontinuingthedevelopment
and
implementation
of
DoD
cloud
services.
Thefollowingsectionsdescribethesestepsingreaterdetail.
Step1:FosterAdoptionofCloudComputing
ITGovernancethatestablishesanEnterpriseFirstapproachtothefunding,acquisition,
creation,managementanduseofcloudservices,throughpolicyandprocesschange,is
AccessatPointofNeed(Mobile,Work,Deployed,Home)
CommonC2&RealTimeSA
SecureCommunications
BetweenNodes
Commercial Services
DoDServices&AppsGlobalSecureAccess&Data
DeployableEdgeNodes
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
19/44
11
essentialinfosteringadoptionofcloudcomputing. TheDoDCIOwillexecutedelegated
authoritiestoapprove/enforceanEnterpriseFirstcloudapproachtoJIEcapabilitiesthroughout
theDepartment. TheDoDCIOiscommittedtoworkingwithmajorstakeholders,suchasthe
DefenseInformationSystemsAgency(DISA),JointStaff,andMilitaryDepartment(MILDEP)
CIOs,
to
implement
an
outreach
and
awareness
campaign
to
expand
the
base
of
consumers
and
providers,andincreasethevisibilityofavailablecloudservicesinotherpartsofthe
Government.
GoverntheDoDEnterpriseCloudEnvironment
ComprehensivejointITgovernance,ledbytheDoDCIO,willdrivethechangesnecessaryto
transitiontocloudcomputing. Enhancedgovernanceprocessesandpolicyenforcement
mechanismswillbeinstitutedtomanagetherapidevolutionofcloudserviceswithinthe
Department,maximizingthepotentialvalueofcloudservicesandminimizingtherisks.Strong
governancemechanismswillsupportconsistentinterpretationofpolicy,monitorDoD
enterprisecloudperformance,andaddresscloudserviceconsumerandproviderissues.
DoDCIO ledgovernancewillfacilitateanenterpriseapproachtocybersecurity,continuityof
operations,IA,resilience,andensurethatDoDsEnterpriseCloudEnvironmentiscompliant
withallexistinglawsandregulations. TheDoDEnterpriseCloudEnvironmentwillrequirerigid
standardsforhowusersareidentified,transmissionisassured,andresources(persons,
organizations,groupsandapplications),aretracked.
EffectivegovernanceandcollaborationwithkeyDepartmentleadersandstakeholdersis
necessarytoestablishpolicyandorganizationalprocesschangesthatwilltransformthewayIT
isacquired,operated,andmanaged. CoordinationwilloccuroutsidetheDepartmentwith
stakeholdersfromtheNationalSecurityAgency(NSA)othersintheIntelligenceCommunityand
otherFederalpartnersastheyevolvetheirowncloudservices.
TransitiontocloudcomputingmayrequireupfrontinvestmentsandrealignmentofplannedIT
roadmaps. TheDepartmentwillusebusinesscaseanalysistodeterminebestvaluebetween
alternatives,andwilldefineaninvestmentmanagementprocessthatenablestherapid
evolutionofenterprisecloudservicesandpreventsnonstandardsbasedITservicesilosfrom
proliferatingwithintheEnterpriseCloudEnvironment.
TheDepartmentsITgovernancemustensurealignmentofDoDinvestments,includingProgram
ObjectiveMemorandum(POM)activities,policies,processesandstandardsthatwillenablea
transitiontocloudcomputing. TheDepartmentwillexercisegovernancemechanismsto
ensurecloudcomputingoptionsareanalyzedduringthecourseofDoDbudgetandacquisition
processesforeachITcapabilitydevelopmentinitiativeincompliancewithOMBguidance(See
AppendixB,(ReferenceJ). AComponentsdecisiontomovedatatoacloudcomputingservice
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
20/44
12
Higherflexibility,lowercosts,
improvedqualityofservice
Changetherules
andmakeit
happen
willbalancebenefitsandrisk,measuredagainstDoDmissionassuranceanddataconfidentiality
requirements.TheseassessmentsandapprovalswillbeconductedinaccordancewithFederal
lawsandregulationsgoverningtheprotectionofGovernmentinformation,andDoDIAand
informationsecuritypolicies.
Comprehensivegovernance
processes
will
promote
and
enable
the
use
of
standardized
SLAs
thatfacilitatetheadoptionofsharedservicesandvirtualcomputingresourcesformissionand
supportfunctions. SLAsmustdefineperformancewithconsistentandcleartermsand
definitionsanddemonstratehowperformancewillbemeasured. Governancewilldefinethe
enforcementmechanismsthatshouldbeinplacetoensureSLAsaremet. TheDepartmentwill
driveefficienciesbyusingCommercialbusinessmodels,ensuringcompetitionandsettingnew
performancestandards,targets,andmetrics,aswellasmonitoringandreportingprogress.
AdoptanEnterpriseFirstApproach
TheEnterprise
First
approach
is
acultural
shift
to
transform
DoDfromacoalitionofDepartmentsandAgencieswith
theirmissionspecificsetsofsystems,processes,
governance,andcontrolstoamoreseamless,coordinated,unified,andintegrateddatacentric
enterpriseinformationenvironment. TheDepartmentseffortsingeneralwillbedirectedto
reducerelianceonnonshareable,dedicatedinfrastructures.Componentswillbeincentivized
torelyonshared,virtualizedinfrastructurethroughautilityorcloudcomputingdeliverymodel.
LegacyITsystemswillbemigratedtoasharedcomputingcapabilitywhereverpractical.
AdoptinganEnterpriseFirstapproachwillreducetheacquisitionandmaintenanceof
dedicated,programspecificresources.Thedesiredoutcomeisthetransformationofthe
DepartmenttoanEnterpriseCloudEnvironmentwithcommonstandards,consolidated
cybersecurity,continuityofoperations,IA,resilience,andcentralizedgovernance.ReformDoDITFinancial,Acquisition,andContractingPolicyandPractices
TodaysdeliveryandoperationofaDoDEnterpriseCloudEnvironment
ishamperedbyexistingpoliciesandprocessesthatwereimplemented
tosupporttraditionalITacquisition. TheDepartmentstypical
acquisitionapproachbasesinvestmentdecisionsonsignificant
investigationof
capability
needs,
requirements
definition,
analysis
of
alternatives
(AoA),
and
systemgrowthprojections.Thisworksinanenvironmentwithrelativelyfixedrequirements,
knownfutureneeds,andstatictechnology,butdoesnotaccommodateamultiprovidercloud
environment. TheDepartmentmustalterthisacquisitionapproachifitexpectstokeeppace
withITadvancementsandachievetheefficienciestheseadvancementsrepresent. To
accomplishthis,theDepartmentmust:
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
21/44
13
StreamlineKeyDoDProcessestoreduceOperationsandMaintenance(O&M)costsby
leveragingeconomiesofscale,andautomatemonitoringandprovisioningtoreducethe
humancostofservicedeliveryandassurance.
ChangeAcquisitionandContractingModelstoreduceacquisitioncomplexity;shiftthe
DoDmindset
from
acquiring
and
managing
IT
assets
(materiel
solution
development)
to
providingandconsumingservices; andsupportnewfunding,contracting,and
acquisitionmodelsforagilesolutions.
PublishGuidanceandPoliciesthatsupporttransitionto,anduseof,cloudservices.
TheDepartmenthasinitiatedeffortstodevelopJIErequirementsforcloudservicesthatcanuse
incrementalinvestmentsandfeeforservicemodelsratherthanlargescale,upfront
investments. Newandinnovativefundingmechanismsareneededthatcanrapidlyadaptto
changingdemandandsustainthegrowthofpopularservices.Servicesalreadydevelopedby
theComponents
for
their
use
could
be
extended
and
shared
across
the
Department.
As
efficienciesaregainedthroughdatacenterconsolidation,somesavingsmayresource
additionalcrossserviceinvestments. Periodicvalueassessmentswilldriveadditional
investmentsanditerativerefinements.Toaccomplishtheneededchange,theDoDCIOwill
workwiththefollowingorganizationstoupdaterelatedpoliciesandprocesses:
USD(Policy)toupdate:o POMguidanceandthePOMissueprocessforenterprisecloudservices
JointStafftomodify:o JointCapabilitiesIntegrationandDevelopmentSystem(JCIDS)/Capabilities
RequirementsProcessdocumentation(ChairmanoftheJointChiefsofStaff
Instruction(CJCSI))(SeeAppendixB,(ReferenceK)).
o InteroperabilityofITandNationalSecuritySystems(NSS)(SeeAppendixB,(ReferenceL))
USD(Acquisition,Technology,andLogistics)tomodifyorestablish:o ProvisionsintheDefenseAcquisitionSystem(DAS)(SeeAppendixB,(Reference
M))thatensuretheconsiderationoftheuseofenterprisecloudservicesasa
mandatoryelementoftheAoA
o BusinessCapabilityLifecycleprocesso Newstandardcontractclausesandanyaccompanyingchangesnecessarytothe
DefenseFederalAcquisitionRegulationSupplement(DFARS)
USD(Comptroller)/CFOandDCAPEtomodifyorestablish:o Planning,Programming,BudgetingandExecution(PPB&E)(SeeAppendix
B,(ReferenceN))
o NewProgramElementandbudgetlineitemresources
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
22/44
14
o IncreasedvisibilitywithinauthoritativeDoDresourcedatabaseso Establishnewcontractsandcontractingvehicles
DoDComptrollerandCFOto:o RevisePPB&Eregardingenterprisecloudservicesandestablishprovisionsinthe
DoD
Financial
Management
Regulation
o Addressappropriateresourcingmethodologiesandsourcesforfundingcloudservicesandmigrations
DCMOtoalignBusinessMissionAreapoliciesandprocedures.ImplementaCloudComputingOutreachandAwarenessCampaign
Thegreatestimpedimenttothesuccessfuladoptionofcloudcomputingisnottechnologicalin
nature,butrather,thesetofculturalroadblocksthatmakeitdifficultfortheDepartmentsIT
communitytoadoptanewtechnology. Aswithanysignificantchange,themovetothecloud
requiresashiftinmindsettoacceptnewwaysofcreatingsolutionsandaninformedworkforce
toenableacceptanceanduseofcloudservices.
TheDoDCIOwillimplementacloudcomputingoutreachandawarenesscampaigntogather
inputfromthemajorstakeholders,expandthebaseofconsumersandproviders,andincrease
visibilityofavailablecloudservicesthroughouttheFederalgovernment. Currentcloudrelated
activitieswillprovideinputtothedevelopmentofcloudcomputingplanningand
implementationguidance. Specifically,theseactivitieswillinformtheDepartmentonthekey
benefitsandchallengesofcloudservices,includingvaluepropositions,securityfeaturesand
challenges,samplemitigationstrategies,training,lessonslearned,andcasestudies. This
outreachwill
include:
Identifyingbestpracticestoguidestakeholdersintheadoptionandimplementationofcloudservices,includingtheacquisitionandprovisioningprocessandidentifyingand
evaluatingassociatedcomplianceandlegalissues
Establishingmethodologiestoenableeffectiveassessmentandimplementationofcloudservices,includingconsiderationofmaturity,costrecovery,securitycompliance,etc.
Identifyingchallengesandrecommendingmitigationstoresolvethem Identifyingmetricsandperformancemeasuresthatdemonstratesuccessfulmigrations
and
use
of
cloud
services
Identifyingandassessingnewandevolvingtechnologiesinthemarketplaceandprovidingfeedbackonthematurityoftheseofferings
ProvidingspecificskillstrainingforacquisitionandcontractingspecialistsforagileITprocurements,includingcloudcomputing. ITprogrammanagersmustalsoacquirethe
skillsneededtomakeinformeddecisionsregardingexistingandplannedcloudservices
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
23/44
15
Emphasizingindividualandorganizationalresponsibilitytoassessandmanagerisksassociatedwithcloudcomputing
Step2:OptimizeDataCenterConsolidation
In
August
2010,
the
Secretary
of
Defense
directed
the
consolidation
of
IT
infrastructure
to
achievesavingsinacquisition,sustainment,andmanpowercosts,andtoimprovetheDoD's
abilitytoexecuteitsmissionswhiledefendingitsnetworksagainstgrowingcyberthreats. In
response,theDepartmenthasidentifiedopportunitiestoconsolidateDoDITinfrastructure
throughseveralinitiatives,oneofwhichisdatacenterandserverconsolidation. Asidentified
intheJIE,enterprisedatacenterconsolidationinvolvesComponentapplicationsanddata
transitioningtoCoredatacentersandtheDoDEnterpriseCloudEnvironment.
TheDepartmentwillreducethehardwarefootprintindatacentersbyimplementingserver
virtualizationandInfrastructureasaService. Inaddition,DoDwillreducesoftwareredundancy
andincrease
interoperability
through
the
implementation
of
alimited
set
of
standardized
softwareplatformsthatarecontinuouslymonitoredandrespondtoemergingthreats.
Optimizingdatacenterconsolidationwillfacilitatestandardizationacrossdatacentersinthe
waytheydeliverservicestousersandtheinternalprocessesusedtomanagethebusiness
operation.Consolidationwillnotonlyreducethecostofdatacenterinfrastructure,butwill
enableeffectivemanagementasasingleenterprisewithareducedintrusionsurfaceforcyber
threats. Combiningtheestablishmentofcorecloudinfrastructurewithdatacenter
consolidationwillestablishthefederationandstandardizationofCoredatacentersforthe
DoD.
ConsolidateandVirtualizeLegacyApplicationsandData
ConsolidatingdatacentersthroughouttheDepartmentintoasmaller,coredatacenter
infrastructurewillreducethenumberofdifferenthardwareplatforms,whichwillresultinan
eventualsavingsinequipment,facility,andoperationalcosts. Althoughcoredatacentersmay
beoperatedbydifferentorganizationswithinDoD,theywillalloperateaccordingtostandard
operational,business,andITServiceManagementprocessestoensurethattheyfunctionasa
single,logicallyseamlesscomputingenvironmentmeetingallrequirementsforgracefulfail
over,disasterrecovery,continuityofoperations,security,resiliency,andloadbalancing.
TheconsolidateddatacenterswillbeguidedbytheNISTCloudComputingReference
Architecture,andtheNISTCloudComputingStandardsRoadmap.LeveragingtheNIST
guidance,aDoDCloudReferenceArchitecturewillincludemodularinfrastructurethatwillscale
upfordeploymentwithinlarge,ContinentalUnitedStates(CONUS)datacentersandscale
downtooffercontainerizedandsmallfootprintcomputingresourcesinregionalfacilitiesand
deployedtacticaledgeenvironments.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
24/44
16
Throughvirtualization,datacenterswillfocusonhostingexistingapplicationsandprovidinga
viableplatformforthedevelopmentofnewapplicationsandsharinghostedservices.The
enterprisecloudarchitectureandstandardswillextendthefullrangeofITservicestomobile
devicesandtothetacticaledge. Aslegacyapplicationsaremigratedandnewapplicationsare
produced,
each
will
gain
built
in
features,
such
as
support
for
multi
data
center
replication,
followmedatathatautomaticallymovestowhereitisneeded,andintelligentinformation
servicesthatleveragenewsanddataavailableacrosstheDepartment.
TheDoDITESRidentifiesdatacenter,networkandserverconsolidationfortheGIGcomputing
environmentaskeyinitiatives. Throughconsolidationandvirtualization,theDepartmentwill
developaDoDenterprisecloudplatformthatmeetsseveralobjectivesoftheDoDITESR
includingdeliveringservicestothetacticaledge. Consolidationandvirtualizationwillenable
accesstoreliable,remotelydeliveredservicestoWarfightersandwillsupportpersonnel
operatinginrestrictedtacticaldisconnected,intermittentandlowbandwidth(DIL)
environmentsfrom
any
device,
anywhere
and
anytime.
Smart
replication
will
ensure
that
clusteredinformationautomaticallymigratestonearbyresources. Useofthelateststandards
forofflinedatastorageandapplicationswillsupportspecifiedmobileanddesktopplatforms.
Enduserswillaccessvirtualserversthathavebeenallocatedtoprovideclientsideapplications
andservicessupportingmultipleinformationdomainaccess.
VirtualDesktopInfrastructure(VDI)initiativeswillreducedesktopcapital,maintenance,and
managementcosts.Theseeffortswillreducetimetodelivernewendusercapabilitiesand
shortencycletimeforupgradesthroughincreasedautomationefficienciesrequiringless
support
and
facilitating
compliance
with
DoD
standards
and
policy.
DoDwillrealizesavingsbykeepinghardware,softwareandoperationsasconsistentand
standardizedaspossible,whilealsoreducingthenumberoftools,activitiesandpersonnel
neededtoperformthesamebasicfunctions.Aportionofthesavingsthatresultsfrom
consolidationandstandardizationcouldgotowardsfundingthedeliveryoftheseservices,
eitherattheComponentlevelorattheEnterpriselevel;however,potentialefficienciesmay
notbeautomaticallyrealizedwithoutaddedresources.
Step3:EstablishtheDoDEnterpriseCloudInfrastructure
TheDepartment
will
provide
an
enterprise
cloud
infrastructure
that
is
resilient
and
operates
seamlesslybetweenallDoDComponents.Thisenterprisecloudinfrastructurewillbe
incorporatedintocoredatacentersandistheenginebehindtheDoDEnterpriseCloud
Environment.Anessentialpartofthecloudinfrastructureiscloudservicebrokeragewhich
makesiteasier,safer,andmoreproductivetonavigate,integrate,consume,extendand
maintaincloudservices,particularlywhentheyspandiverseDepartment,Federaland
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
25/44
17
Thefoundationforrapid
participationintheDoD
enterprisecloudenvironment
commercialcloudserviceproviders.Additionally,thecloudinfrastructurefacilitatesAgile
methodsandwillprovideatestanddevelopmentenvironmenttoenablerapidservicedelivery.
Cloudcomputingcanofferahighlyresilientcomputingenvironmentthatdoesnothaveasingle
pointoffailure. Thefailureofonenodeofasysteminacloudenvironmentshouldhaveno
impact
on
overall
information
availability,
reducing
the
risk
of
perceivable
downtime.
The
DoD
EnterpriseCloudInfrastructuremustensurethesecurityofdataandinformationbyreducing
thecomplexityoftheinformationenvironmentandmakingcertainthatallDoDComputing
ServiceProviderenvironmentsoperateattheminimumacceptablestandardsoutlinedwithin
currentDoDpolicyandtechnicalguidance.
IncorporateCoreCloudInfrastructureintoDatacenterConsolidation
IncorporatingcloudinfrastructureintoCoredatacenter
datacentersprovidesbenefitsbeyondthoseachieved
throughdatacenterconsolidationalone. Ascoredata
centersareestablished,cloudfunctionssuchasIaaS,SaaS,
PaaS,andcontentcachingwillbeadded. CoredatacenterswillmeetExemplardatacenter
standardssupportingcloudbasedEnterpriseServicesservingaglobaluserbase. Optimized
CoredatacenterswithCloudreadyinfrastructurewillenablesecure,highlyscalable
applicationstoberapidlydeveloped,deployed,andcontinuouslyimprovedwhilehostingthose
legacyapplicationsandsystemsthatarestillvitaltotheDoDmission.
Figure2illustratesthetransitionfromtodaysenvironmenttoconsolidatedandvirtualized
applicationsanddata,andfinallytoacloudinfrastructurethatenablestheDepartmentsmove
toacloud
computing
environment.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
26/44
18
TheEnterpriseHubforruntime
selection,integrationand
deliveryofservices
Figure2:ConsolidatedCoreDataCenterswillFormtheBasisoftheEnterpriseCloud
Infrastructure
OptimizetheDeliveryofMultiproviderCloudServicesviaCloudService
Brokerage
Tosustainanintegratedandoptimizedmultiprovider
cloudenvironment,aCloudServiceBrokerwithbotha
technicalandanorganizationalcomponentisneededto
managetheuse,performance,andsynchronizeddelivery
ofcloudserviceofferingswithintheDepartment,fromotherFederal,andcommercial
providers. ThebrokerwillenableDoDorganizationstotailortheavailabilityanddeliveryof
cloudservicesbasedontechnicalandmissionrequirements. Forexample,ratherthaneach
DoDorganizationmonitoringserviceproviderperformanceandsecuritycontrols,thebroker
willbethecentralpointforintegratingthisinformationfromeachoftheprovidersandmaking
itavailable
to
the
various
DoD
stakeholders.
Moving
beyond
the
ability
to
match
potential
consumerswiththebestservicestomeettheirneeds,thebrokerwillprovideanintegratedset
ofcapabilitiesthateachDoDorganizationwouldhavehadtodeliver. Someofthese
capabilitiesinclude:
LocalSystems RemoteSystemsDataCenter DataCenter
CurrentState
LocalDataCenter
RemoteDataCenter
RemoteDataCenter
Hardware Hardware Hardware Hardware Hardware Hardware
Virtual Virtual Virtual
Enterprise Services
TransitionStateConsolidate andvirtualize legacyapplications
&data
to
reduce
costs
and
make
infrastructureDoD Cloud ready
LocalDataCenter RemoteDataCenter RemoteDataCenter
H ar dw ar e H ar dwa re H ar dw ar e H ar dwa re H ar dwa re H ar dw ar e
DoDCloudPlatformDoDEnterprise DataEnvironmentDoDCloudApps andServices
CloudStateImplementanadvancedDoD CloudInfrastructure
todeliverEnterprisereadycloudservices
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
27/44
19
Eliminatesobsolescence
atthetimeofdelivery
EnsuringcompliancewithDoDIArequirementsforencryptionandkeymanagementintegrationwithDoDsemergingIdAMservices
Enablingintegratedcyberintrusiondetectionandresponse Enablingacommonentryintothecloud theDoDcloudservicestorefront Providinganintegratedbillingandcontractinginterface ManagingintegratedservicedeliveryfromDoDandcommercialserviceproviders ProvidingintegratedidentityandaccesscontrolsandintegrationwithDoDsemerging
IdAMservices
Controllingusageandoptimizingcloudworkloaddistribution MaintainingconfigurationcontrolandcomplianceofDoDresourcesdeployedintothe
cloud
EnsuringthatprovidersmaintainDoDstandardsandarchitecturalcompliance EnablingcontinuousmonitoringandreportingonperformanceofSLAsandIAcontrols Providingacommon,integratedhelpdesk
StartingwithasimpleonlinecatalogofDoDcloudservices,theCloudServiceBrokerfunction
willgrowtoenableDoDcustomersandorganizationstotailorthesetofavailableservicesand
optimizethecloudperformancebasedontheirtechnicalandmissionrequirements.
UseAgileApproachestoDriveContinuousServiceInnovation
TheeffectivedeliveryofDoDprovidedcloudserviceswillrequire
theDepartmenttotransitionfromanacquisitionprocessfocused
onacquiring
materiel
solutions
to
one
focused
on
operating,
and
continuallyenhancing,services. UseofAgileprocesseswillenablerapidandcontinuousservice
improvementinresponsetochangingmissionneeds.TheDepartmentwillestablisha
consolidated,enterprisedevelopmentandtestcloudenvironment,providedbyComponents,
toenablecontinuousdeliveryandintegratedDevOps. Thistestanddevelopmentcloud
environmentwillenableapplicationsandservicestoruninadistributedenvironment,reducing
timetodelivercontenttoclients.
Thisclouddevelopmentandtestenvironmentwill:
"DevOps"isanemergingsetofprinciples,methods,andpracticesforcommunication,
collaborationandintegrationbetweensoftwaredevelopment(application/software
engineering)and
IT
operations
(systems
administration/infrastructure)
professionals
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
28/44
20
IncreasedDecisionSuperiority
throughdataintensiveanalytics
EnableagiledevelopmentandcontinuousenhancementofDoD providedcloudservicesthatwillrapidlyrespondtochanginguserneeds,technologies,andthreats
Facilitatetheoptimalmigrationandintegrationoflegacysystemsintothecloudenvironment
Reduce
duplicative
hardware
and
software
expenses
necessary
to
support
a
developmentprogram
Enabletheprovisionofautomatedassemblyandtestofsoftwaresystems IncorporateadditionaldevelopmentandtestservicesprovidedbyDoDComponentsand
commercialproviders
Includeanintegratedsetofservicestoincludeautomatedondemandprovisioningofdevelopmentandtestcloudresources
Enabletheintegrationofidentitymanagement
Exploit
Cloud
Innovation
to
Drive
Secure
Information
Sharing
TheEnterprisecloudinfrastructurewillenableadata
centricapproachtothedevelopmentand
implementationofcloudservices.Thedeploymentof
standardizeddatainterfaceswithinthecloudwillallowusersanywheretoretrieve,scrub,and
sanitizedataondemandoveravastarrayofprotocolsandtechnologies. Thecloud
infrastructurewillfacilitatemanagingtherapidlyincreasingamountsofdata. Innovativedata
cloudserviceswilldeliveractionableinformation. TheDepartmentwillleverageandalignwith
ICcloudservices.
OperationalData
Functions
and
Informational
Data
Services
TheDepartmentistakingadatacentricapproachtocloudservices,andwillsecurelyarchitect
forinteroperability.Improvingthequality,accessibility,andusabilityofDoDdatathroughwell
definedstandardswillincludetheuseofmachinereadableformatssuchaswebservicesand
commonmetadatataggingschemas.
TheNISTCloudComputingReferenceArchitectureidentifiestheimportanceofdataand
commondatafunctionsaskeyunderpinningsofcloudcomputing.Whilethereference
architectureisstillevolving,NISTcurrentlyseparatesdatafunctionsintotwocategories:
operationaldata
functions
and
informational
data
services.
Operationaldatafunctionsincludeactivitiessuchasdatatagging,dataintegrity,datasecurity,
dataportability,datatransport,datapresentation,datamaintenance,andfilemanagement.
Operationaldatafunctionssupportthemanipulation,extraction,andpresentationof
meaningfulresultstoendusers,andareprimarilyusedandmaintainedbythecloudprovider.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
29/44
21
Informationaldataservicesenabletheaggregationorthemashupofmultipledatasources
locatedindatacentersacrosstheglobeintoacorrelatedpurposefuldatasetsupportinga
usersmissionneeds. Dataservicescanbedefinedasasetofcomputingservicesexposing
informationaldatainawaythatadheretocloudcomputingreferencearchitecturestand
alone
or
within
a
system
of
systems.
These
services
are
useful
to
end
users
because
of
the
standardizedformatandmethodologiesthatallowthemtoaccessandworkseamlesslywith
theinformation.
NISTcurrentlymapsinformationaldataservicestotheSaaSandPaaSlayers,andoperational
dataservicestoSaaS,PaaS,andIaaSlayers.
DataasaService(DaaS)
Becauseof thehugeimpactthatcloudcomputingcandelivertoimproveDoDdataand
informationmanagement,theDoDCloudComputingStrategydivergesfromtheNISTcloud
servicemodel
definitions
to
uniquely
identify
DaaS
and
the
resulting
DoD
Data
Cloud
as
key
concepts.WithintheDoD,DaaSencompassestwoprimaryactivities. Thefirstisthecontinued
implementationoftheDoDDataStrategyanddeploymentofstandardizeddatainterfacesthat
makeDoDinformationvisibleandaccessibletoallauthorizedusers. Thesecondisthe
incorporationofemergingbigdatatechnologiesandapproachestoeffectivelymanage
rapidlyincreasingamountsofinformationanddelivernewinsightsandactionableinformation.
EmbracingCloudBasedDataTechnologies
Whilerelationaldatabasesanddatawarehouseshavedominatedthedataenvironmentforthe
pastquartercentury,thesetraditionaltechnologiesareillsuitedtothenewchallengesbeing
facedasdatastoragerequirementsbegintoapproachquadrillionsofbytes(petabytes).Asthe
volumesofunstructuredandstructureddatasetsproliferate,ourabilitytocaptureand
effectivelyprocessthisinformationhasnotkeptpace. Thecomplexitiesofcapture,store,
index,andaccessoflargedatastoreshavemadeitdifficultfortheDepartmenttofullyleverage
ourincreasingvolumesofdataandinformation.
CloudcomputingtechnologiessuchasnoSQLdatabases(e.g.,GooglesBigTableandApaches
Hadoop/HBase)andparallelcomputingclustersprovidenewcapabilitiestomanagelarge,
diversedata
sets,
enable
new
data
transformation
methods
and
enable
advanced
analytics.
Departmentdatacloudsbasedonthesetechnologieswouldenableelasticscaling,distributing
thedataacrossmultiplehostsasloadincreases;improvedatamanagementeconomicsbyusing
clustersofcheapcommodityserversratherthanexpensiveproprietaryserversandstorage
systems;implementflexibledatamodelsthatwouldallowapplicationstoeasilystorevirtually
anydatatypeorstructurewithoutmajormodifications;andoperateonadynamicandresilient
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
30/44
22
LoadandRunenterprise
ready,fielddeployable
applicationservices
dataplatformthatautomaticallydistributesandsynchronizesdataacrossDoDsvariedmission
environments.
DatatransportandcloudtocloudInteroperabilityentailmovingdataandapplicationsof
varyingsizeandcomplexityfromexistingdesktopstothecloudwhileensuringdata,
applicationsand
services
hosted
within
the
enterprise
cloud
environment
are
compatible
so
thatinformationcanmovefreely. Dataretrievalandviewingbenefitsfromacloudapproachby
presentingdatafromitssourcelocationratherthantransportingitacrosstheInternet.By
contrast,crossdomainservicesareessentialtoachievingDoDITobjectivesandtheenterprise
cloudenvironmentandwillrequiremorerobustsecuritycontrolstoensurethatclassified
informationisnotcompromisedbetweenhighandlowsecuritydomains.
Step4:DeliverCloudServices
TheDepartmentwillbuildonitsenterpriseserviceseffortsandcontinuetodeliverDoDCloud
servicesthat
provide
improved
IT
capabilities
at
reduced
costs.
Components
will
be
encouragedtouseEnterpriseServices,sharedservices(cloudservicesofferedbyother
Components,theFederalGovernment,missionpartners)andcommercialvendorsthatmeet
theirspecificmissionrequirements.TheDepartmentwillreviseIApolicies,standards,and
processestoenhancethereliabilityandsecuritypostureofDoDandcommercialcloudservices.
ContinuetoDeliverDoDsEnterpriseCloudServices
Currently,DoDconsumershaveaccesstoseveralcloud
services,includingserviceswhichareprovidedbyDISAand
hostedin
DoD
enterprise
data
centers,
afew
of
which
are:
DefenseConnectOnline(DCO) GlobalContentDeliveryService(GCDS) Forge.mildevelopmentplatformtools RightNowCustomerRelationshipManagement(CRM)tools RapidAccessComputingEnvironment(RACE)forprocessingresources
Continuingtodelivertheexistingservicesaboveanddevelopingandofferingthefollowing
enterpriseservicesviatheDoDEnterpriseCloudEnvironmentwillsupportmeetingthe
DepartmentsIT
objectives:
EngineerGlobalFederationApproach:TheDepartmentwillengineeraglobalfederationapproachtosupportcentralmanagementandfullinteroperabilityacross
multiplecloudsoperatedbytheComponentswithintheDoDEnterpriseCloud
Environment
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
31/44
23
Abiggertoolboxfor
ourWarfighters
EnterpriseFileStorage:TheDepartmentwillimplemententerprisefilestorageasacapabilitytoenableglobalaccesstodataandfilesbyanauthorizeduser,from
anywhereandfromanydevice
EnterpriseDirectoryServices:TheDepartmentwillimplemententerprisedirectoryservices
to
make
data
visible,
discoverable,
and
accessible
UnifiedCapabilities:TheDepartmentwillmigratelegacyvoice,videoanddatacollaborationservicestoeverythingoverIP(EoIP);standardizeandconsolidate
ComponentIPconvergenceeffortsacrossDoDtoreducecostandstreamline
management;enhancewirelessandmobilitysupport;andproviderealtime
collaboration(assured,integratedvoice,video,anddataservices)
CrossDomainSolutionasanEnterpriseService:TheDepartmentwilldeveloptheenterpriselevel,crossdomainsolutionsrequiredtofulfillemergingcapabilityneedsand
userrequirementsacrosstheDoD.DISAwillcontinuetoemployadiversebestofbreed
fleet
of
cross
domain
technologies.
EnterpriseMessagingandCollaboration:TheDepartmentwillprovideasetofEnterpriseMessagingandCollaborationcapabilitiesthatincludes,ataminimum,instant
messaging(IM),chat,email,portal,andwebconferencing. Othercapabilitiestobe
providedfacilitatedatataggingandrecordsmanagement.Thesecapabilitiesenable
informationsharingfromanydeviceattachedtoaDoDnetwork.
IdentityandAccessManagement(IdAM)Services:TheDepartmentwillimplemententerprisewideIdAMservicesthatarefocusedonmanagingdigitalidentity,
credentialingandauthenticatingusers,authorizingaccesstoresources,andusingdata
tagging
to
support
and
enforce
access
control
policies
throughout
the
enterprise.
TheDepartmentwillcontinuetoimprovetheseservices,provideadditionalcloudservices,and
incorporatecloudservicesprovidedbyindividualDoDcomponentsastheyemerge.
LeverageExternallyProvidedCloudServices
TheDepartmentsEnterpriseCloudEnvironmentwillprovide
Departmentwideservicesattheenterpriselevelthatenable
improvedinteroperability,access,dataintegrity,andsecurity. In
addition
to
Enterprise
Services
provided
Department
wide,
Components
will
be
encouraged
to
useorprovidecloudservicesofferedbyotherComponents,otherentitiesintheFederal
Government,missionpartnersandcommercialvendorsthatmeettheirspecificmission
requirementswhilecomplyingwithDepartmentIA,cybersecurity,continuity,andother
policies.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
32/44
24
WiththeemergenceofFedRAMPandtheincreasingmaturityofcommercialcloudservices,
thereisincreasingpotentialtoleveragecommerciallyprovidedservicestosupportthe
DepartmentsITrequirements.However,theincreasingvolumeandsophisticationofcyber
intrusionsontheInternetbringsignificantriskstotheDepartmentsmission.MovingDoD
information
into
commercially
provided
clouds
that
operate
outside
of
DoD
security
protections
andoperationalcontrolcanincreasetheserisks.
IAPolicies,Standards,andProcesses
TheDepartmentrecognizesthesignificantimprovementsincybersecurityachievedby
commercialindustryascloudcomputingcontinuestomature. However,seriousthreatsremain
toDoDinformationandinformationsystemsthatcanhaveadverseimpactsonthe
Departmentsmission,individuals,otherorganizations,andtheNation.Cyberintrusionson
DoDinformationsystemstodayareoftenaggressive,disciplined,wellorganized,wellfunded
and
very
sophisticated.
TheDepartmentiscurrentlyrevisingtheDoD8500series(SeeAppendixB,(ReferenceO))and
adoptingNISTSP80053securitycontrolsandNISTSP80053aassessmentprocedures(See
AppendixB,(ReferenceP))whilecoordinatingwithindustryandacademiatoenhancethe
reliabilityandsecuritypostureofDoDcloudservices.ThestandardizationofIAcontrolsand
sharingofsecurityassessmentdatathroughtheFedRAMPprogramwillfacilitatetheadoption
ofcommerciallyprovidedcloudservicesbasedonriskmanagementthatalignsDoDIA
processeswiththoseusedelsewherewithintheFederalGovernment.
Theseenhancements
to
the
Departments
IA
policies
and
processes
are
designed
to
ensure
that
protectionmeasuresareappliedcommensuratewiththesystemscriticalityandsensitivity.
Emergingprocesseswillenablegreaterflexibilityindeterminingappropriateprioritiesfor
agencyinformationsystemsandsubsequentlyapplyingthepropermeasurestoadequately
protectthosesystems.ThiswillallowtheDepartmenttobalancetheimportanceofinformation
resourcesagainstcybersecuritysolutionsandoperationsavailablewithintheDepartmentor
fromcommercialcloudproviders.Wherecommercialservicesofferthelevelofprotection
necessaryforaparticularDoDmissionandinformationset,theDoDwillbeabletoleverage
thosecommerciallyofferedservicesandfocusitsowncybersecurityresourcesonmorecritical
challenges.
Anessentialcomponentoftheongoing,dependableuseofexternallyprovidedcloudservicesis
theintegrationofacloudproviderscontinuousmonitoringandresponsecapabilitieswith
USCYBERCOMssystemsforprotectingDoDinformationandensuringDoDmissionassurance
withtheFederalInformationSecurityManagementAct(FISMA)complianceandtheCommittee
onNationalSecuritySystemsInstruction(CNSSI)1253(SeeAppendixB,(ReferenceQ)). This
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
33/44
25
integrationisneededtosynchronizecyberintrusiondetection,diagnosis,mitigation,and
responseactivities,andmaintainongoingassuranceofDoDinformationandmission.
LowRisk
DoDwill
begin
using
commercial
cloud
providers
to
initially
support
low
risk
information
and
missionfunctions. Datawithconfidentiality,integrity,andavailabilityratingsthatareFISMA
lowdonotpresentsignificantimpactsonmissioneffectivenessoroperationalreadiness.This
levelconsistsofsystemshandlingnonsensitiveinformationnecessaryfortheconductofday
todaybusiness,butitdoesnotmateriallyaffectsupporttodeployedorcontingencyforcesin
theshortterm.ThisapproachwillenabletheDepartmenttorapidlymatureitsprocessesfor
usingcommercialcloudserviceswhileminimizingthepotentialimpacttoDoDoperationsand
assetsifconfidentiality,integrity,oravailabilityislost. BecausesuccessfulintrusionsonDoD
informationsystemscanresultinseriousdamagetotheinterestsoftheUnitedStates,the
Department
will
take
a
cautious
approach
to
using
commercial
cloud
services.
For
instance,
the
samevisibilityintotherealtimeuse,traffic,andconsumptionofdataorinformationwithin
DoDenvironmentsisrequiredfromcommerciallyprovidedcloudservicesprovidingcomparable
services.
ModerateRisk
Inadditiontousingcommercialcloudproviderstosupportlowriskinformationandmission
functions,commercialcloudservicesthatmeetFedRAMPmoderatecontrollevelswillbe
candidatesforinclusionintheDepartmentsmultiprovidercloudenvironment. Thislevelof
riskrequires
additional
IA
safeguards
to
mitigate
possible
loss
of
integrity,
delay
or
degradation
inprovidingimportantsupportservicesorcommoditiesthatcouldseriouslyimpactmission
effectivenessoroperationalreadiness.
TheDepartmentwillstandardizeandstreamlinetheprocessestosupportthemigrationof
moderateriskdataandinformation(e.g.,CUI,PII,PHI,ITAR,andExportAdministration
Regulations(EAR))tocommercialcloudservices. TheEnterpriseCloudServiceBrokerwill
enableDoDComponentstousecommercialcloudservicesthatmeetFedRAMPlowand
moderatecontrollevels,andmakethemavailabletootherDoDComponentsthrough
standardizedcontractsandleveragedauthorizationpackages. TheEnterpriseCloudService
BrokerwillensurecompliancewithDepartmentIAandcybersecuritypoliciestoincludethe
ongoingsecureconfiguration,continuity,resiliency,andoperationsoftheseexternally
providedservices,andhelpintegratecommercialcomputernetworkdefenseoperationswith
USCYBERCOMdefenseoperations.Inaddition,theDepartmentwillbeabletoeffectively
executeitsserviceconsumerIAresponsibilities.
HighRisk
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
34/44
26
ToensureDoDmissionsuccessinthefaceofcyberdegradation,loss,orintrusion,the
Departmentwillnotusecommercialcloudserviceswhenthelossofinformation
confidentiality,integrityoravailabilitycouldbeexpectedtohaveasevereorcatastrophically
adverseeffectonorganizationaloperations,organizationalassetsorindividuals.Protecting
mission
critical
information
and
systems
requires
the
most
stringent
protection
measures
includinghighlyclassifiedtools,sophisticatedcyberanalytics,andhighlyadaptivecapabilities
thatmustremainwithinthephysicalandoperationalcontroloftheDepartment. The
Departmentwillnotusecommercialcloudservicesthataregenerallyavailabletothepublic
andremainoutsideofDoDoperationalcontroltosupporthighriskinformationandmissions.
NextStepsTheDoDEnterpriseCloudEnvironmentisakeycomponenttoenabletheDepartmentto
achieveJIEsuccess. Detailedcloudcomputingimplementationplanninghasbeenongoingand
informsJIEprojectedplanofactionsandmilestonesinCapabilitiesEngineering,Operationand
Governanceefforts.
TheDoDCIOwillestablishajointenterprisecloudcomputinggovernancestructuretodrivethe
policyandprocesschangesnecessarytotransitiontotheDoDEnterpriseCloudEnvironment
andoverseetheimplementationoftheDoDenterprisecloudstrategy. ThisSeniorIT
GovernancewillprovidetheleadershiptoenabletheDoDCIOs10PointPlanforIT
ModernizationandJIEeffortsby:
Ensuring
the
Enterprise
Cloud
Environment
is
a
fundamental
aspect
of
IT
strategic
planning,capitalinvestmentplanning,cybersecurity,investmentmanagement,and
systemsacquisition,developmentandintegration
DefiningtheITgovernanceframework/organizationalconstruct(workinggroups,etc),toreviewandmonitorpertinentreferencearchitecturesandimplementationplanning
toensurecoordinatedandoptimizedconsolidationeffortsandtherequiredcloud
capabilitytransitions/acquisitions,includingtestlabsandpilotinitiatives
PublishingaDoDPolicytoaddressthechallengesassociatedwithcommerciallyprovidedcloudservicesandanEnterpriseCloudSecurityFrameworkthatincludes
expanded
risk
assessment/risk
management
methodologies
EstablishinganEnterpriseCloudServiceBrokertoprovidetheadditionalintegration,protectionsandongoingmonitoringneededtomitigaterisksandachieveDoD
requirementsforcloudservices
EngagingwithkeyDepartmentprocessownerstoestablishagileacquisitionandfundingmechanismsthatprovideincentivesforentrepreneurialinnovation
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
35/44
27
Establishingstandardized,baselineDoDcloudcomputingSLAsandcontractrequirementstoaccommodateamultiprovidercloudserviceenvironment
Identifyingandreportingperformancemeasures/metrics Establishingcommunicationsandtrainingtocontinuallydrivecloudcomputing,and
socialize
new
and
updated
business
requirements,
cloud
computing
successes,
and
lessonslearned.
ConclusionThisstrategyisintendedtodrivetheDepartmenttowardchangesrequiredtodramatically
improvethedeliveryandoperationofIT,viaanenterprisecloudenvironment,thatprovides
tangiblebenefitstotheDoDcommunity. TheDepartmentsinitiativestoachieveJIEgoalsand
ITefficienciesinthiscurrentfiscalenvironment,andFederalmandates,acceleratethischange.
Therewill
be
many
benefits
to
moving
applications
and
data
to
the
cloud,
but
there
are
substantialrisks. TheDepartmenthasspecificcloudcomputingchallengesthatrequirecareful
adoptionconsiderations,especiallyinareasofIAandcybersecurity,continuityofoperations,
andresilience. Serviceacquisitionandfundingsustainment,datamigrationandmanagement,
andovercomingnetworkdependenceatthetacticaledgearealsochallengesthatneedtobe
addressedtoensureobjectivescanbemet.
TheDepartmentsapproachtodeliveranenterprisecloudcomputingstrategywillrequire
stronggovernanceauthorityandcontinuedcommitmenttogreatertransparencythrough
regular
and
open
reporting.
Optimizing
data
center
consolidation
efforts
with
core
cloud
infrastructuremustbecarefullyexecuted. Toachievethecloudcomputinggoal,allbarriersto
consolidationandtransitionmustbeaddressedwithoutmajordelay. Governancemustensure
mechanismsareinplacetocoordinateenterpriseactivitiesacrosstheDepartment.Working
withotherkeyDepartmentleaders,theDoDCIOwillhelpestablishfundingmodelstosustain
thedevelopmentofCoreshareddatacenterinfrastructureandtheEnterprisecloud
environment. DoDCIOwillbethefinaldecisionauthorityandwillprovideoversightfor
Componentexecutionofdatacenterandserverconsolidation,exercisingappropriate
governancetoensureefficientorchestrationofchange.
TheDoD
CIO
will
continuously
seek
to
refine
and
mature
the
cloud
computing
approach
and
maintainopencommunicationswithalllevelsoftheDepartment,otherFederalAgenciesand
ourindustrypartners. ActiveparticipationandcommitmentofallDoDComponents,in
collaborationwiththeDoDCIO,iscriticaltoensureconsistency,optimizebenefits,andachieve
thegoalofthisstrategy.
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
36/44
A1
APPENDIXA
Acronym
List
AoA AnalysisofAlternatives
AT&L Acquisition,Technology,andLogistics
C&A CertificationandAccreditation
CFO ChiefFinancialOfficer
CIO ChiefInformationOfficer
CJCSI ChairmanoftheJointChiefsofStaffInstruction
CNSSI CommitteeonNationalSecuritySystemsInstruction
CONUS ContinentalUnitedStates
CRM CustomerRelationshipManagement
CUI ControlledUnclassifiedInformation
DaaS
Dataas
aService
DAS DefenseAcquisitionSystem
DCAPE DirectorCostAssessmentandProgramEvaluation
DCMO DeputyChiefManagementOfficer
DCO DefenseConnectOnline
DFARS DefenseFederalAcquisitionRegulationSupplement
DIL Disconnected,IntermittentandLowbandwidth
DISA DefenseInformationSystemsAgency
DNI DirectorofNationalIntelligence
EAR ExportAdministrationRegulations
EoIP
EverythingOver
Internet
Protocol
(IP)
FDCCI FederalDataCenterConsolidationInitiative
FedRAMP FederalRiskandAuthorizationManagementProgram
FISMA FederalInformationSecurityManagementAct
FOIA FreedomofInformationAct
GCDS GlobalContentDeliveryService
GIG GlobalInformationGrid
IA InformationAssurance
IaaS InfrastructureasaService
IdAM IdentityandAccessManagement
IM InstantMessaging
IP InternetProtocol
IT InformationTechnology
ITAR InternationalTrafficinArmsRegulations
ITESR ITEnterpriseStrategyandRoadmap
JCIDS JointCapabilitiesIntegrationandDevelopmentSystem
JCS JointChiefsofStaff
JIE JointInformationEnvironment
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
37/44
A2
JWICS JointWorldwideIntelligenceCommunicationsSystem
MEF MissionEssentialFunctions
MILDEP MilitaryDepartment
NDAA NationalDefenseAuthorizationAct
NEF NationalEmergencyFunctions
NIPRNet
Unclassifiedbut
Sensitive
Internet
Protocol
Router
Network
NIST NationalInstituteofStandardsandTechnology
NOC NetworkOperationCenters
NSA NationalSecurityAgency
NSS NationalSecuritySystems
O&M OperationsandMaintenance
OMB OfficeofManagementandBudget
OUSD OfficeoftheUnderSecretaryofDefense
PaaS PlatformasaService
PII PersonallyIdentifiableInformation
PKI PublicKeyInfrastructure
PMEF PrimaryMissionEssentialFunctions
POM ProgramObjectiveMemorandum
PPB&E Planning,Programming,BudgetingandExecution
RACE RapidAccessComputingEnvironment
SaaS SoftwareasaService
SIPRNet SecretInternetProtocolRouterNetwork
SLA ServiceLevelAgreement
SOC SystemOperationCenters
TSSCI TopSecretSensitiveCompartmentalizedInformation
UDCMO UnifiedCrossDomainManagementOffice
USD
UnderSecretary
of
Defense
VDI VirtualDesktopInfrastructure
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
38/44
B1
APPENDIXB
References
A. FederalCloudComputingStrategy,Feb2011http://www.cio.gov/documents/FederalCloudCOmputingStrategy.pdf
B. 2012NationalDefenseAuthorizationAct(NDAA),PublicLaw11281http://armedservices.house.gov/index.cfm/ndaahome?p=ndaa
C. SecretaryofDefenseEfficienciesInitiative,Gates,RobertM.,(2010),StatementonDepartmentEfficienciesInitiative
http://www.defense.gov/Speeches/Speech.aspx?SpeechID=1496
D. OfficeofManagementandBudget(OMB)directedFederalDataCenterConsolidationInitiative(FDCCI)
http://www.cio.gov/pagesnonnews.cfm/page/TheFederal DatacenterConsolidation
Initiative
E. OMB,25PointImplementationPlantoReformFederalInformationTechnologyManagement,December9,2010
http://www.cio.gov/documents/25PointImplementationPlantoReform
Federal%20IT.pdf
F. FederalRiskandAuthorizationManagementProgram(FedRAMP)http://www.fedramp.gov
G. DepartmentofDefense(DoD)InformationTechnology(IT)EnterpriseStrategyandRoadmap,Version1.0,September6,2011
H. HOMELANDSECURITYPRESIDENTIALDIRECTIVE/HSPD20,Subject:NationalContinuityPolicy
I. CreatingEffectiveCloudComputingContractsfortheFederalGovernment,February24,2012http://www.cio.gov/cloudbestpractices.pdf
J. OMBCircularA11,Preparation,Submission,andExecutionoftheBudgetofAugust2011
http://www.whitehouse.gov/sites/default/files/omb/assets/a11_current_year/a_11_20
11.pdf
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
39/44
B2
K. ChairmanoftheJointChiefsofStaffInstruction3170.01G,JointCapabilitiesIntegrationandDevelopmentSystem(JCIDS),March1,2009
(http://www.dtic.mil/cjcs_directives/cdata/unlimit/3170_01.pdf
L. DoDDirective4630.5InteroperabilityofITandNSS,May 5, 2004, certifiedcCurrentasof
April
23,
2007
http://www.dtic.mil/whs/directives/corres/pdf/463005p.pdf
M.DoDDirective5000.01,TheDefenseAcquisitionSystem,May12,2003http://www.dtic.mil/whs/directives/corres/pdf/500001p.pdf
N. DoDDirective7045.14,ThePlanning,Programming,andBudgetingSystem,May221984,CertifiedCurrentasofNovember21,2003
http://www.dtic.mil/whs/directives/corres/pdf/704514p.pdf
O. DoDDirective8500.01E,InformationAssurance(IA)(http://www.dtic.mil/whs/directives/corres/pdf/850001p.pdf)
P. NISTSpecialPublications [SP500292]NISTCloudComputingReferenceArchitecture,September8,2011 [SP500291]NISTSP500291,NISTCloudComputingStandardsRoadmap,
August10,2011
[SP500293]NISTSpecialPublication500293,U.S.GovernmentCloudComputingTechnologyRoadmap,(DRAFT)Release1.0
[SP800145]NISTDefinitionofCloudComputing,September2011 [SP80053]NISTGuideforAssessingtheSecurityControlsinFederalInformation
SystemsandOrganizations
[SP80053a]NISTGuideforAssessingtheSecurityControlsinFederalInformationSystems
NIST800SeriesSpecialPublicationsareavailableat:
http://csrc.nist.gov/publications/nistpubs/index.html
NISTFIPSPublicationsareavailableat:
http://csrc.nist.gov/publications/PubsFIPS.html
Q. NationalSecuritySystemsInstruction(CNSSI)1253,SecurityCategorizationandControlSelectionforNationalSecuritySystems,October2009,
http://www.cnss.gov/Assets/pdf/CNSSI1253.pdf
7/31/2019 U.S. Department of Defense Cloud Computing Strategy
40/44
B3